From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Thu, 19 Dec 2013 20:25:35 +0000 (+0000)
Subject: Make sure we don't use functions that are not available.
X-Git-Tag: v2.2b1~791
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eb66bc71be1543f993c7d87fdfe20f1540a77425;p=thirdparty%2Fcups.git

Make sure we don't use functions that are not available.


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11477 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
index 9dcb6999dd..69bd8aad96 100644
--- a/config-scripts/cups-ssl.m4
+++ b/config-scripts/cups-ssl.m4
@@ -52,7 +52,8 @@ if test x$enable_ssl != xno; then
 		AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
 		    AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
 
-		AC_DEFINE(HAVE_CSSMERRORSTRING)])
+		AC_DEFINE(HAVE_CSSMERRORSTRING)
+		AC_DEFINE(HAVE_SECKEYCHAINOPEN)])
 	fi
     fi
 
diff --git a/config.h.in b/config.h.in
index ec4a7785e1..463b572f23 100644
--- a/config.h.in
+++ b/config.h.in
@@ -315,6 +315,20 @@
 #undef HAVE_CSSMERRORSTRING
 
 
+/*
+ * Do we have the SecGenerateSelfSignedCertificate function?
+ */
+
+#undef HAVE_SECGENERATESELFSIGNEDCERTIFICATE
+
+
+/*
+ * Do we have the SecKeychainOpen function?
+ */
+
+#undef HAVE_SECKEYCHAINOPEN
+
+
 /*
  * Do we have libpaper?
  */
diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index ec0264ff27..35fcc0c830 100644
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -30,6 +30,7 @@ extern char **environ;
  * Local globals...
  */
 
+#ifdef HAVE_SECKEYCHAINOPEN
 static int		tls_auto_create = 0;
 					/* Auto-create self-signed certs? */
 static char		*tls_common_name = NULL;
@@ -40,13 +41,16 @@ static char		*tls_keypath = NULL;
 					/* Server cert keychain path */
 static _cups_mutex_t	tls_mutex = _CUPS_MUTEX_INITIALIZER;
 					/* Mutex for keychain/certs */
+#endif /* HAVE_SECKEYCHAINOPEN */
 
 
 /*
  * Local functions...
  */
 
+#ifdef HAVE_SECKEYCHAINOPEN
 static CFArrayRef	http_cdsa_copy_server(const char *common_name);
+#endif /* HAVE_SECKEYCHAINOPEN */
 static OSStatus		http_cdsa_read(SSLConnectionRef connection, void *data, size_t *dataLength);
 static OSStatus		http_cdsa_write(SSLConnectionRef connection, const void *data, size_t *dataLength);
 
@@ -65,7 +69,7 @@ cupsMakeServerCredentials(
     const char **alt_names,		/* I - Subject Alternate Names */
     time_t     expiration_date)		/* I - Expiration date */
 {
-#ifdef HAVE_SECGENERATESELFSIGNEDCERTIFICATE
+#if defined(HAVE_SECGENERATESELFSIGNEDCERTIFICATE) && defined(HAVE_SECKEYCHAINOPEN)
   int			status = 0;	/* Return status */
   OSStatus		err;		/* Error code (if any) */
   CFStringRef		cfcommon_name = NULL;
@@ -165,7 +169,7 @@ cleanup:
 
   return (status);
 
-#else /* !HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
+#else /* !(HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN) */
   int		pid,			/* Process ID of command */
 		status;			/* Status of command */
   char		command[1024],		/* Command */
@@ -246,7 +250,7 @@ cleanup:
     }
 
   return (!status);
-#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
+#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN */
 }
 
 
@@ -265,6 +269,7 @@ cupsSetServerCredentials(
     const char *common_name,		/* I - Default common name for server */
     int        auto_create)		/* I - 1 = automatically create self-signed certificates */
 {
+#ifdef HAVE_SECKEYCHAINOPEN
   SecKeychainRef	keychain = NULL;/* Temporary keychain */
 
 
@@ -301,6 +306,10 @@ cupsSetServerCredentials(
   _cupsMutexUnlock(&tls_mutex);
 
   return (1);
+
+#else
+  return (0);
+#endif /* HAVE_SECKEYCHAINOPEN */
 }
 
 
@@ -792,6 +801,7 @@ httpSaveCredentials(
 }
 
 
+#ifdef HAVE_SECKEYCHAINOPEN
 /*
  * 'http_cdsa_copy_server()' - Find and copy server credentials from the keychain.
  */
@@ -860,6 +870,7 @@ http_cdsa_copy_server(
 
   return (certificates);
 }
+#endif /* HAVE_SECKEYCHAINOPEN */
 
 
 /*
@@ -1202,6 +1213,7 @@ http_tls_start(http_t *http)		/* I - HTTP connection */
 	httpAddrString(&addr, hostname, sizeof(hostname));
     }
 
+#ifdef HAVE_SECKEYCHAINOPEN
     if (hostname[0])
       http->tls_credentials = http_cdsa_copy_server(hostname);
     else if (tls_common_name)
@@ -1223,6 +1235,7 @@ http_tls_start(http_t *http)		/* I - HTTP connection */
 
       http->tls_credentials = http_cdsa_copy_server(hostname[0] ? hostname : tls_common_name);
     }
+#endif /* HAVE_SECKEYCHAINOPEN */
 
     if (!http->tls_credentials)
     {
diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 227ccfe2fb..f900c3c452 100644
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -598,14 +598,6 @@ responses.
 <dd></dd>
 <dd>Listens on the specified address and port for encrypted connections.
 </dd>
-<dt>SSLOptions None
-</dt>
-<dd></dd>
-<dt>SSLOptions NoEmptyFragments
-</dt>
-<dd></dd>
-<dd>Sets SSL/TLS protocol options for encrypted connections.
-</dd>
 <dt>SSLPort
 </dt>
 <dd></dd>