2 dnl "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $"
4 dnl OpenSSL/GNUTLS stuff for CUPS.
6 dnl Copyright 2007-2012 by Apple Inc.
7 dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
9 dnl These coded instructions, statements, and computer programs are the
10 dnl property of Apple Inc. and are protected by Federal copyright
11 dnl law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 dnl which should have been included with this file. If this file is
13 dnl file is missing or damaged, see the license at "http://www.cups.org/".
16 AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TLS support])
17 AC_ARG_ENABLE(cdsassl, [ --enable-cdsassl use CDSA for SSL/TLS support, default=first])
18 AC_ARG_ENABLE(gnutls, [ --enable-gnutls use GNU TLS for SSL/TLS support, default=second])
19 AC_ARG_ENABLE(openssl, [ --enable-openssl use OpenSSL for SSL/TLS support, default=third])
20 AC_ARG_WITH(openssl-libs, [ --with-openssl-libs set directory for OpenSSL library],
21 LDFLAGS="-L$withval $LDFLAGS"
22 DSOFLAGS="-L$withval $DSOFLAGS",)
23 AC_ARG_WITH(openssl-includes, [ --with-openssl-includes set directory for OpenSSL includes],
24 CFLAGS="-I$withval $CFLAGS"
25 CPPFLAGS="-I$withval $CPPFLAGS",)
33 if test x$enable_ssl != xno; then
35 if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
36 if test $uname = Darwin; then
37 AC_CHECK_HEADER(Security/SecureTransport.h, [
40 AC_DEFINE(HAVE_CDSASSL)
41 CUPS_SERVERCERT="/Library/Keychains/System.keychain"
43 dnl Check for the various security headers...
44 AC_CHECK_HEADER(Security/SecureTransportPriv.h,
45 AC_DEFINE(HAVE_SECURETRANSPORTPRIV_H))
46 AC_CHECK_HEADER(Security/SecCertificate.h,
47 AC_DEFINE(HAVE_SECCERTIFICATE_H))
48 AC_CHECK_HEADER(Security/SecItem.h,
49 AC_DEFINE(HAVE_SECITEM_H))
50 AC_CHECK_HEADER(Security/SecItemPriv.h,
51 AC_DEFINE(HAVE_SECITEMPRIV_H),,
52 [#include <Security/SecItem.h>])
53 AC_CHECK_HEADER(Security/SecPolicy.h,
54 AC_DEFINE(HAVE_SECPOLICY_H))
55 AC_CHECK_HEADER(Security/SecPolicyPriv.h,
56 AC_DEFINE(HAVE_SECPOLICYPRIV_H))
57 AC_CHECK_HEADER(Security/SecBasePriv.h,
58 AC_DEFINE(HAVE_SECBASEPRIV_H))
59 AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
60 AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
62 dnl Check for SecCertificateCopyData..
63 AC_MSG_CHECKING(for SecCertificateCopyData)
64 if test $uversion -ge 100; then
65 AC_DEFINE(HAVE_SECCERTIFICATECOPYDATA)
71 dnl Check for SecIdentitySearchCreateWithPolicy...
72 AC_MSG_CHECKING(for SecIdentitySearchCreateWithPolicy)
73 if test $uversion -ge 80; then
74 AC_DEFINE(HAVE_SECIDENTITYSEARCHCREATEWITHPOLICY)
80 dnl Check for SecPolicyCreateSSL...
81 AC_MSG_CHECKING(for SecPolicyCreateSSL)
82 if test $uversion -ge 110; then
83 AC_DEFINE(HAVE_SECPOLICYCREATESSL)
89 AC_DEFINE(HAVE_CSSMERRORSTRING)
93 dnl Then look for GNU TLS...
94 if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
95 AC_PATH_PROG(LIBGNUTLSCONFIG,libgnutls-config)
96 AC_PATH_PROG(LIBGCRYPTCONFIG,libgcrypt-config)
97 if $PKGCONFIG --exists gnutls; then
99 SSLLIBS=`$PKGCONFIG --libs gnutls`
100 SSLFLAGS=`$PKGCONFIG --cflags gnutls`
102 AC_DEFINE(HAVE_GNUTLS)
103 elif test "x$LIBGNUTLSCONFIG" != x; then
105 SSLLIBS=`$LIBGNUTLSCONFIG --libs`
106 SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
108 AC_DEFINE(HAVE_GNUTLS)
111 if test $have_ssl = 1; then
112 CUPS_SERVERCERT="ssl/server.crt"
113 CUPS_SERVERKEY="ssl/server.key"
115 if $PKGCONFIG --exists gcrypt; then
116 SSLLIBS="$SSLLIBS `$PKGCONFIG --libs gcrypt`"
117 SSLFLAGS="$SSLFLAGS `$PKGCONFIG --cflags gcrypt`"
118 elif test "x$LIBGCRYPTCONFIG" != x; then
119 SSLLIBS="$SSLLIBS `$LIBGCRYPTCONFIG --libs`"
120 SSLFLAGS="$SSLFLAGS `$LIBGCRYPTCONFIG --cflags`"
125 dnl Check for the OpenSSL library last...
126 if test $have_ssl = 0 -a "x$enable_openssl" != "xno"; then
127 AC_CHECK_HEADER(openssl/ssl.h,[
128 dnl Save the current libraries so the crypto stuff isn't always
132 dnl Some ELF systems can't resolve all the symbols in libcrypto
133 dnl if libcrypto was linked against RSAREF, and fail to link the
134 dnl test program correctly, even though a correct installation
135 dnl of OpenSSL exists. So we test the linking three times in
136 dnl case the RSAREF libraries are needed.
140 "-lcrypto -lrsaref" \
141 "-lcrypto -lRSAglue -lrsaref"
143 AC_CHECK_LIB(ssl,SSL_new,
145 SSLFLAGS="-DOPENSSL_DISABLE_OLD_DES_SUPPORT"
146 SSLLIBS="-lssl $libcrypto"
148 AC_DEFINE(HAVE_LIBSSL)],,
151 if test "x${SSLLIBS}" != "x"; then
156 if test "x${SSLLIBS}" != "x"; then
157 CUPS_SERVERCERT="ssl/server.crt"
158 CUPS_SERVERKEY="ssl/server.key"
160 LIBS="$SAVELIBS $SSLLIBS"
161 AC_CHECK_FUNCS(SSL_set_tlsext_host_name)
169 if test $have_ssl = 1; then
170 AC_MSG_RESULT([ Using SSLLIBS="$SSLLIBS"])
171 AC_MSG_RESULT([ Using SSLFLAGS="$SSLFLAGS"])
172 IPPALIASES="http https ipps"
173 elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes -o x$enable_openssl = xyes; then
174 AC_MSG_ERROR([Unable to enable SSL support.])
177 AC_SUBST(CUPS_SERVERCERT)
178 AC_SUBST(CUPS_SERVERKEY)
183 EXPORT_SSLLIBS="$SSLLIBS"
184 AC_SUBST(EXPORT_SSLLIBS)
187 dnl End of "$Id: cups-ssl.m4 7241 2008-01-22 22:34:52Z mike $".