dnl
dnl OpenSSL/GNUTLS stuff for CUPS.
dnl
-dnl Copyright 2007-2010 by Apple Inc.
+dnl Copyright 2007-2012 by Apple Inc.
dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
dnl
dnl These coded instructions, statements, and computer programs are the
SSLFLAGS=""
SSLLIBS=""
have_ssl=0
+CUPS_SERVERCERT=""
+CUPS_SERVERKEY=""
if test x$enable_ssl != xno; then
dnl Look for CDSA...
- if test $have_ssl = 0 -a "x${enable_cdsassl}" != "xno"; then
+ if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
if test $uname = Darwin; then
AC_CHECK_HEADER(Security/SecureTransport.h, [
have_ssl=1
AC_DEFINE(HAVE_SSL)
AC_DEFINE(HAVE_CDSASSL)
+ CUPS_SERVERCERT="/Library/Keychains/System.keychain"
dnl Check for the various security headers...
+ AC_CHECK_HEADER(Security/SecureTransportPriv.h,
+ AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
AC_CHECK_HEADER(Security/SecCertificate.h,
AC_DEFINE(HAVE_SECCERTIFICATE_H))
+ AC_CHECK_HEADER(Security/SecItem.h,
+ AC_DEFINE(HAVE_SECITEM_H))
AC_CHECK_HEADER(Security/SecItemPriv.h,
- AC_DEFINE(HAVE_SECITEMPRIV_H))
+ AC_DEFINE(HAVE_SECITEMPRIV_H),,
+ [#include <Security/SecItem.h>])
AC_CHECK_HEADER(Security/SecPolicy.h,
AC_DEFINE(HAVE_SECPOLICY_H))
AC_CHECK_HEADER(Security/SecPolicyPriv.h,
AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
- dnl Check for SecIdentitySearchCreateWithPolicy...
- AC_MSG_CHECKING(for SecIdentitySearchCreateWithPolicy)
- if test $uversion -ge 80; then
- AC_DEFINE(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY)
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
- fi
-
- dnl Check for SecPolicyCreateSSL...
- AC_MSG_CHECKING(for SecPolicyCreateSSL)
- if test $uversion -ge 110; then
- AC_DEFINE(HAVE_SECPOLICYCREATESSL)
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
- fi])
-
- AC_DEFINE(HAVE_CSSMERRORSTRING)
+ AC_DEFINE(HAVE_CSSMERRORSTRING)])
fi
fi
dnl Then look for GNU TLS...
- if test $have_ssl = 0 -a "x${enable_gnutls}" != "xno" -a "x$PKGCONFIG" != x; then
+ if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
if $PKGCONFIG --exists gnutls; then
- if test "x$have_pthread" = xyes; then
- AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
- else
- have_ssl=1
- SSLLIBS=`$PKGCONFIG --libs gnutls`
- SSLFLAGS=`$PKGCONFIG --cflags gnutls`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
- fi
+ have_ssl=1
+ SSLLIBS=`$PKGCONFIG --libs gnutls`
+ SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
elif test "x$LIBGNUTLSCONFIG" != x; then
- if test "x$have_pthread" = xyes; then
- AC_MSG_WARN([The current version of GNU TLS cannot be made thread-safe.])
- else
- have_ssl=1
- SSLLIBS=`$LIBGNUTLSCONFIG --libs`
- SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)
- fi
+ have_ssl=1
+ SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+ SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
fi
if test $have_ssl = 1; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
+
if $PKGCONFIG --exists gcrypt; then
SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
fi
dnl Check for the OpenSSL library last...
- if test $have_ssl = 0 -a "x${enable_openssl}" != "xno"; then
- AC_CHECK_HEADER(openssl/ssl.h,
+ if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
+ AC_CHECK_HEADER(openssl/ssl.h,[
dnl Save the current libraries so the crypto stuff isn't always
dnl included...
SAVELIBS="$LIBS"
dnl case the RSAREF libraries are needed.
for libcrypto in \
- "-lcrypto" \
- "-lcrypto -lrsaref" \
- "-lcrypto -lRSAglue -lrsaref"
+ "-lcrypto" \
+ "-lcrypto -lrsaref" \
+ "-lcrypto -lRSAglue -lrsaref"
do
AC_CHECK_LIB(ssl,SSL_new,
[have_ssl=1
fi
done
- LIBS="$SAVELIBS")
+ if test "x${SSLLIBS}" != "x"; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
+
+ LIBS="$SAVELIBS $SSLLIBS"
+ AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
+ fi
+
+ LIBS="$SAVELIBS"])
fi
fi
+IPPALIASES="http"
if test $have_ssl = 1; then
AC_MSG_RESULT([ Using SSLLIBS="$SSLLIBS"])
AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
+ IPPALIASES="http https ipps"
+elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
+ AC_MSG_ERROR([Unable to enable SSL support.])
fi
+AC_SUBST(CUPS_SERVERCERT)
+AC_SUBST(CUPS_SERVERKEY)
+AC_SUBST(IPPALIASES)
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)
EXPORT_SSLLIBS="$SSLLIBS"
AC_SUBST(EXPORT_SSLLIBS)
-
dnl
dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".
dnl