dnl
-dnl "$Id: cups-ssl.m4 5264 2006-03-10 01:10:36Z mike $"
+dnl "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $"
dnl
-dnl OpenSSL/GNUTLS stuff for the Common UNIX Printing System (CUPS).
+dnl OpenSSL/GNUTLS stuff for CUPS.
dnl
-dnl Copyright 1997-2005 by Easy Software Products, all rights reserved.
+dnl Copyright 2007-2012 by Apple Inc.
+dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
dnl
dnl These coded instructions, statements, and computer programs are the
-dnl property of Easy Software Products and are protected by Federal
-dnl copyright law. Distribution and use rights are outlined in the file
-dnl "LICENSE.txt" which should have been included with this file. If this
-dnl file is missing or damaged please contact Easy Software Products
-dnl at:
-dnl
-dnl Attn: CUPS Licensing Information
-dnl Easy Software Products
-dnl 44141 Airport View Drive, Suite 204
-dnl Hollywood, Maryland 20636 USA
-dnl
-dnl Voice: (301) 373-9600
-dnl EMail: cups-info@cups.org
-dnl WWW: http://www.cups.org
+dnl property of Apple Inc. and are protected by Federal copyright
+dnl law. Distribution and use rights are outlined in the file "LICENSE.txt"
+dnl which should have been included with this file. If this file is
+dnl file is missing or damaged, see the license at "http://www.cups.org/".
dnl
-AC_ARG_ENABLE(ssl, [ --enable-ssl turn on SSL/TLS support, default=yes])
+AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TLS support])
AC_ARG_ENABLE(cdsassl, [ --enable-cdsassl use CDSA for SSL/TLS support, default=first])
AC_ARG_ENABLE(gnutls, [ --enable-gnutls use GNU TLS for SSL/TLS support, default=second])
AC_ARG_ENABLE(openssl, [ --enable-openssl use OpenSSL for SSL/TLS support, default=third])
DSOFLAGS="-L$withval $DSOFLAGS",)
AC_ARG_WITH(openssl-includes, [ --with-openssl-includes set directory for OpenSSL includes],
CFLAGS="-I$withval $CFLAGS"
- CXXFLAGS="-I$withval $CXXFLAGS"
CPPFLAGS="-I$withval $CPPFLAGS",)
SSLFLAGS=""
SSLLIBS=""
+have_ssl=0
+CUPS_SERVERCERT=""
+CUPS_SERVERKEY=""
if test x$enable_ssl != xno; then
dnl Look for CDSA...
- if test "x${SSLLIBS}" = "x" -a "x${enable_cdsassl}" != "xno"; then
+ if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
if test $uname = Darwin; then
- AC_CHECK_HEADER(Security/SecureTransport.h,
- [SSLLIBS="-framework CoreFoundation -framework Security"
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_CDSASSL)])
+ AC_CHECK_HEADER(Security/SecureTransport.h, [
+ have_ssl=1
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_CDSASSL)
+ CUPS_SERVERCERT="/Library/Keychains/System.keychain"
+
+ dnl Check for the various security headers...
+ AC_CHECK_HEADER(Security/SecureTransportPriv.h,
+ AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
+ AC_CHECK_HEADER(Security/SecCertificate.h,
+ AC_DEFINE(HAVE_SECCERTIFICATE_H))
+ AC_CHECK_HEADER(Security/SecItem.h,
+ AC_DEFINE(HAVE_SECITEM_H))
+ AC_CHECK_HEADER(Security/SecItemPriv.h,
+ AC_DEFINE(HAVE_SECITEMPRIV_H),,
+ [#include <Security/SecItem.h>])
+ AC_CHECK_HEADER(Security/SecPolicy.h,
+ AC_DEFINE(HAVE_SECPOLICY_H))
+ AC_CHECK_HEADER(Security/SecPolicyPriv.h,
+ AC_DEFINE(HAVE_SECPOLICYPRIV_H))
+ AC_CHECK_HEADER(Security/SecBasePriv.h,
+ AC_DEFINE(HAVE_SECBASEPRIV_H))
+ AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
+ AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
+
+ AC_DEFINE(HAVE_CSSMERRORSTRING)])
fi
fi
dnl Then look for GNU TLS...
- if test "x${SSLLIBS}" = "x" -a "x${enable_gnutls}" != "xno"; then
- AC_CHECK_HEADER(gnutls/gnutls.h,
- dnl Save the current libraries so the crypto stuff isn't always
- dnl included...
- SAVELIBS="$LIBS"
+ if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
+ AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
+ AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
+ if $PKGCONFIG --exists gnutls; then
+ have_ssl=1
+ SSLLIBS=`$PKGCONFIG --libs gnutls`
+ SSLFLAGS=`$PKGCONFIG --cflags gnutls`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
+ elif test "x$LIBGNUTLSCONFIG" != x; then
+ have_ssl=1
+ SSLLIBS=`$LIBGNUTLSCONFIG --libs`
+ SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
+ AC_DEFINE(HAVE_SSL)
+ AC_DEFINE(HAVE_GNUTLS)
+ fi
- AC_CHECK_LIB(gnutls, gnutls_x509_crt_set_dn_by_oid,
- [SSLLIBS="-lgnutls"
- AC_DEFINE(HAVE_SSL)
- AC_DEFINE(HAVE_GNUTLS)])
+ if test $have_ssl = 1; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
- LIBS="$SAVELIBS")
+ if $PKGCONFIG --exists gcrypt; then
+ SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
+ SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
+ elif test "x$LIBGCRYPTCONFIG" != x; then
+ SSLLIBS="$SSLLIBS `$LIBGCRYPTCONFIG --libs`"
+ SSLFLAGS="$SSLFLAGS `$LIBGCRYPTCONFIG --cflags`"
+ fi
+ fi
fi
dnl Check for the OpenSSL library last...
- if test "x${SSLLIBS}" = "x" -a "x${enable_openssl}" != "xno"; then
- AC_CHECK_HEADER(openssl/ssl.h,
+ if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
+ AC_CHECK_HEADER(openssl/ssl.h,[
dnl Save the current libraries so the crypto stuff isn't always
dnl included...
SAVELIBS="$LIBS"
dnl case the RSAREF libraries are needed.
for libcrypto in \
- "-lcrypto" \
- "-lcrypto -lrsaref" \
- "-lcrypto -lRSAglue -lrsaref"
+ "-lcrypto" \
+ "-lcrypto -lrsaref" \
+ "-lcrypto -lRSAglue -lrsaref"
do
AC_CHECK_LIB(ssl,SSL_new,
- [SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
+ [have_ssl=1
+ SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
SSLLIBS="-lssl $libcrypto"
AC_DEFINE(HAVE_SSL)
AC_DEFINE(HAVE_LIBSSL)],,
fi
done
- LIBS="$SAVELIBS")
+ if test "x${SSLLIBS}" != "x"; then
+ CUPS_SERVERCERT="ssl/server.crt"
+ CUPS_SERVERKEY="ssl/server.key"
+
+ LIBS="$SAVELIBS $SSLLIBS"
+ AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
+ fi
+
+ LIBS="$SAVELIBS"])
fi
fi
+IPPALIASES="http"
+if test $have_ssl = 1; then
+ AC_MSG_RESULT([ Using SSLLIBS="$SSLLIBS"])
+ AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
+ IPPALIASES="http https ipps"
+elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
+ AC_MSG_ERROR([Unable to enable SSL support.])
+fi
+
+AC_SUBST(CUPS_SERVERCERT)
+AC_SUBST(CUPS_SERVERKEY)
+AC_SUBST(IPPALIASES)
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)
EXPORT_SSLLIBS="$SSLLIBS"
AC_SUBST(EXPORT_SSLLIBS)
-
dnl
-dnl End of "$Id: cups-ssl.m4 5264 2006-03-10 01:10:36Z mike $".
+dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".
dnl