From: Remi Gacogne Date: Wed, 30 Jan 2019 15:01:39 +0000 (+0100) Subject: dnsdist: Don't link OpenSSL's libssl or GnuTLS unless DoT is enabled X-Git-Tag: dnsdist-1.4.0-alpha1~27^2~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4b1f1fd0f49077c55f9ad0c6db846fa075d4dc3;p=thirdparty%2Fpdns.git dnsdist: Don't link OpenSSL's libssl or GnuTLS unless DoT is enabled --- diff --git a/m4/pdns_check_libcrypto.m4 b/m4/pdns_check_libcrypto.m4 index b0e6a39e4c..c71c98acc8 100644 --- a/m4/pdns_check_libcrypto.m4 +++ b/m4/pdns_check_libcrypto.m4 @@ -90,6 +90,10 @@ AC_DEFUN([PDNS_CHECK_LIBCRYPTO], [ # it will just work! fi + if $found; then + AC_DEFINE([HAVE_LIBCRYPTO], [1], [Define to 1 if you have OpenSSL libcrypto]) + fi + # try the preprocessor and linker with our new flags, # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS @@ -120,4 +124,5 @@ AC_DEFUN([PDNS_CHECK_LIBCRYPTO], [ AC_SUBST([LIBCRYPTO_INCLUDES]) AC_SUBST([LIBCRYPTO_LIBS]) AC_SUBST([LIBCRYPTO_LDFLAGS]) + AM_CONDITIONAL([HAVE_LIBCRYPTO], [test "x$LIBCRYPTO_LIBS" != "x"]) ]) diff --git a/pdns/dnsdist-lua-bindings.cc b/pdns/dnsdist-lua-bindings.cc index bfb5b85fc1..b7702c0fcd 100644 --- a/pdns/dnsdist-lua-bindings.cc +++ b/pdns/dnsdist-lua-bindings.cc @@ -23,6 +23,7 @@ #include #include +#include "config.h" #include "dnsdist.hh" #include "dnsdist-lua.hh" #include "dnsdist-protobuf.hh" @@ -31,7 +32,10 @@ #include "dolog.hh" #include "fstrm_logger.hh" #include "remote_logger.hh" + +#ifdef HAVE_LIBCRYPTO #include "ipcipher.hh" +#endif /* HAVE_LIBCRYPTO */ void setupLuaBindings(bool client) { @@ -167,6 +171,7 @@ void setupLuaBindings(bool client) g_lua.registerFunction("mapToIPv4", [](const ComboAddress& ca) { return ca.mapToIPv4(); }); g_lua.registerFunction("match", [](nmts_t& s, const ComboAddress& ca) { return s.match(ca); }); +#ifdef HAVE_LIBCRYPTO g_lua.registerFunction("ipencrypt", [](const ComboAddress& ca, const std::string& key) { return encryptCA(ca, key); }); @@ -177,6 +182,7 @@ void setupLuaBindings(bool client) g_lua.writeFunction("makeIPCipherKey", [](const std::string& password) { return makeIPCipherKey(password); }); +#endif /* HAVE_LIBCRYPTO */ /* DNSName */ g_lua.registerFunction("isPartOf", &DNSName::isPartOf); diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index f2dfa39b21..b995dd007c 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -2330,6 +2330,9 @@ try #ifdef HAVE_FSTRM cout<<"fstrm "; #endif +#ifdef HAVE_LIBCRYPTO + cout<<"ipcipher "; +#endif #ifdef HAVE_LIBSODIUM cout<<"libsodium "; #endif diff --git a/pdns/dnsdistdist/Makefile.am b/pdns/dnsdistdist/Makefile.am index 030e0b22a4..8eb3f18eb8 100644 --- a/pdns/dnsdistdist/Makefile.am +++ b/pdns/dnsdistdist/Makefile.am @@ -171,13 +171,19 @@ if HAVE_RE2 dnsdist_LDADD += $(RE2_LIBS) endif +if HAVE_LIBCRYPTO +dnsdist_LDADD += $(LIBCRYPTO_LIBS) +dnsdist_SOURCES += ipcipher.cc ipcipher.hh ext/ipcrypt/ipcrypt.c ext/ipcrypt/ipcrypt.h +endif + +if HAVE_DNS_OVER_TLS if HAVE_GNUTLS dnsdist_LDADD += -lgnutls endif if HAVE_LIBSSL -dnsdist_LDADD += $(LIBSSL_LIBS) $(LIBCRYPTO_LIBS) -dnsdist_SOURCES += ipcipher.cc ipcipher.hh ext/ipcrypt/ipcrypt.c ext/ipcrypt/ipcrypt.h +dnsdist_LDADD += $(LIBSSL_LIBS) +endif endif if !HAVE_LUA_HPP diff --git a/pdns/dnsdistdist/configure.ac b/pdns/dnsdistdist/configure.ac index f517885f06..a65ea40d7a 100644 --- a/pdns/dnsdistdist/configure.ac +++ b/pdns/dnsdistdist/configure.ac @@ -65,10 +65,6 @@ DNSDIST_ENABLE_DNS_OVER_TLS AS_IF([test "x$enable_dns_over_tls" != "xno"], [ DNSDIST_WITH_GNUTLS DNSDIST_WITH_LIBSSL - AS_IF([test "$HAVE_LIBSSL" = "1"], [ - # we need libcrypto if libssl is enabled - - ]) AS_IF([test "$HAVE_GNUTLS" = "0" -a "$HAVE_LIBSSL" = "0"], [ AC_MSG_ERROR([DNS over TLS support requested but neither GnuTLS nor OpenSSL are available]) ]) @@ -150,6 +146,10 @@ AS_IF([test "x$systemd" != "xn"], [AC_MSG_NOTICE([systemd: yes])], [AC_MSG_NOTICE([systemd: no])] ) +AS_IF([test "x$LIBCRYPTO_LIBS" != "x"], + [AC_MSG_NOTICE([ipcipher: yes])], + [AC_MSG_NOTICE([ipcipher: no])] +) AS_IF([test "x$LIBSODIUM_LIBS" != "x"], [AC_MSG_NOTICE([libsodium: yes])], [AC_MSG_NOTICE([libsodium: no])]