Make sure we don't use functions that are not available.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11477 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/config-scripts/cups-ssl.m4 b/config-scripts/cups-ssl.m4
index 9dcb6999dd5f8f060cf23ebac1a463a179fb127c..69bd8aad96782328a7916c4da785d6ea6f111816 100644 (file)
--- a/config-scripts/cups-ssl.m4
+++ b/config-scripts/cups-ssl.m4
@@ -52,7 +52,8 @@ if test x$enable_ssl != xno; then
                AC_CHECK_HEADER(Security/SecIdentitySearchPriv.h,
                    AC_DEFINE(HAVE_SECIDENTITYSEARCHPRIV_H))
 
-               AC_DEFINE(HAVE_CSSMERRORSTRING)])
+               AC_DEFINE(HAVE_CSSMERRORSTRING)
+               AC_DEFINE(HAVE_SECKEYCHAINOPEN)])
        fi
     fi
 

diff --git a/config.h.in b/config.h.in
index ec4a7785e11f5087b9257383ea5ff53ab01af7dd..463b572f2304b30c4e4d50c9b12792208b32b99f 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -315,6 +315,20 @@
 #undef HAVE_CSSMERRORSTRING
 
 
+/*
+ * Do we have the SecGenerateSelfSignedCertificate function?
+ */
+
+#undef HAVE_SECGENERATESELFSIGNEDCERTIFICATE
+
+
+/*
+ * Do we have the SecKeychainOpen function?
+ */
+
+#undef HAVE_SECKEYCHAINOPEN
+
+
 /*
  * Do we have libpaper?
  */

diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index ec0264ff27409986dcd7a72e257a2a46bc206cb2..35fcc0c830826d6637a0c81580f26301282fa617 100644 (file)
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -30,6 +30,7 @@ extern char **environ;
  * Local globals...
  */
 
+#ifdef HAVE_SECKEYCHAINOPEN
 static int             tls_auto_create = 0;
                                        /* Auto-create self-signed certs? */
 static char            *tls_common_name = NULL;
@@ -40,13 +41,16 @@ static char         *tls_keypath = NULL;
                                        /* Server cert keychain path */
 static _cups_mutex_t   tls_mutex = _CUPS_MUTEX_INITIALIZER;
                                        /* Mutex for keychain/certs */
+#endif /* HAVE_SECKEYCHAINOPEN */
 
 
 /*
  * Local functions...
  */
 
+#ifdef HAVE_SECKEYCHAINOPEN
 static CFArrayRef      http_cdsa_copy_server(const char *common_name);
+#endif /* HAVE_SECKEYCHAINOPEN */
 static OSStatus                http_cdsa_read(SSLConnectionRef connection, void *data, size_t *dataLength);
 static OSStatus                http_cdsa_write(SSLConnectionRef connection, const void *data, size_t *dataLength);
 
@@ -65,7 +69,7 @@ cupsMakeServerCredentials(
     const char **alt_names,            /* I - Subject Alternate Names */
     time_t     expiration_date)                /* I - Expiration date */
 {
-#ifdef HAVE_SECGENERATESELFSIGNEDCERTIFICATE
+#if defined(HAVE_SECGENERATESELFSIGNEDCERTIFICATE) && defined(HAVE_SECKEYCHAINOPEN)
   int                  status = 0;     /* Return status */
   OSStatus             err;            /* Error code (if any) */
   CFStringRef          cfcommon_name = NULL;
@@ -165,7 +169,7 @@ cleanup:
 
   return (status);
 
-#else /* !HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
+#else /* !(HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN) */
   int          pid,                    /* Process ID of command */
                status;                 /* Status of command */
   char         command[1024],          /* Command */
@@ -246,7 +250,7 @@ cleanup:
     }
 
   return (!status);
-#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE */
+#endif /* HAVE_SECGENERATESELFSIGNEDCERTIFICATE && HAVE_SECKEYCHAINOPEN */
 }
 
 
@@ -265,6 +269,7 @@ cupsSetServerCredentials(
     const char *common_name,           /* I - Default common name for server */
     int        auto_create)            /* I - 1 = automatically create self-signed certificates */
 {
+#ifdef HAVE_SECKEYCHAINOPEN
   SecKeychainRef       keychain = NULL;/* Temporary keychain */
 
 
@@ -301,6 +306,10 @@ cupsSetServerCredentials(
   _cupsMutexUnlock(&tls_mutex);
 
   return (1);
+
+#else
+  return (0);
+#endif /* HAVE_SECKEYCHAINOPEN */
 }
 
 
@@ -792,6 +801,7 @@ httpSaveCredentials(
 }
 
 
+#ifdef HAVE_SECKEYCHAINOPEN
 /*
  * 'http_cdsa_copy_server()' - Find and copy server credentials from the keychain.
  */
@@ -860,6 +870,7 @@ http_cdsa_copy_server(
 
   return (certificates);
 }
+#endif /* HAVE_SECKEYCHAINOPEN */
 
 
 /*
@@ -1202,6 +1213,7 @@ http_tls_start(http_t *http)              /* I - HTTP connection */
        httpAddrString(&addr, hostname, sizeof(hostname));
     }
 
+#ifdef HAVE_SECKEYCHAINOPEN
     if (hostname[0])
       http->tls_credentials = http_cdsa_copy_server(hostname);
     else if (tls_common_name)
@@ -1223,6 +1235,7 @@ http_tls_start(http_t *http)              /* I - HTTP connection */
 
       http->tls_credentials = http_cdsa_copy_server(hostname[0] ? hostname : tls_common_name);
     }
+#endif /* HAVE_SECKEYCHAINOPEN */
 
     if (!http->tls_credentials)
     {

diff --git a/doc/help/man-cupsd.conf.html b/doc/help/man-cupsd.conf.html
index 227ccfe2fb5669bda0888edf5c6baf6cc30113e1..f900c3c452b290ee761204e67cd1d188118425d6 100644 (file)
--- a/doc/help/man-cupsd.conf.html
+++ b/doc/help/man-cupsd.conf.html
@@ -598,14 +598,6 @@ responses.
 <dd></dd>
 <dd>Listens on the specified address and port for encrypted connections.
 </dd>
-<dt>SSLOptions None
-</dt>
-<dd></dd>
-<dt>SSLOptions NoEmptyFragments
-</dt>
-<dd></dd>
-<dd>Sets SSL/TLS protocol options for encrypted connections.
-</dd>
 <dt>SSLPort
 </dt>
 <dd></dd>