Rename --with-proxy-tls-impl to --with-tls-impl

Make the configure option for TLS implementation more generic, in case
we use the k5tls module for something other than KDC proxy support.
Rename all of the associated symbols for consistency.

ticket: 7929

diff --git a/src/Makefile.in b/src/Makefile.in
index 92bb60a63ed87c84804a52b3c0eb778e225e1089..522f21d44f4c24390c5c05b125679ce043226fe4 100644 (file)
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -554,7 +554,7 @@ pyrunenv.vals: Makefile
        for i in $(RUN_VARS); do \
                eval echo 'env['\\\'$$i\\\''] = '\\\'\$$$$i\\\'; \
        done > $@
-       echo "proxy_tls_impl = '$(PROXY_TLS_IMPL)'" >> $@
+       echo "tls_impl = '$(TLS_IMPL)'" >> $@
 
 runenv.py: pyrunenv.vals
        echo 'env = {}' > $@

diff --git a/src/config/pre.in b/src/config/pre.in
index fd8ee56eaf33c567c3a20fa8efe0422118c7695b..002c2f7a56702c9be542dc6f0b7c2cc9ec13bd71 100644 (file)
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -429,10 +429,10 @@ PKINIT_CRYPTO_IMPL                = @PKINIT_CRYPTO_IMPL@
 PKINIT_CRYPTO_IMPL_CFLAGS      = @PKINIT_CRYPTO_IMPL_CFLAGS@
 PKINIT_CRYPTO_IMPL_LIBS                = @PKINIT_CRYPTO_IMPL_LIBS@
 
-# TLS implementation selection for HTTPS proxy support
-PROXY_TLS_IMPL                  = @PROXY_TLS_IMPL@
-PROXY_TLS_IMPL_CFLAGS           = @PROXY_TLS_IMPL_CFLAGS@
-PROXY_TLS_IMPL_LIBS             = @PROXY_TLS_IMPL_LIBS@
+# TLS implementation selection
+TLS_IMPL       = @TLS_IMPL@
+TLS_IMPL_CFLAGS = @TLS_IMPL_CFLAGS@
+TLS_IMPL_LIBS  = @TLS_IMPL_LIBS@
 
 # error table rules
 #

diff --git a/src/configure.in b/src/configure.in
index 43509ab354381cc9b83ec637c188a5fc50a4aa63..2e22470155159e004876bec88e80f23fed872da3 100644 (file)
--- a/src/configure.in
+++ b/src/configure.in
@@ -272,50 +272,48 @@ AC_SUBST(PKINIT_CRYPTO_IMPL)
 AC_SUBST(PKINIT_CRYPTO_IMPL_CFLAGS)
 AC_SUBST(PKINIT_CRYPTO_IMPL_LIBS)
 
-# WITH_PROXY_TLS_IMPL
+# WITH_TLS_IMPL
 
-AC_ARG_WITH([proxy-tls-impl],
-AC_HELP_STRING([--with-proxy-tls-impl=IMPL],
-               [use specified TLS implementation for HTTPS @<:@auto@:>@]),
-[PROXY_TLS_IMPL=$withval],[PROXY_TLS_IMPL=auto])
-case "$PROXY_TLS_IMPL" in
+AC_ARG_WITH([tls-impl],
+AC_HELP_STRING([--with-tls-impl=IMPL],
+               [use specified TLS implementation @<:@auto@:>@]),
+[TLS_IMPL=$withval],[TLS_IMPL=auto])
+case "$TLS_IMPL" in
 openssl|auto)
   AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
                -lcrypto)
   AC_MSG_CHECKING([for OpenSSL])
   if test x$have_lib_ssl = xtrue ; then
-    AC_DEFINE(PROXY_TLS_IMPL_OPENSSL,1,
-              [Define if HTTPS TLS implementation is OpenSSL])
+    AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
     AC_MSG_RESULT([yes])
-    PROXY_TLS_IMPL_LIBS="-lssl -lcrypto"
-    PROXY_TLS_IMPL=openssl
-    AC_MSG_NOTICE(HTTPS support will use TLS from '$PROXY_TLS_IMPL')
+    TLS_IMPL_LIBS="-lssl -lcrypto"
+    TLS_IMPL=openssl
+    AC_MSG_NOTICE([TLS module will use OpenSSL])
   else
-    if test "$PROXY_TLS_IMPL" = openssl ; then
+    if test "$TLS_IMPL" = openssl ; then
       AC_MSG_ERROR([OpenSSL not found!])
     else
       AC_MSG_WARN([OpenSSL not found!])
     fi
-    PROXY_TLS_IMPL=no
-    AC_MSG_NOTICE(building without HTTPS support)
+    TLS_IMPL=no
+    AC_MSG_NOTICE(building without TLS support)
   fi
   ;;
 no)
-  AC_MSG_NOTICE(building without HTTPS support)
+  AC_MSG_NOTICE(building without TLS support)
   ;;
 *)
-  AC_MSG_ERROR([Unsupported HTTPS proxy TLS implementation $withval])
+  AC_MSG_ERROR([Unsupported TLS implementation $withval])
   ;;
 esac
 
-if test "$PROXY_TLS_IMPL" = no; then
-   AC_DEFINE(PROXY_TLS_IMPL_NONE,1,
-             [Define if no HTTP TLS implementation is selected])
+if test "$TLS_IMPL" = no; then
+   AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
 fi
 
-AC_SUBST(PROXY_TLS_IMPL)
-AC_SUBST(PROXY_TLS_IMPL_CFLAGS)
-AC_SUBST(PROXY_TLS_IMPL_LIBS)
+AC_SUBST(TLS_IMPL)
+AC_SUBST(TLS_IMPL_CFLAGS)
+AC_SUBST(TLS_IMPL_LIBS)
 
 AC_ARG_ENABLE([aesni],
 AC_HELP_STRING([--disable-aesni],[Do not build with AES-NI support]), ,

diff --git a/src/plugins/tls/k5tls/Makefile.in b/src/plugins/tls/k5tls/Makefile.in
index 4d58df0dc4195bbceaf732fc36cd0ab3fa8358f2..e5ae830e83efcfcd436cd2697f667e2c61e7a817 100644 (file)
--- a/src/plugins/tls/k5tls/Makefile.in
+++ b/src/plugins/tls/k5tls/Makefile.in
@@ -1,14 +1,14 @@
 mydir=plugins$(S)tls$(S)k5tls
 BUILDTOP=$(REL)..$(S)..$(S)..
 MODULE_INSTALL_DIR = $(KRB5_TLS_MODULE_DIR)
-LOCALINCLUDES= $(PROXY_TLS_IMPL_CFLAGS)
+LOCALINCLUDES= $(TLS_IMPL_CFLAGS)
 
 LIBBASE=k5tls
 LIBMAJOR=0
 LIBMINOR=0
 RELDIR=../plugins/tls/k5tls
 SHLIB_EXPDEPS= $(KRB5_DEPLIB) $(SUPPORT_DEPLIB)
-SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(PROXY_TLS_IMPL_LIBS)
+SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(TLS_IMPL_LIBS)
 
 STLIBOBJS=openssl.o notls.o
 

diff --git a/src/plugins/tls/k5tls/notls.c b/src/plugins/tls/k5tls/notls.c
index 7be0a4abb2e61a08691377621e6cb48dd0813997..357af8115843132393614b447560c5b02abb16f5 100644 (file)
--- a/src/plugins/tls/k5tls/notls.c
+++ b/src/plugins/tls/k5tls/notls.c
@@ -36,7 +36,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_NONE
+#ifdef TLS_IMPL_NONE
 
 krb5_error_code
 tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
@@ -50,4 +50,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_NONE */
+#endif /* TLS_IMPL_NONE */

diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 0691a34a8778234b83194aac0e803fbfcec5bfcc..41917c4c6fb2d6e863fc4f67d4f7ba5f66da934d 100644 (file)
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -31,7 +31,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_OPENSSL
+#ifdef TLS_IMPL_OPENSSL
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
@@ -567,4 +567,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_OPENSSL */
+#endif /* TLS_IMPL_OPENSSL */

diff --git a/src/tests/t_proxy.py b/src/tests/t_proxy.py
index e4e3d482c8e23775760bcd3301ff9bcb14941c78..a9ba67e2c0dfe7d8f6a4b28f36bfd711d1fedd6e 100644 (file)
--- a/src/tests/t_proxy.py
+++ b/src/tests/t_proxy.py
@@ -2,9 +2,8 @@
 from k5test import *
 
 # Skip this test if we're missing proxy functionality or parts of the proxy.
-if runenv.proxy_tls_impl == 'no':
-    success('Warning: not testing proxy support because feature ' +
-            'was not enabled')
+if runenv.tls_impl == 'no':
+    success('Warning: not testing proxy support because TLS was not enabled')
     exit(0)
 try:
     from paste import httpserver

diff --git a/src/util/k5test.py b/src/util/k5test.py
index 8cb477d85cd1f4ee5acff15797e1ebf5890355e6..4a10974cefa65abd9b25e1f03e80f0460d4b0096 100644 (file)
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -179,8 +179,8 @@ Scripts may use the following functions and variables:
 
 * runenv: The contents of $srctop/runenv.py, containing a dictionary
   'env' which specifies additional variables to be added to the realm
-  environment, and a variable 'proxy_tls_impl', which indicates which
-  SSL implementation (if any) is being used by libkrb5's support for
+  environment, and a variable 'tls_impl', which indicates which TLS
+  implementation (if any) is being used by libkrb5's support for
   contacting KDCs and kpasswd servers over HTTPS.
 
 * verbose: Whether the script is running verbosely.