Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / e3db747a08fbfb5663952d77fd7410649fc8857a / . / ap / lib / libcurl / curl-7.86.0 / m4 / curl-openssl.m4
blob: bdcbfde17146447c7a54f6bce8b2d5292f87f76b [file] [log] [blame]
xf.li6c8fc1e2023-08-12 00:11:09 -0700[diff] [blame]1#***************************************************************************
2# _ _ ____ _
3# Project ___| | | | _ \| |
4# / __| | | | |_) | |
5# | (__| |_| | _ <| |___
6# \___|\___/|_| \_\_____|
7#
8# Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
9#
10# This software is licensed as described in the file COPYING, which
11# you should have received as part of this distribution. The terms
12# are also available at https://curl.se/docs/copyright.html.
13#
14# You may opt to use, copy, modify, merge, publish, distribute and/or sell
15# copies of the Software, and permit persons to whom the Software is
16# furnished to do so, under the terms of the COPYING file.
17#
18# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19# KIND, either express or implied.
20#
21# SPDX-License-Identifier: curl
22#
23#***************************************************************************
24
25# File version for 'aclocal' use. Keep it a single number.
26# serial 5
27
28dnl **********************************************************************
29dnl Check for OpenSSL libraries and headers
30dnl **********************************************************************
31
32AC_DEFUN([CURL_WITH_OPENSSL], [
33if test "x$OPT_OPENSSL" != xno; then
34 ssl_msg=
35
36 dnl backup the pre-ssl variables
37 CLEANLDFLAGS="$LDFLAGS"
38 CLEANCPPFLAGS="$CPPFLAGS"
39 CLEANLIBS="$LIBS"
40
41 dnl This is for Msys/Mingw
42 case $host in
43 *-*-msys* | *-*-mingw*)
44 AC_MSG_CHECKING([for gdi32])
45 my_ac_save_LIBS=$LIBS
46 LIBS="-lgdi32 $LIBS"
47 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
48 #include <windef.h>
49 #include <wingdi.h>
50 ]],
51 [[
52 GdiFlush();
53 ]])],
54 [ dnl worked!
55 AC_MSG_RESULT([yes])],
56 [ dnl failed, restore LIBS
57 LIBS=$my_ac_save_LIBS
58 AC_MSG_RESULT(no)]
59 )
60 ;;
61 esac
62
63 case "$OPT_OPENSSL" in
64 yes)
65 dnl --with-openssl (without path) used
66 PKGTEST="yes"
67 PREFIX_OPENSSL=
68 ;;
69 *)
70 dnl check the given --with-openssl spot
71 PKGTEST="no"
72 PREFIX_OPENSSL=$OPT_OPENSSL
73
74 dnl Try pkg-config even when cross-compiling. Since we
75 dnl specify PKG_CONFIG_LIBDIR we're only looking where
76 dnl the user told us to look
77 OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
78 if test -f "$OPENSSL_PCDIR/openssl.pc"; then
79 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
80 PKGTEST="yes"
81 fi
82
83 if test "$PKGTEST" != "yes"; then
84 # try lib64 instead
85 OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig"
86 if test -f "$OPENSSL_PCDIR/openssl.pc"; then
87 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
88 PKGTEST="yes"
89 fi
90 fi
91
92 if test "$PKGTEST" != "yes"; then
93 if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then
94 AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!])
95 fi
96 fi
97
98 dnl in case pkg-config comes up empty, use what we got
99 dnl via --with-openssl
100 LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff"
101 if test "$PREFIX_OPENSSL" != "/usr" ; then
102 SSL_LDFLAGS="-L$LIB_OPENSSL"
103 SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include"
104 fi
105 SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl"
106 ;;
107 esac
108
109 if test "$PKGTEST" = "yes"; then
110
111 CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR])
112
113 if test "$PKGCONFIG" != "no" ; then
114 SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
115 $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null`
116
117 SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
118 $PKGCONFIG --libs-only-L openssl 2>/dev/null`
119
120 SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl
121 $PKGCONFIG --cflags-only-I openssl 2>/dev/null`
122
123 AC_SUBST(SSL_LIBS)
124 AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"])
125 AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"])
126 AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"])
127
128 LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'`
129
130 dnl use the values pkg-config reported. This is here
131 dnl instead of below with CPPFLAGS and LDFLAGS because we only
132 dnl learn about this via pkg-config. If we only have
133 dnl the argument to --with-openssl we don't know what
134 dnl additional libs may be necessary. Hope that we
135 dnl don't need any.
136 LIBS="$SSL_LIBS $LIBS"
137 fi
138 fi
139
140 dnl finally, set flags to use SSL
141 CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
142 LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
143
144 AC_CHECK_LIB(crypto, HMAC_Update,[
145 HAVECRYPTO="yes"
146 LIBS="-lcrypto $LIBS"
147 ],[
148 if test -n "$LIB_OPENSSL" ; then
149 LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL"
150 fi
151 if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then
152 # only set this if pkg-config wasn't used
153 CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include"
154 fi
155 # Linking previously failed, try extra paths from --with-openssl or
156 # pkg-config. Use a different function name to avoid reusing the earlier
157 # cached result.
158 AC_CHECK_LIB(crypto, HMAC_Init_ex,[
159 HAVECRYPTO="yes"
160 LIBS="-lcrypto $LIBS"], [
161
162 dnl still no, but what about with -ldl?
163 AC_MSG_CHECKING([OpenSSL linking with -ldl])
164 LIBS="-lcrypto $CLEANLIBS -ldl"
165 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[
166 #include <openssl/err.h>
167 ]], [[
168 ERR_clear_error();
169 ]]) ],
170 [
171 AC_MSG_RESULT(yes)
172 HAVECRYPTO="yes"
173 ],
174 [
175 AC_MSG_RESULT(no)
176 dnl ok, so what about both -ldl and -lpthread?
177 dnl This may be necessary for static libraries.
178
179 AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
180 LIBS="-lcrypto $CLEANLIBS -ldl -lpthread"
181 AC_LINK_IFELSE([
182 AC_LANG_PROGRAM([[
183 #include <openssl/err.h>
184 ]], [[
185 ERR_clear_error();
186 ]])],
187 [
188 AC_MSG_RESULT(yes)
189 HAVECRYPTO="yes"
190 ],
191 [
192 AC_MSG_RESULT(no)
193 LDFLAGS="$CLEANLDFLAGS"
194 CPPFLAGS="$CLEANCPPFLAGS"
195 LIBS="$CLEANLIBS"
196
197 ])
198
199 ])
200
201 ])
202 ])
203
204 if test X"$HAVECRYPTO" = X"yes"; then
205 dnl This is only reasonable to do if crypto actually is there: check for
206 dnl SSL libs NOTE: it is important to do this AFTER the crypto lib
207
208 AC_CHECK_LIB(ssl, SSL_connect)
209
210 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
211 dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff
212 AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use);
213 OLIBS=$LIBS
214 LIBS="-lRSAglue -lrsaref $LIBS"
215 AC_CHECK_LIB(ssl, SSL_connect)
216 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then
217 dnl still no SSL_connect
218 AC_MSG_RESULT(no)
219 LIBS=$OLIBS
220 else
221 AC_MSG_RESULT(yes)
222 fi
223
224 else
225
226 dnl Have the libraries--check for OpenSSL headers
227 AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
228 openssl/pem.h openssl/ssl.h openssl/err.h,
229 ssl_msg="OpenSSL"
230 test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
231 OPENSSL_ENABLED=1
232 AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]))
233
234 if test $ac_cv_header_openssl_x509_h = no; then
235 dnl we don't use the "action" part of the AC_CHECK_HEADERS macro
236 dnl since 'err.h' might in fact find a krb4 header with the same
237 dnl name
238 AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h)
239
240 if test $ac_cv_header_x509_h = yes &&
241 test $ac_cv_header_crypto_h = yes &&
242 test $ac_cv_header_ssl_h = yes; then
243 dnl three matches
244 ssl_msg="OpenSSL"
245 OPENSSL_ENABLED=1
246 fi
247 fi
248 fi
249
250 if test X"$OPENSSL_ENABLED" != X"1"; then
251 LIBS="$CLEANLIBS"
252 fi
253
254 if test X"$OPT_OPENSSL" != Xoff &&
255 test "$OPENSSL_ENABLED" != "1"; then
256 AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
257 fi
258 fi
259
260 if test X"$OPENSSL_ENABLED" = X"1"; then
261 dnl These can only exist if OpenSSL exists
262
263 AC_CHECK_FUNCS( RAND_egd )
264
265 AC_MSG_CHECKING([for BoringSSL])
266 AC_COMPILE_IFELSE([
267 AC_LANG_PROGRAM([[
268 #include <openssl/base.h>
269 ]],[[
270 #ifndef OPENSSL_IS_BORINGSSL
271 #error not boringssl
272 #endif
273 ]])
274 ],[
275 AC_MSG_RESULT([yes])
276 AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1,
277 [Define to 1 if using BoringSSL.])
278 ssl_msg="BoringSSL"
279 ],[
280 AC_MSG_RESULT([no])
281 ])
282
283 AC_MSG_CHECKING([for libressl])
284 AC_COMPILE_IFELSE([
285 AC_LANG_PROGRAM([[
286#include <openssl/opensslv.h>
287 ]],[[
288 int dummy = LIBRESSL_VERSION_NUMBER;
289 ]])
290 ],[
291 AC_MSG_RESULT([yes])
292 AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1,
293 [Define to 1 if using libressl.])
294 ssl_msg="libressl"
295 ],[
296 AC_MSG_RESULT([no])
297 ])
298
299 AC_MSG_CHECKING([for OpenSSL >= v3])
300 AC_COMPILE_IFELSE([
301 AC_LANG_PROGRAM([[
302#include <openssl/opensslv.h>
303 ]],[[
304 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
305 return 0;
306 #else
307 #error older than 3
308 #endif
309 ]])
310 ],[
311 AC_MSG_RESULT([yes])
312 AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1,
313 [Define to 1 if using OpenSSL 3 or later.])
314 dnl OpenSSLv3 marks the DES functions deprecated but we have no
315 dnl replacements (yet) so tell the compiler to not warn for them
316 dnl
317 dnl Ask OpenSSL to suppress the warnings.
318 CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED"
319 ssl_msg="OpenSSL v3+"
320 ],[
321 AC_MSG_RESULT([no])
322 ])
323 fi
324
325 if test "$OPENSSL_ENABLED" = "1"; then
326 if test -n "$LIB_OPENSSL"; then
327 dnl when the ssl shared libs were found in a path that the run-time
328 dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH
329 dnl to prevent further configure tests to fail due to this
330 if test "x$cross_compiling" != "xyes"; then
331 CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL"
332 export CURL_LIBRARY_PATH
333 AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH])
334 fi
335 fi
336 check_for_ca_bundle=1
337 fi
338
339 test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
340fi
341
342if test X"$OPT_OPENSSL" != Xno &&
343 test "$OPENSSL_ENABLED" != "1"; then
344 AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
345 AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
346 AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
347fi
348
349dnl **********************************************************************
350dnl Check for the random seed preferences
351dnl **********************************************************************
352
353if test X"$OPENSSL_ENABLED" = X"1"; then
354 AC_ARG_WITH(egd-socket,
355 AS_HELP_STRING([--with-egd-socket=FILE],
356 [Entropy Gathering Daemon socket pathname]),
357 [ EGD_SOCKET="$withval" ]
358 )
359 if test -n "$EGD_SOCKET" ; then
360 AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET",
361 [your Entropy Gathering Daemon socket pathname] )
362 fi
363
364 dnl Check for user-specified random device
365 AC_ARG_WITH(random,
366 AS_HELP_STRING([--with-random=FILE],
367 [read randomness from FILE (default=/dev/urandom)]),
368 [ RANDOM_FILE="$withval" ],
369 [
370 if test x$cross_compiling != xyes; then
371 dnl Check for random device
372 AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] )
373 else
374 AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling])
375 fi
376 ]
377 )
378 if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then
379 AC_SUBST(RANDOM_FILE)
380 AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE",
381 [a suitable file to read random data from])
382 fi
383fi
384
385dnl ---
386dnl We require OpenSSL with SRP support.
387dnl ---
388if test "$OPENSSL_ENABLED" = "1"; then
389 AC_MSG_CHECKING([for SRP support in OpenSSL])
390 AC_LINK_IFELSE([
391 AC_LANG_PROGRAM([[
392#include <openssl/ssl.h>
393 ]],[[
394 SSL_CTX_set_srp_username(NULL, "");
395 SSL_CTX_set_srp_password(NULL, "");
396 ]])
397 ],[
398 AC_MSG_RESULT([yes])
399 AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password])
400 AC_SUBST(HAVE_OPENSSL_SRP, [1])
401 ],[
402 AC_MSG_RESULT([no])
403 ])
404fi
405
406dnl ---
407dnl Whether the OpenSSL configuration will be loaded automatically
408dnl ---
409if test X"$OPENSSL_ENABLED" = X"1"; then
410AC_ARG_ENABLE(openssl-auto-load-config,
411AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration])
412AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]),
413[ if test X"$enableval" = X"no"; then
414 AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled])
415 AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically])
416 fi
417])
418fi
419
420])