[thirdparty/cups.git] / config-scripts / cups-ssl.m4

dnl
dnl "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $"
dnl
dnl   OpenSSL/GNUTLS stuff for CUPS.
dnl
dnl   Copyright 2007-2012 by Apple Inc.
dnl   Copyright 1997-2007 by Easy Software Products, all rights reserved.
dnl
dnl   These coded instructions, statements, and computer programs are the
dnl   property of Apple Inc. and are protected by Federal copyright
dnl   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
dnl   which should have been included with this file.  If this file is
dnl   file is missing or damaged, see the license at "http://www.cups.org/".
dnl

AC_ARG_ENABLE(ssl, [  --disable-ssl           disable SSL/TLS support])
AC_ARG_ENABLE(cdsassl, [  --enable-cdsassl        use CDSA for SSL/TLS support, default=first])
AC_ARG_ENABLE(gnutls, [  --enable-gnutls         use GNU TLS for SSL/TLS support, default=second])
AC_ARG_ENABLE(openssl, [  --enable-openssl        use OpenSSL for SSL/TLS support, default=third])
AC_ARG_WITH(openssl-libs, [  --with-openssl-libs     set directory for OpenSSL library],
    LDFLAGS="-L$withval $LDFLAGS"
    DSOFLAGS="-L$withval $DSOFLAGS",)
AC_ARG_WITH(openssl-includes, [  --with-openssl-includes set directory for OpenSSL includes],
    CFLAGS="-I$withval $CFLAGS"
    CPPFLAGS="-I$withval $CPPFLAGS",)

SSLFLAGS=""
SSLLIBS=""
have_ssl=0
CUPS_SERVERCERT=""
CUPS_SERVERKEY=""

if test x$enable_ssl != xno; then
    dnl Look for CDSA...
    if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
	if test $uname = Darwin; then
	    AC_CHECK_HEADER(Security/SecureTransport.h, [
	    	have_ssl=1
		AC_DEFINE(HAVE_SSL)
		AC_DEFINE(HAVE_CDSASSL)
		CUPS_SERVERCERT="/Library/Keychains/System.keychain"

		dnl Check for the various security headers...
		AC_CHECK_HEADER(Security/SecureTransportPriv.h,
		    AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
		AC_CHECK_HEADER(Security/SecCertificate.h,
		    AC_DEFINE(HAVE_SECCERTIFICATE_H))
		AC_CHECK_HEADER(Security/SecItem.h,
		    AC_DEFINE(HAVE_SECITEM_H))
		AC_CHECK_HEADER(Security/SecItemPriv.h,
		    AC_DEFINE(HAVE_SECITEMPRIV_H),,
		    [#include <Security/SecItem.h>])
		AC_CHECK_HEADER(Security/SecPolicy.h,
		    AC_DEFINE(HAVE_SECPOLICY_H))
		AC_CHECK_HEADER(Security/SecPolicyPriv.h,
		    AC_DEFINE(HAVE_SECPOLICYPRIV_H))
		AC_CHECK_HEADER(Security/SecBasePriv.h,
		    AC_DEFINE(HAVE_SECBASEPRIV_H))
		AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
		    AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))

		AC_DEFINE(HAVE_CSSMERRORSTRING)])
	fi
    fi

    dnl Then look for GNU TLS...
    if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
    	AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
    	AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
	if $PKGCONFIG --exists gnutls; then
	    have_ssl=1
	    SSLLIBS=`$PKGCONFIG --libs gnutls`
	    SSLFLAGS=`$PKGCONFIG --cflags gnutls`
	    AC_DEFINE(HAVE_SSL)
	    AC_DEFINE(HAVE_GNUTLS)
	elif test "x$LIBGNUTLSCONFIG" != x; then
	    have_ssl=1
	    SSLLIBS=`$LIBGNUTLSCONFIG --libs`
	    SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
	    AC_DEFINE(HAVE_SSL)
	    AC_DEFINE(HAVE_GNUTLS)
	fi

	if test $have_ssl = 1; then
	    CUPS_SERVERCERT="ssl/server.crt"
	    CUPS_SERVERKEY="ssl/server.key"

            if $PKGCONFIG --exists gcrypt; then
	        SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
	        SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
	    elif test "x$LIBGCRYPTCONFIG" != x; then
	        SSLLIBS="$SSLLIBS `$LIBGCRYPTCONFIG --libs`"
	        SSLFLAGS="$SSLFLAGS `$LIBGCRYPTCONFIG --cflags`"
	    fi
	fi
    fi

    dnl Check for the OpenSSL library last...
    if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
	AC_CHECK_HEADER(openssl/ssl.h,[
	    dnl Save the current libraries so the crypto stuff isn't always
	    dnl included...
	    SAVELIBS="$LIBS"

	    dnl Some ELF systems can't resolve all the symbols in libcrypto
	    dnl if libcrypto was linked against RSAREF, and fail to link the
	    dnl test program correctly, even though a correct installation
	    dnl of OpenSSL exists.  So we test the linking three times in
	    dnl case the RSAREF libraries are needed.

	    for libcrypto in \
		"-lcrypto" \
		"-lcrypto -lrsaref" \
		"-lcrypto -lRSAglue -lrsaref"
	    do
		AC_CHECK_LIB(ssl,SSL_new,
		    [have_ssl=1
		     SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
		     SSLLIBS="-lssl $libcrypto"
		     AC_DEFINE(HAVE_SSL)
		     AC_DEFINE(HAVE_LIBSSL)],,
		    $libcrypto)

		if test "x${SSLLIBS}" != "x"; then
		    break
		fi
	    done

	    if test "x${SSLLIBS}" != "x"; then
		CUPS_SERVERCERT="ssl/server.crt"
		CUPS_SERVERKEY="ssl/server.key"

		LIBS="$SAVELIBS $SSLLIBS"
		AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
	    fi

	    LIBS="$SAVELIBS"])
    fi
fi

IPPALIASES="http"
if test $have_ssl = 1; then
    AC_MSG_RESULT([    Using SSLLIBS="$SSLLIBS"])
    AC_MSG_RESULT([    Using SSLFLAGS="$SSLFLAGS"])
    IPPALIASES="http https ipps"
elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
    AC_MSG_ERROR([Unable to enable SSL support.])
fi

AC_SUBST(CUPS_SERVERCERT)
AC_SUBST(CUPS_SERVERKEY)
AC_SUBST(IPPALIASES)
AC_SUBST(SSLFLAGS)
AC_SUBST(SSLLIBS)

EXPORT_SSLLIBS="$SSLLIBS"
AC_SUBST(EXPORT_SSLLIBS)

dnl
dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".
dnl
Commit	Line	Data
ef416fc2	1	dnl
75bd9771	2	dnl "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $"
ef416fc2	3	dnl
f8b3a85b	4	dnl OpenSSL/GNUTLS stuff for CUPS.
ef416fc2	5	dnl
82cc1f9a	6	dnl Copyright 2007-2012 by Apple Inc.
b86bc4cf	7	dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2	8	dnl
ef416fc2	9	dnl These coded instructions, statements, and computer programs are the
bc44d920	10	dnl property of Apple Inc. and are protected by Federal copyright
	11	dnl law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	dnl which should have been included with this file. If this file is
	13	dnl file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	14	dnl
ef416fc2	15
bf3816c7	16	AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TLS support])
ef416fc2	17	AC_ARG_ENABLE(cdsassl, [ --enable-cdsassl use CDSA for SSL/TLS support, default=first])
	18	AC_ARG_ENABLE(gnutls, [ --enable-gnutls use GNU TLS for SSL/TLS support, default=second])
	19	AC_ARG_ENABLE(openssl, [ --enable-openssl use OpenSSL for SSL/TLS support, default=third])
	20	AC_ARG_WITH(openssl-libs, [ --with-openssl-libs set directory for OpenSSL library],
	21	LDFLAGS="-L$withval $LDFLAGS"
	22	DSOFLAGS="-L$withval $DSOFLAGS",)
	23	AC_ARG_WITH(openssl-includes, [ --with-openssl-includes set directory for OpenSSL includes],
	24	CFLAGS="-I$withval $CFLAGS"
ef416fc2	25	CPPFLAGS="-I$withval $CPPFLAGS",)
	26
	27	SSLFLAGS=""
	28	SSLLIBS=""
f8b3a85b	29	have_ssl=0
c41769ff MS	30	CUPS_SERVERCERT=""
c41769ff MS	31	CUPS_SERVERKEY=""
ef416fc2	32
	33	if test x$enable_ssl != xno; then
	34	dnl Look for CDSA...
0268488e	35	if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
ef416fc2	36	if test $uname = Darwin; then
b86bc4cf	37	AC_CHECK_HEADER(Security/SecureTransport.h, [
f8b3a85b	38	have_ssl=1
b86bc4cf	39	AC_DEFINE(HAVE_SSL)
b86bc4cf	40	AC_DEFINE(HAVE_CDSASSL)
c41769ff	41	CUPS_SERVERCERT="/Library/Keychains/System.keychain"
b86bc4cf	42
b86bc4cf	43	dnl Check for the various security headers...
eac3a0a0 MS	44	AC_CHECK_HEADER(Security/SecureTransportPriv.h,
eac3a0a0 MS	45	AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
7cf5915e MS	46	AC_CHECK_HEADER(Security/SecCertificate.h,
7cf5915e MS	47	AC_DEFINE(HAVE_SECCERTIFICATE_H))
0268488e MS	48	AC_CHECK_HEADER(Security/SecItem.h,
0268488e MS	49	AC_DEFINE(HAVE_SECITEM_H))
c7017ecc	50	AC_CHECK_HEADER(Security/SecItemPriv.h,
eac3a0a0 MS	51	AC_DEFINE(HAVE_SECITEMPRIV_H),,
eac3a0a0 MS	52	[#include <Security/SecItem.h>])
b86bc4cf	53	AC_CHECK_HEADER(Security/SecPolicy.h,
	54	AC_DEFINE(HAVE_SECPOLICY_H))
	55	AC_CHECK_HEADER(Security/SecPolicyPriv.h,
	56	AC_DEFINE(HAVE_SECPOLICYPRIV_H))
	57	AC_CHECK_HEADER(Security/SecBasePriv.h,
	58	AC_DEFINE(HAVE_SECBASEPRIV_H))
	59	AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
	60	AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
	61
c1420c87	62	AC_DEFINE(HAVE_CSSMERRORSTRING)])
ef416fc2	63	fi
	64	fi
	65
	66	dnl Then look for GNU TLS...
0268488e	67	if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
f301802f	68	AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
6d2f911b	69	AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
f11a948a	70	if $PKGCONFIG --exists gnutls; then
eac3a0a0 MS	71	have_ssl=1
	72	SSLLIBS=`$PKGCONFIG --libs gnutls`
	73	SSLFLAGS=`$PKGCONFIG --cflags gnutls`
	74	AC_DEFINE(HAVE_SSL)
	75	AC_DEFINE(HAVE_GNUTLS)
c7017ecc	76	elif test "x$LIBGNUTLSCONFIG" != x; then
eac3a0a0 MS	77	have_ssl=1
	78	SSLLIBS=`$LIBGNUTLSCONFIG --libs`
	79	SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
	80	AC_DEFINE(HAVE_SSL)
	81	AC_DEFINE(HAVE_GNUTLS)
6d2f911b MS	82	fi
	83
	84	if test $have_ssl = 1; then
c41769ff MS	85	CUPS_SERVERCERT="ssl/server.crt"
	86	CUPS_SERVERKEY="ssl/server.key"
	87
6d2f911b MS	88	if $PKGCONFIG --exists gcrypt; then
	89	SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
	90	SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
c7017ecc	91	elif test "x$LIBGCRYPTCONFIG" != x; then
6d2f911b MS	92	SSLLIBS="$SSLLIBS `$LIBGCRYPTCONFIG --libs`"
	93	SSLFLAGS="$SSLFLAGS `$LIBGCRYPTCONFIG --cflags`"
	94	fi
f301802f	95	fi
ef416fc2	96	fi
	97
	98	dnl Check for the OpenSSL library last...
0268488e	99	if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
a29fd7dd	100	AC_CHECK_HEADER(openssl/ssl.h,[
ef416fc2	101	dnl Save the current libraries so the crypto stuff isn't always
	102	dnl included...
	103	SAVELIBS="$LIBS"
	104
	105	dnl Some ELF systems can't resolve all the symbols in libcrypto
	106	dnl if libcrypto was linked against RSAREF, and fail to link the
	107	dnl test program correctly, even though a correct installation
	108	dnl of OpenSSL exists. So we test the linking three times in
	109	dnl case the RSAREF libraries are needed.
	110
	111	for libcrypto in \
82cc1f9a MS	112	"-lcrypto" \
	113	"-lcrypto -lrsaref" \
	114	"-lcrypto -lRSAglue -lrsaref"
ef416fc2	115	do
ef416fc2	116	AC_CHECK_LIB(ssl,SSL_new,
f8b3a85b MS	117	[have_ssl=1
f8b3a85b MS	118	SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
ef416fc2	119	SSLLIBS="-lssl $libcrypto"
	120	AC_DEFINE(HAVE_SSL)
	121	AC_DEFINE(HAVE_LIBSSL)],,
	122	$libcrypto)
	123
	124	if test "x${SSLLIBS}" != "x"; then
	125	break
	126	fi
	127	done
	128
a29fd7dd	129	if test "x${SSLLIBS}" != "x"; then
c41769ff MS	130	CUPS_SERVERCERT="ssl/server.crt"
	131	CUPS_SERVERKEY="ssl/server.key"
	132
a29fd7dd MS	133	LIBS="$SAVELIBS $SSLLIBS"
	134	AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
	135	fi
	136
	137	LIBS="$SAVELIBS"])
ef416fc2	138	fi
	139	fi
	140
eac3a0a0	141	IPPALIASES="http"
f8b3a85b	142	if test $have_ssl = 1; then
f301802f	143	AC_MSG_RESULT([ Using SSLLIBS="$SSLLIBS"])
f301802f	144	AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
eac3a0a0	145	IPPALIASES="http https ipps"
0268488e MS	146	elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
0268488e MS	147	AC_MSG_ERROR([Unable to enable SSL support.])
f301802f	148	fi
f301802f	149
c41769ff MS	150	AC_SUBST(CUPS_SERVERCERT)
c41769ff MS	151	AC_SUBST(CUPS_SERVERKEY)
eac3a0a0	152	AC_SUBST(IPPALIASES)
ef416fc2	153	AC_SUBST(SSLFLAGS)
	154	AC_SUBST(SSLLIBS)
	155
	156	EXPORT_SSLLIBS="$SSLLIBS"
	157	AC_SUBST(EXPORT_SSLLIBS)
	158
ef416fc2	159	dnl
75bd9771	160	dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".
ef416fc2	161	dnl