From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 21 Mar 2025 13:56:49 +0000 (+0100)
Subject: meson: Optionally enable OpenSSL engines for DNSdist
X-Git-Tag: dnsdist-2.0.0-alpha2~114^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d3911877f5fa47d7d38b0d36cc221938801fa11d;p=thirdparty%2Fpdns.git

meson: Optionally enable OpenSSL engines for DNSdist
---

diff --git a/meson.build b/meson.build
index 5011d87048..bb7e8ead37 100644
--- a/meson.build
+++ b/meson.build
@@ -44,6 +44,7 @@ subdir('meson' / 'mmap')                    # Check for mmap
 subdir('meson' / 'libsodium')               # Libsodium-based signers
 subdir('meson' / 'libcrypto')               # OpenSSL-based signers
 subdir('meson' / 'libssl')                  # OpenSSL libssl
+subdir('meson' / 'libssl-engines')          # OpenSSL libssl engines
 subdir('meson' / 'gnutls')                  # GnuTLS
 subdir('meson' / 'dot')                     # DNS over TLS
 subdir('meson' / 'ipcipher')                # IPCipher
diff --git a/meson/libssl-engines/meson.build b/meson/libssl-engines/meson.build
new file mode 100644
index 0000000000..401078da91
--- /dev/null
+++ b/meson/libssl-engines/meson.build
@@ -0,0 +1,5 @@
+conf.set(
+  'OPENSSL_NO_ENGINE',
+  true,
+  description: 'Disable engine support in libssl.cc',
+)
diff --git a/meson/libssl/meson.build b/meson/libssl/meson.build
index 06b6315999..725d955d2b 100644
--- a/meson/libssl/meson.build
+++ b/meson/libssl/meson.build
@@ -31,11 +31,6 @@ if dep_libssl.found()
     has,
     description: 'Have OpenSSL libssl SSL_CTX_set_min_proto_version',
   )
-  conf.set(
-    'OPENSSL_NO_ENGINE',
-    true,
-    description: 'Disable engine support for auth in libssl.cc',
-  )
 endif
 
 conf.set('HAVE_LIBSSL', dep_libssl.found(), description: 'OpenSSL libssl')
diff --git a/pdns/dnsdistdist/meson.build b/pdns/dnsdistdist/meson.build
index 1db616bcd6..070aff8f00 100644
--- a/pdns/dnsdistdist/meson.build
+++ b/pdns/dnsdistdist/meson.build
@@ -53,6 +53,7 @@ subdir('meson' / 'libedit')                 # Libedit
 subdir('meson' / 'libsodium')               # Libsodium
 subdir('meson' / 'libcrypto')               # OpenSSL libcrypto
 subdir('meson' / 'libssl')                  # OpenSSL libssl
+subdir('meson' / 'libssl-engines')          # OpenSSL libssl engines
 subdir('meson' / 'libssl-providers')        # OpenSSL libssl providers
 subdir('meson' / 'libsnmp')                 # SNMP
 subdir('meson' / 'clock-gettime')           # Clock_gettime
diff --git a/pdns/dnsdistdist/meson/libssl-engines/meson.build b/pdns/dnsdistdist/meson/libssl-engines/meson.build
new file mode 100644
index 0000000000..346aaeb98f
--- /dev/null
+++ b/pdns/dnsdistdist/meson/libssl-engines/meson.build
@@ -0,0 +1,13 @@
+opt_libssl_engines = get_option('tls-libssl-engines')
+
+if opt_libssl_engines
+  opt_libssl = get_option('tls-libssl')
+  if not opt_libssl.allowed()
+    error('OpenSSL TLS engines requested but libssl is not enabled')
+  endif
+
+  summary('OpenSSL libssl engines', true, bool_yn: true, section: 'Crypto')
+else
+  conf.set('OPENSSL_NO_ENGINE', true, description: 'OpenSSL libssl engines')
+  summary('OpenSSL libssl engines', false, bool_yn: true, section: 'Crypto')
+endif
diff --git a/pdns/dnsdistdist/meson_options.txt b/pdns/dnsdistdist/meson_options.txt
index f5b35835a3..d277eabe5e 100644
--- a/pdns/dnsdistdist/meson_options.txt
+++ b/pdns/dnsdistdist/meson_options.txt
@@ -12,6 +12,7 @@ option('hardening-experimental-scp', type: 'feature', value: 'disabled', descrip
 option('hardening-fortify-source', type: 'combo', choices: ['auto', 'disabled', '1', '2', '3'], value: '2', description: 'Source fortification level')
 option('ipcipher', type: 'feature', value: 'auto', description: 'IPCipher')
 option('tls-libssl', type: 'feature', value: 'auto', description: 'OpenSSL-based TLS')
+option('tls-libssl-engines', type: 'boolean', value: false, description: 'OpenSSL-based TLS with TLS engines')
 option('tls-libssl-providers', type: 'boolean', value: false, description: 'OpenSSL-based TLS with TLS providers')
 option('dns-over-tls', type: 'feature', value: 'auto', description: 'DNS over TLS (requires GnuTLS or OpenSSL)')
 option('dns-over-https', type: 'feature', value: 'auto', description: 'DNS over HTTP/2 (requires GnuTLS or OpenSSL)')
diff --git a/pdns/recursordist/meson.build b/pdns/recursordist/meson.build
index 8902622c37..40da702aa8 100644
--- a/pdns/recursordist/meson.build
+++ b/pdns/recursordist/meson.build
@@ -56,6 +56,7 @@ subdir('meson' / 'mmap')                    # Check for mmap
 subdir('meson' / 'libsodium')               # Libsodium-based signers
 subdir('meson' / 'libcrypto')               # OpenSSL-based signers
 subdir('meson' / 'libssl')                  # OpenSSL libssl
+subdir('meson' / 'libssl-engines')          # OpenSSL libssl engines
 subdir('meson' / 'libsnmp')                 # SNMP
 subdir('meson' / 'dot')                     # DNS over TLS
 subdir('meson' / 'clock-gettime')           # Clock_gettime