config-scripts/cups-ssl.m4

   1 dnl
   2 dnl "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $"
   3 dnl
   4 dnl   OpenSSL/GNUTLS stuff for CUPS.
   5 dnl
   6 dnl   Copyright 2007-2012 by Apple Inc.
   7 dnl   Copyright 1997-2007 by Easy Software Products, all rights reserved.
   8 dnl
   9 dnl   These coded instructions, statements, and computer programs are the
  10 dnl   property of Apple Inc. and are protected by Federal copyright
  11 dnl   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
  12 dnl   which should have been included with this file.  If this file is
  13 dnl   file is missing or damaged, see the license at "http://www.cups.org/".
  14 dnl
  15
  16 AC_ARG_ENABLE(ssl, [  --disable-ssl           disable SSL/TLS support])
  17 AC_ARG_ENABLE(cdsassl, [  --enable-cdsassl        use CDSA for SSL/TLS support, default=first])
  18 AC_ARG_ENABLE(gnutls, [  --enable-gnutls         use GNU TLS for SSL/TLS support, default=second])
  19 AC_ARG_ENABLE(openssl, [  --enable-openssl        use OpenSSL for SSL/TLS support, default=third])
  20 AC_ARG_WITH(openssl-libs, [  --with-openssl-libs     set directory for OpenSSL library],
  21     LDFLAGS="-L$withval $LDFLAGS"
  22     DSOFLAGS="-L$withval $DSOFLAGS",)
  23 AC_ARG_WITH(openssl-includes, [  --with-openssl-includes set directory for OpenSSL includes],
  24     CFLAGS="-I$withval $CFLAGS"
  25     CPPFLAGS="-I$withval $CPPFLAGS",)
  26
  27 SSLFLAGS=""
  28 SSLLIBS=""
  29 have_ssl=0
  30 CUPS_SERVERCERT=""
  31 CUPS_SERVERKEY=""
  32
  33 if test x$enable_ssl != xno; then
  34     dnl Look for CDSA...
  35     if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
  36         if test $uname = Darwin; then
  37             AC_CHECK_HEADER(Security/SecureTransport.h, [
  38                 have_ssl=1
  39                 AC_DEFINE(HAVE_SSL)
  40                 AC_DEFINE(HAVE_CDSASSL)
  41                 CUPS_SERVERCERT="/Library/Keychains/System.keychain"
  42
  43                 dnl Check for the various security headers...
  44                 AC_CHECK_HEADER(Security/SecureTransportPriv.h,
  45                     AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
  46                 AC_CHECK_HEADER(Security/SecCertificate.h,
  47                     AC_DEFINE(HAVE_SECCERTIFICATE_H))
  48                 AC_CHECK_HEADER(Security/SecItem.h,
  49                     AC_DEFINE(HAVE_SECITEM_H))
  50                 AC_CHECK_HEADER(Security/SecItemPriv.h,
  51                     AC_DEFINE(HAVE_SECITEMPRIV_H),,
  52                     [#include <Security/SecItem.h>])
  53                 AC_CHECK_HEADER(Security/SecPolicy.h,
  54                     AC_DEFINE(HAVE_SECPOLICY_H))
  55                 AC_CHECK_HEADER(Security/SecPolicyPriv.h,
  56                     AC_DEFINE(HAVE_SECPOLICYPRIV_H))
  57                 AC_CHECK_HEADER(Security/SecBasePriv.h,
  58                     AC_DEFINE(HAVE_SECBASEPRIV_H))
  59                 AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
  60                     AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
  61
  62                 dnl Check for SecCertificateCopyData..
  63                 AC_MSG_CHECKING(for SecCertificateCopyData)
  64                 if test $uversion -ge 100; then
  65                     AC_DEFINE(HAVE_SECCERTIFICATECOPYDATA)
  66                     AC_MSG_RESULT(yes)
  67                 else
  68                     AC_MSG_RESULT(no)
  69                 fi
  70
  71                 dnl Check for SecIdentitySearchCreateWithPolicy...
  72                 AC_MSG_CHECKING(for SecIdentitySearchCreateWithPolicy)
  73                 if test $uversion -ge 80; then
  74                     AC_DEFINE(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY)
  75                     AC_MSG_RESULT(yes)
  76                 else
  77                     AC_MSG_RESULT(no)
  78                 fi
  79
  80                 dnl Check for SecPolicyCreateSSL...
  81                 AC_MSG_CHECKING(for SecPolicyCreateSSL)
  82                 if test $uversion -ge 110; then
  83                     AC_DEFINE(HAVE_SECPOLICYCREATESSL)
  84                     AC_MSG_RESULT(yes)
  85                 else
  86                     AC_MSG_RESULT(no)
  87                 fi])
  88
  89                 AC_DEFINE(HAVE_CSSMERRORSTRING)
  90         fi
  91     fi
  92
  93     dnl Then look for GNU TLS...
  94     if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
  95         AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
  96         AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
  97         if $PKGCONFIG --exists gnutls; then
  98             have_ssl=1
  99             SSLLIBS=`$PKGCONFIG --libs gnutls`
 100             SSLFLAGS=`$PKGCONFIG --cflags gnutls`
 101             AC_DEFINE(HAVE_SSL)
 102             AC_DEFINE(HAVE_GNUTLS)
 103         elif test "x$LIBGNUTLSCONFIG" != x; then
 104             have_ssl=1
 105             SSLLIBS=`$LIBGNUTLSCONFIG --libs`
 106             SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
 107             AC_DEFINE(HAVE_SSL)
 108             AC_DEFINE(HAVE_GNUTLS)
 109         fi
 110
 111         if test $have_ssl = 1; then
 112             CUPS_SERVERCERT="ssl/server.crt"
 113             CUPS_SERVERKEY="ssl/server.key"
 114
 115             if $PKGCONFIG --exists gcrypt; then
 116                 SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
 117                 SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
 118             elif test "x$LIBGCRYPTCONFIG" != x; then
 119                 SSLLIBS="$SSLLIBS `$LIBGCRYPTCONFIG --libs`"
 120                 SSLFLAGS="$SSLFLAGS `$LIBGCRYPTCONFIG --cflags`"
 121             fi
 122         fi
 123     fi
 124
 125     dnl Check for the OpenSSL library last...
 126     if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
 127         AC_CHECK_HEADER(openssl/ssl.h,[
 128             dnl Save the current libraries so the crypto stuff isn't always
 129             dnl included...
 130             SAVELIBS="$LIBS"
 131
 132             dnl Some ELF systems can't resolve all the symbols in libcrypto
 133             dnl if libcrypto was linked against RSAREF, and fail to link the
 134             dnl test program correctly, even though a correct installation
 135             dnl of OpenSSL exists.  So we test the linking three times in
 136             dnl case the RSAREF libraries are needed.
 137
 138             for libcrypto in \
 139                 "-lcrypto" \
 140                 "-lcrypto -lrsaref" \
 141                 "-lcrypto -lRSAglue -lrsaref"
 142             do
 143                 AC_CHECK_LIB(ssl,SSL_new,
 144                     [have_ssl=1
 145                      SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
 146                      SSLLIBS="-lssl $libcrypto"
 147                      AC_DEFINE(HAVE_SSL)
 148                      AC_DEFINE(HAVE_LIBSSL)],,
 149                     $libcrypto)
 150
 151                 if test "x${SSLLIBS}" != "x"; then
 152                     break
 153                 fi
 154             done
 155
 156             if test "x${SSLLIBS}" != "x"; then
 157                 CUPS_SERVERCERT="ssl/server.crt"
 158                 CUPS_SERVERKEY="ssl/server.key"
 159
 160                 LIBS="$SAVELIBS $SSLLIBS"
 161                 AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
 162             fi
 163
 164             LIBS="$SAVELIBS"])
 165     fi
 166 fi
 167
 168 IPPALIASES="http"
 169 if test $have_ssl = 1; then
 170     AC_MSG_RESULT([    Using SSLLIBS="$SSLLIBS"])
 171     AC_MSG_RESULT([    Using SSLFLAGS="$SSLFLAGS"])
 172     IPPALIASES="http https ipps"
 173 elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
 174     AC_MSG_ERROR([Unable to enable SSL support.])
 175 fi
 176
 177 AC_SUBST(CUPS_SERVERCERT)
 178 AC_SUBST(CUPS_SERVERKEY)
 179 AC_SUBST(IPPALIASES)
 180 AC_SUBST(SSLFLAGS)
 181 AC_SUBST(SSLLIBS)
 182
 183 EXPORT_SSLLIBS="$SSLLIBS"
 184 AC_SUBST(EXPORT_SSLLIBS)
 185
 186 dnl
 187 dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".
 188 dnl