diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2020-03-18 23:21:19 -0400 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2020-07-08 22:51:31 -0400 |
commit | cb753ec5b51bda3f5630409e18205f874ecce7c7 (patch) | |
tree | e959902183887aa49a4ac53590ce93d3e9e5a337 /configure.ac | |
parent | 7de51cc77bc0d7ed7f93e65ee9cbd91c5f963c1b (diff) | |
download | lighttpd-git-cb753ec5b51bda3f5630409e18205f874ecce7c7.tar.gz |
[mod_mbedtls] mbedTLS option for TLS
(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 83d273b8..4b309e91 100644 --- a/configure.ac +++ b/configure.ac @@ -686,7 +686,7 @@ if test "$WITH_OPENSSL" != no; then [ -lcrypto "$DL_LIB" ] ) - AC_DEFINE([HAVE_LIBSSL], [], [Have libssl]) + AC_DEFINE([HAVE_LIBSSL], [1], [Have libssl]) AC_SUBST([SSL_LIB]) AC_SUBST([CRYPTO_LIB]) fi @@ -737,6 +737,46 @@ if test "$WITH_OPENSSL" != no && test "$WITH_WOLFSSL" != no; then AC_MSG_ERROR([lighttpd should not be built with both --with-openssl and --with-wolfssl]) fi +dnl Check for mbedTLS +AC_MSG_NOTICE([----------------------------------------]) +AC_MSG_CHECKING([for mbedTLS]) +AC_ARG_WITH([mbedtls], + AC_HELP_STRING([--with-mbedtls@<:@=DIR@:>@],[Include mbedTLS support. DIR points to the installation root. (default no)]), + [WITH_MBEDTLS=$withval], + [WITH_MBEDTLS=no] +) + +if test "$WITH_MBEDTLS" != "no"; then + use_mbedtls=yes + if test "$WITH_MBEDTLS" != "yes"; then + CPPFLAGS="$CPPFLAGS -I$WITH_MBEDTLS/include" + LDFLAGS="$LDFLAGS -L$WITH_MBEDTLS/lib" + fi +else + use_mbedtls=no +fi +AC_MSG_RESULT([$use_mbedtls]) +AM_CONDITIONAL(BUILD_WITH_MBEDTLS, test ! $WITH_MBEDTLS = no) + +if test "x$use_mbedtls" = "xyes"; then + AC_CHECK_HEADERS([mbedtls/ssl.h]) + OLDLIBS="$LIBS" + AC_CHECK_LIB(mbedcrypto,mbedtls_base64_encode, + [AC_CHECK_LIB(mbedx509, mbedtls_x509_get_name, + [AC_CHECK_LIB(mbedtls, mbedtls_cipher_info_from_type, + [MTLS_LIB="-lmbedtls -lmbedx509 -lmbedcrypto" + CRYPTO_LIB="-lmbedcrypto" + AC_DEFINE(HAVE_LIBMBEDTLS, [1], [Have libmbedtls library]) + AC_DEFINE(HAVE_LIBMBEDX509, [1], [Have libmbedx509 library]) + AC_DEFINE(HAVE_LIBMBEDCRYPTO, [1], [Have libmbedcrypto library]) ], + [],[-lmbedcrypto "$DL_LIB"]) + ],[],[-lmbedcrypto "$DL_LIB"]) + ],[],[]) + LIBS="$OLDLIBS" + AC_SUBST(MTLS_LIB) + AC_SUBST(CRYPTO_LIB) +fi + dnl Check for Nettle (and overwrite CRYPTO_LIB if set by OpenSSL or wolfSSL) AC_MSG_NOTICE([----------------------------------------]) AC_MSG_CHECKING([for Nettle]) @@ -1560,6 +1600,9 @@ lighty_track_feature "pam" "mod_authn_pam" \ lighty_track_feature "network-openssl" "mod_openssl" \ 'test "$WITH_OPENSSL" != no || test "$WITH_WOLFSSL" != no' +lighty_track_feature "network-mbedtls" "mod_mbedtls" \ + 'test "$WITH_MBEDTLS" != no' + lighty_track_feature "auth-crypt" "" \ 'test "$found_crypt" != no' |