From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 2 Feb 2016 06:35:09 +0000 (+1300)
Subject: Fix various build issues in security helpers
X-Git-Tag: SQUID_4_0_5~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8732ea9d9bc8483a392e98910126730b26cb23f8;p=thirdparty%2Fsquid.git

Fix various build issues in security helpers

* Fix incorrect build of security_file_certgen helper when OpenSSL disabled

* Remove unnecessary '-helper' from --enable-security-cert-validator-helpers
---

diff --git a/configure.ac b/configure.ac
index d1b73bcbfc..75c3f34091 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2572,12 +2572,12 @@ AC_ARG_ENABLE(url-rewrite-helpers,
 m4_include([src/http/url_rewriters/helpers.m4])
 
 dnl Select security helpers to build
-AC_ARG_ENABLE(security-cert-validator-helpers,
-  AS_HELP_STRING([--enable-security-cert-validator-helpers="list of helpers"],
+AC_ARG_ENABLE(security-cert-validators,
+  AS_HELP_STRING([--enable-security-cert-validators="list of helpers"],
                  [This option selects which security certificate validator
                   helpers to build and install as part of the normal build
                   process. The default is to attempt the build of all possible
-                  helpers. Use --disable-security-cert-validator-helpers to
+                  helpers. Use --disable-security-cert-validators to
                   build none. For a list of available helpers see the
                   src/security/cert_validators/ directory.]),[
 ])
diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index 5b9bca365d..35eb55a47f 100644
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -108,6 +108,12 @@ Most user-facing changes are reflected in squid.conf (see below).
    <em>security_fake_certverify</em>, reflecting the Squid helper naming schema
    and that it does not actually perform any certificate checks.
 
+<p>The <em>security_fake_certverify</em> helper is also now built and installed
+   by default. It is written in Perl so does not require OpenSSL dependencies
+   for installation. But does use the Perl Crypt::OpenSSL::X509 module for execution.
+   Building the helper can be controlled using the <em>--enable-security-cert-validators="fake"</em>
+   option.
+
 <p>The <em>ssl_crtd</em> helper has been renamed to <em>security_file_certgen</em>
    and is now built and installed by default whenever OpenSSL support is enabled.
    Building the helper can be controlled using the <em>--enable-security-cert-generators="file"</em>
@@ -115,10 +121,6 @@ Most user-facing changes are reflected in squid.conf (see below).
    NOTE: The <em>--enable-ssl-crtd</em> option is still required to enable the
    <em>sslcrtd_program</em> helper interface within Squid that uses the helper.
 
-<p>The <em>security_fake_certverify</em> helper is also now built and installed
-   by default. It is written in Perl so does not require OpenSSL dependencies
-   for installation. But does use the Perl Crypt::OpenSSL::X509 module for execution.
-
 <p>The <em>ntlm_smb_lm_auth</em> helper is now built using <em>--enable-auth-ntlm="SMB_LM"</em>.
    Notice the upper case where it was previously a (wrongly) lower cased acronym.
 
@@ -346,7 +348,7 @@ This section gives an account of those changes in three categories:
 	<p>Helper <em>ssl_crtd<em> has been renamed to <em>security_file_certgen</em>
 	   and built with module name <em>file</em>. Requires <em>--with-openssl</em>.
 
-	<tag>--enable-security-cert-validator-helpers</tag>
+	<tag>--enable-security-cert-validators</tag>
 	<p>New option to control which TLS/SSL certificate validation
 	   helpers are built and installed.
 	<p>One <em>fake</em> helper that does not actually perform any
diff --git a/src/security/cert_generators/file/required.m4 b/src/security/cert_generators/file/required.m4
index 835bf813d6..b127fbd80f 100644
--- a/src/security/cert_generators/file/required.m4
+++ b/src/security/cert_generators/file/required.m4
@@ -5,6 +5,6 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-if test "x$with_openssl" = "xno" ; then
+if test "x$with_openssl" = "xyes" ; then
   BUILD_HELPER="file"
 fi
diff --git a/src/security/cert_generators/helpers.m4 b/src/security/cert_generators/helpers.m4
index 31046c4417..acca5fa234 100644
--- a/src/security/cert_generators/helpers.m4
+++ b/src/security/cert_generators/helpers.m4
@@ -8,20 +8,20 @@
 # This file is supposed to run all the tests required to identify which
 # configured modules are able to be built in this environment
 
-# FIXME: de-duplicate $enable_security_cert_generator_helpers list containing double entries.
+# FIXME: de-duplicate $enable_security_cert_generators list containing double entries.
 
 #define list of modules to build
 auto_security_modules=no
-if test "x${enable_security_cert_generator_helpers:=yes}" = "xyes" ; then
-  SQUID_LOOK_FOR_MODULES([$srcdir/src/security/cert_generators],[enable_security_cert_generator_helpers])
+if test "x${enable_security_cert_generators:=yes}" = "xyes" ; then
+  SQUID_LOOK_FOR_MODULES([$srcdir/src/security/cert_generators],[enable_security_cert_generators])
   auto_security_certgen_modules=yes
 fi
 
-enable_security_cert_generator_helpers="`echo $enable_security_cert_generator_helpers| sed -e 's/,/ /g;s/  */ /g'`"
-AC_MSG_NOTICE([Security certificate generator helper candidates: $enable_security_cert_generator_helpers])
+enable_security_cert_generators="`echo $enable_security_cert_generators| sed -e 's/,/ /g;s/  */ /g'`"
+AC_MSG_NOTICE([Security certificate generator helper candidates: $enable_security_cert_generators])
 SECURITY_CERTGEN_HELPERS=""
-if test "x$enable_security_cert_generator_helpers" != "xno" ; then
-  for helper in $enable_security_cert_generator_helpers; do
+if test "x$enable_security_cert_generators" != "xno" ; then
+  for helper in $enable_security_cert_generators; do
     dir="$srcdir/src/security/cert_generators/$helper"
 
     # modules converted to autoconf macros already
diff --git a/src/security/cert_validators/helpers.m4 b/src/security/cert_validators/helpers.m4
index 2085a27c21..a2c88f1e12 100644
--- a/src/security/cert_validators/helpers.m4
+++ b/src/security/cert_validators/helpers.m4
@@ -8,20 +8,20 @@
 # This file is supposed to run all the tests required to identify which
 # configured modules are able to be built in this environment
 
-# FIXME: de-duplicate $enable_security_cert_validator_helpers list containing double entries.
+# FIXME: de-duplicate $enable_security_cert_validators list containing double entries.
 
 #define list of modules to build
 auto_security_certv_modules=no
-if test "x${enable_security_cert_validator_helpers:=yes}" = "xyes" ; then
-  SQUID_LOOK_FOR_MODULES([$srcdir/src/security/cert_validators],[enable_security_cert_validator_helpers])
+if test "x${enable_security_cert_validators:=yes}" = "xyes" ; then
+  SQUID_LOOK_FOR_MODULES([$srcdir/src/security/cert_validators],[enable_security_cert_validators])
   auto_security_certv_modules=yes
 fi
 
-enable_security_cert_validator_helpers="`echo $enable_security_cert_validator_helpers| sed -e 's/,/ /g;s/  */ /g'`"
-AC_MSG_NOTICE([Security certificate validator helper candidates: $enable_security_cert_validator_helpers])
+enable_security_cert_validators="`echo $enable_security_cert_validators| sed -e 's/,/ /g;s/  */ /g'`"
+AC_MSG_NOTICE([Security certificate validator helper candidates: $enable_security_cert_validators])
 SECURITY_CERTV_HELPERS=""
-if test "x$enable_security_cert_validator_helpers" != "xno" ; then
-  for helper in $enable_security_cert_validator_helpers; do
+if test "x$enable_security_cert_validators" != "xno" ; then
+  for helper in $enable_security_cert_validators; do
     dir="$srcdir/src/security/cert_validators/$helper"
 
     # modules converted to autoconf macros already