diff options
author | Kaspar Brand <kbrand@apache.org> | 2011-08-07 10:29:09 +0000 |
---|---|---|
committer | Kaspar Brand <kbrand@apache.org> | 2011-08-07 10:29:09 +0000 |
commit | 1eb818742fa1fb6d107f14cf7ef8e69e60772df0 (patch) | |
tree | a62b0aca97f3fc09ef57089538f9af16ce646923 /acinclude.m4 | |
parent | f19d2caa4d2e5317797c7f7437ff1ee1858a5190 (diff) | |
download | httpd-1eb818742fa1fb6d107f14cf7ef8e69e60772df0.tar.gz |
Drop support for the RSA BSAFE SSL-C toolkit from configure,
and remove #ifdef'ed code from mod_ssl and ab where applicable.
Consensus for dropping support for SSL/TLS toolkits other
than OpenSSL was reached on dev@httpd in June 2010 (message
with ID <20100602162310.GA11156@redhat.com> and follow-ups).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1154683 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'acinclude.m4')
-rw-r--r-- | acinclude.m4 | 175 |
1 files changed, 60 insertions, 115 deletions
diff --git a/acinclude.m4 b/acinclude.m4 index 214763964f..b12fa502f5 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -437,41 +437,32 @@ AC_DEFUN(APACHE_REQUIRE_CXX,[ ]) dnl -dnl APACHE_CHECK_SSL_TOOLKIT +dnl APACHE_CHECK_OPENSSL dnl -dnl Configure for the detected openssl/ssl-c toolkit installation, giving -dnl preference to "--with-ssl=<path>" if it was specified. +dnl Configure for OpenSSL, giving preference to +dnl "--with-ssl=<path>" if it was specified. dnl -AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[ - AC_CACHE_CHECK([for SSL/TLS toolkit], [ac_cv_ssltk], [ +AC_DEFUN(APACHE_CHECK_OPENSSL,[ + AC_CACHE_CHECK([for OpenSSL], [ac_cv_openssl], [ dnl initialise the variables we use - ac_cv_ssltk=yes - ap_ssltk_found="" - ap_ssltk_base="" - ap_ssltk_libs="" - ap_ssltk_type="" - - dnl Determine the SSL/TLS toolkit's base directory, if any - AC_MSG_CHECKING([for user-provided SSL/TLS toolkit base]) - AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS toolkit), [ - dnl If --with-sslc specifies a directory, we use that directory or fail + ac_cv_openssl=yes + ap_openssl_found="" + ap_openssl_base="" + ap_openssl_libs="" + + dnl Determine the OpenSSL base directory, if any + AC_MSG_CHECKING([for user-provided OpenSSL base directory]) + AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL base directory), [ + dnl If --with-ssl specifies a directory, we use that directory if test "x$withval" != "xyes" -a "x$withval" != "x"; then dnl This ensures $withval is actually a directory and that it is absolute - ap_ssltk_base="`cd $withval ; pwd`" + ap_openssl_base="`cd $withval ; pwd`" fi - ap_ssltk_type="sslc" ]) - AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL SSL/TLS toolkit), [ - dnl If --with-ssl specifies a directory, we use that directory or fail - if test "x$withval" != "xyes" -a "x$withval" != "x"; then - dnl This ensures $withval is actually a directory and that it is absolute - ap_ssltk_base="`cd $withval ; pwd`" - fi - ]) - if test "x$ap_ssltk_base" = "x"; then + if test "x$ap_openssl_base" = "x"; then AC_MSG_RESULT(none) else - AC_MSG_RESULT($ap_ssltk_base) + AC_MSG_RESULT($ap_openssl_base) fi dnl Run header and version checks @@ -480,19 +471,19 @@ AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[ saved_LDFLAGS="$LDFLAGS" SSL_LIBS="" - dnl Before doing anything else, load in pkg-config variables (if not sslc). - if test "x$ap_ssltk_type" = "x" -a -n "$PKGCONFIG"; then + dnl Before doing anything else, load in pkg-config variables + if test -n "$PKGCONFIG"; then saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH" - if test "x$ap_ssltk_base" != "x" -a \ - -f "${ap_ssltk_base}/lib/pkgconfig/openssl.pc"; then + if test "x$ap_openssl_base" != "x" -a \ + -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then dnl Ensure that the given path is used by pkg-config too, otherwise dnl the system openssl.pc might be picked up instead. - PKG_CONFIG_PATH="${ap_ssltk_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" + PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi - ap_ssltk_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`" + ap_openssl_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`" if test $? -eq 0; then - ap_ssltk_found="yes" + ap_openssl_found="yes" pkglookup="`$PKGCONFIG --cflags-only-I openssl`" APR_ADDTO(CPPFLAGS, [$pkglookup]) APR_ADDTO(INCLUDES, [$pkglookup]) @@ -502,105 +493,59 @@ AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[ fi PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH" fi - if test "x$ap_ssltk_base" != "x" -a "x$ap_ssltk_found" = "x"; then - APR_ADDTO(CPPFLAGS, [-I$ap_ssltk_base/include]) - APR_ADDTO(INCLUDES, [-I$ap_ssltk_base/include]) - APR_ADDTO(LDFLAGS, [-L$ap_ssltk_base/lib]) - APR_ADDTO(SSL_LIBS, [-L$ap_ssltk_base/lib]) + + dnl fall back to the user-supplied directory if not found via pkg-config + if test "x$ap_openssl_base" != "x" -a "x$ap_openssl_found" = "x"; then + APR_ADDTO(CPPFLAGS, [-I$ap_openssl_base/include]) + APR_ADDTO(INCLUDES, [-I$ap_openssl_base/include]) + APR_ADDTO(LDFLAGS, [-L$ap_openssl_base/lib]) + APR_ADDTO(SSL_LIBS, [-L$ap_openssl_base/lib]) if test "x$ap_platform_runtime_link_flag" != "x"; then - APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_ssltk_base/lib]) - APR_ADDTO(SSL_LIBS, [$ap_platform_runtime_link_flag$ap_ssltk_base/lib]) + APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_openssl_base/lib]) + APR_ADDTO(SSL_LIBS, [$ap_platform_runtime_link_flag$ap_openssl_base/lib]) fi fi - if test "x$ap_ssltk_type" = "x"; then - dnl First check for manditory headers - AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], []) - if test "$ap_ssltk_type" = "openssl"; then - dnl so it's OpenSSL - test for a good version - AC_MSG_CHECKING([for OpenSSL version]) - AC_TRY_COMPILE([#include <openssl/opensslv.h>],[ + + AC_MSG_CHECKING([for OpenSSL version]) + AC_TRY_COMPILE([#include <openssl/opensslv.h>],[ #if !defined(OPENSSL_VERSION_NUMBER) -#error "Missing openssl version" +#error "Missing OpenSSL version" #endif #if (OPENSSL_VERSION_NUMBER < 0x009060af) \ || ((OPENSSL_VERSION_NUMBER > 0x00907000) && (OPENSSL_VERSION_NUMBER < 0x0090702f)) #error "Insecure openssl version " OPENSSL_VERSION_TEXT #endif], - [AC_MSG_RESULT(OK)], - [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h? - AC_MSG_RESULT([not encouraging]) - AC_MSG_WARN([OpenSSL version may contain security vulnerabilities!] - [ Ensure the latest security patches have been applied!]) - ]) - else - AC_MSG_RESULT([no OpenSSL headers found]) - fi - fi - if test "$ap_ssltk_type" != "openssl"; then - dnl Might be SSL-C - report, then test anything relevant - AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [ap_ssltk_type=""]) - if test "$ap_ssltk_type" = "sslc"; then - ap_ssltk_libs="-lsslc" - AC_MSG_CHECKING([for SSL-C version]) - AC_TRY_COMPILE([#include <sslc.h>],[ -#if !defined(SSLC_VERSION_NUMBER) -#error "Missing SSL-C version" -#endif -#if SSLC_VERSION_NUMBER < 0x2310 -#define stringize_ver(x) #x -#error "Insecure SSL-C version " stringize_ver(SSLC_VERSION_NUMBER) -#endif], - [AC_MSG_RESULT(OK)], - [dnl Replace this with SSLC_VERSION_NUMBER? - AC_MSG_RESULT([not encouraging]) - echo "WARNING: SSL-C version may contain security vulnerabilities!" - echo " Ensure the latest security patches have been applied!" - ]) - else - AC_MSG_RESULT([no SSL-C headers found]) - fi - fi - if test "x$ap_ssltk_type" = "x"; then - ac_cv_ssltk="no" - AC_MSG_WARN([...No recognized SSL/TLS toolkit detected]) - else - if test "$ap_ssltk_type" = "openssl" -a "x$ap_ssltk_found" = "x"; then - ap_ssltk_found="yes" - ap_ssltk_libs="-lssl -lcrypto `$apr_config --libs`" - fi - APR_ADDTO(SSL_LIBS, [$ap_ssltk_libs]) - APR_ADDTO(LIBS, [$ap_ssltk_libs]) + [AC_MSG_RESULT(OK)], + [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h? + AC_MSG_RESULT([not encouraging]) + AC_MSG_WARN([OpenSSL version may contain security vulnerabilities!] + [ Ensure the latest security patches have been applied!]) + ]) + + if test "x$ac_cv_openssl" = "xyes"; then + ap_openssl_libs="-lssl -lcrypto `$apr_config --libs`" + APR_ADDTO(SSL_LIBS, [$ap_openssl_libs]) + APR_ADDTO(LIBS, [$ap_openssl_libs]) APACHE_SUBST(SSL_LIBS) dnl Run library and function checks liberrors="" - if test "$ap_ssltk_type" = "openssl"; then - AC_CHECK_HEADERS([openssl/engine.h]) - AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) - else - AC_CHECK_FUNCS([SSLC_library_version SSL_CTX_new], [], [liberrors="yes"]) - AC_CHECK_FUNCS(SSL_set_state) - fi - dnl restore - CPPFLAGS="$saved_CPPFLAGS" - LIBS="$saved_LIBS" - LDFLAGS="$saved_LDFLAGS" + AC_CHECK_HEADERS([openssl/engine.h]) + AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors="yes"]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) if test "x$liberrors" != "x"; then - ac_cv_ssltk=no - AC_MSG_WARN([... Error, SSL/TLS libraries were missing or unusable]) + ac_cv_openssl=no + AC_MSG_WARN([OpenSSL libraries are unusable]) fi fi - ]) - if test "x$ac_cv_ssltk" = "xyes" ; then - dnl Adjust apache's configuration based on what we found above. - dnl (a) define preprocessor symbols - if test "$ap_ssltk_type" = "openssl"; then - AC_DEFINE(HAVE_OPENSSL, 1, [Define if SSL is supported using OpenSSL]) - else - AC_DEFINE(HAVE_SSLC, 1, [Define if SSL is supported using SSL-C]) - fi + dnl restore + CPPFLAGS="$saved_CPPFLAGS" + LIBS="$saved_LIBS" + LDFLAGS="$saved_LDFLAGS" + ]) + if test "x$ac_cv_openssl" = "xyes"; then + AC_DEFINE(HAVE_OPENSSL, 1, [Define if OpenSSL is available]) fi ]) |