curl-openssl.m4 (12470B)
1 #*************************************************************************** 2 # _ _ ____ _ 3 # Project ___| | | | _ \| | 4 # / __| | | | |_) | | 5 # | (__| |_| | _ <| |___ 6 # \___|\___/|_| \_\_____| 7 # 8 # Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. 9 # 10 # This software is licensed as described in the file COPYING, which 11 # you should have received as part of this distribution. The terms 12 # are also available at https://curl.se/docs/copyright.html. 13 # 14 # You may opt to use, copy, modify, merge, publish, distribute and/or sell 15 # copies of the Software, and permit persons to whom the Software is 16 # furnished to do so, under the terms of the COPYING file. 17 # 18 # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19 # KIND, either express or implied. 20 # 21 # SPDX-License-Identifier: curl 22 # 23 #*************************************************************************** 24 25 # File version for 'aclocal' use. Keep it a single number. 26 # serial 5 27 28 dnl ********************************************************************** 29 dnl Check for OpenSSL libraries and headers 30 dnl ********************************************************************** 31 32 AC_DEFUN([CURL_WITH_OPENSSL], [ 33 if test "x$OPT_OPENSSL" != xno; then 34 ssl_msg= 35 36 dnl backup the pre-ssl variables 37 CLEANLDFLAGS="$LDFLAGS" 38 CLEANLDFLAGSPC="$LDFLAGSPC" 39 CLEANCPPFLAGS="$CPPFLAGS" 40 CLEANLIBS="$LIBS" 41 42 dnl This is for MSYS/MinGW 43 case $host in 44 *-*-msys* | *-*-mingw*) 45 AC_MSG_CHECKING([for gdi32]) 46 my_ac_save_LIBS=$LIBS 47 LIBS="-lgdi32 $LIBS" 48 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ 49 #ifndef WIN32_LEAN_AND_MEAN 50 #define WIN32_LEAN_AND_MEAN 51 #endif 52 #include <windef.h> 53 #include <wingdi.h> 54 ]], 55 [[ 56 GdiFlush(); 57 ]])], 58 [ dnl worked! 59 AC_MSG_RESULT([yes])], 60 [ dnl failed, restore LIBS 61 LIBS=$my_ac_save_LIBS 62 AC_MSG_RESULT(no)] 63 ) 64 ;; 65 esac 66 67 case "$OPT_OPENSSL" in 68 yes) 69 dnl --with-openssl (without path) used 70 PKGTEST="yes" 71 PREFIX_OPENSSL= 72 ;; 73 *) 74 dnl check the given --with-openssl spot 75 PKGTEST="no" 76 PREFIX_OPENSSL=$OPT_OPENSSL 77 78 dnl Try pkg-config even when cross-compiling. Since we 79 dnl specify PKG_CONFIG_LIBDIR we're only looking where 80 dnl the user told us to look 81 OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig" 82 if test -f "$OPENSSL_PCDIR/openssl.pc"; then 83 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) 84 PKGTEST="yes" 85 fi 86 87 if test "$PKGTEST" != "yes"; then 88 # try lib64 instead 89 OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig" 90 if test -f "$OPENSSL_PCDIR/openssl.pc"; then 91 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) 92 PKGTEST="yes" 93 fi 94 fi 95 96 if test "$PKGTEST" != "yes"; then 97 if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then 98 AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!]) 99 fi 100 fi 101 102 dnl in case pkg-config comes up empty, use what we got 103 dnl via --with-openssl 104 LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" 105 if test "$PREFIX_OPENSSL" != "/usr" ; then 106 SSL_LDFLAGS="-L$LIB_OPENSSL" 107 SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" 108 fi 109 ;; 110 esac 111 112 if test "$PKGTEST" = "yes"; then 113 114 CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) 115 116 if test "$PKGCONFIG" != "no" ; then 117 SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 118 $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` 119 120 SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 121 $PKGCONFIG --libs-only-L openssl 2>/dev/null` 122 123 SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 124 $PKGCONFIG --cflags-only-I openssl 2>/dev/null` 125 126 AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) 127 AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) 128 AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) 129 130 LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'` 131 132 dnl use the values pkg-config reported. This is here 133 dnl instead of below with CPPFLAGS and LDFLAGS because we only 134 dnl learn about this via pkg-config. If we only have 135 dnl the argument to --with-openssl we don't know what 136 dnl additional libs may be necessary. Hope that we 137 dnl don't need any. 138 LIBS="$SSL_LIBS $LIBS" 139 fi 140 fi 141 142 dnl finally, set flags to use SSL 143 CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" 144 LDFLAGS="$LDFLAGS $SSL_LDFLAGS" 145 LDFLAGSPC="$LDFLAGSPC $SSL_LDFLAGS" 146 147 AC_CHECK_LIB(crypto, HMAC_Update,[ 148 HAVECRYPTO="yes" 149 LIBS="-lcrypto $LIBS" 150 ],[ 151 if test -n "$LIB_OPENSSL" ; then 152 LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" 153 LDFLAGSPC="$CLEANLDFLAGSPC -L$LIB_OPENSSL" 154 fi 155 if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then 156 # only set this if pkg-config wasn't used 157 CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include" 158 fi 159 # Linking previously failed, try extra paths from --with-openssl or 160 # pkg-config. Use a different function name to avoid reusing the earlier 161 # cached result. 162 AC_CHECK_LIB(crypto, HMAC_Init_ex,[ 163 HAVECRYPTO="yes" 164 LIBS="-lcrypto $LIBS"], [ 165 166 dnl still no, but what about with -ldl? 167 AC_MSG_CHECKING([OpenSSL linking with -ldl]) 168 LIBS="-lcrypto $CLEANLIBS -ldl" 169 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ 170 #include <openssl/err.h> 171 ]], [[ 172 ERR_clear_error(); 173 ]]) ], 174 [ 175 AC_MSG_RESULT(yes) 176 HAVECRYPTO="yes" 177 ], 178 [ 179 AC_MSG_RESULT(no) 180 dnl ok, so what about both -ldl and -lpthread? 181 dnl This may be necessary for static libraries. 182 183 AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) 184 LIBS="-lcrypto $CLEANLIBS -ldl -lpthread" 185 AC_LINK_IFELSE([ 186 AC_LANG_PROGRAM([[ 187 #include <openssl/err.h> 188 ]], [[ 189 ERR_clear_error(); 190 ]])], 191 [ 192 AC_MSG_RESULT(yes) 193 HAVECRYPTO="yes" 194 ], 195 [ 196 AC_MSG_RESULT(no) 197 LDFLAGS="$CLEANLDFLAGS" 198 LDFLAGSPC="$CLEANLDFLAGSPC" 199 CPPFLAGS="$CLEANCPPFLAGS" 200 LIBS="$CLEANLIBS" 201 ]) 202 ]) 203 ]) 204 ]) 205 206 if test X"$HAVECRYPTO" = X"yes"; then 207 dnl This is only reasonable to do if crypto actually is there: check for 208 dnl SSL libs NOTE: it is important to do this AFTER the crypto lib 209 210 AC_CHECK_LIB(ssl, SSL_connect) 211 212 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then 213 dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff 214 AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); 215 OLIBS=$LIBS 216 LIBS="-lRSAglue -lrsaref $LIBS" 217 AC_CHECK_LIB(ssl, SSL_connect) 218 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then 219 dnl still no SSL_connect 220 AC_MSG_RESULT(no) 221 LIBS=$OLIBS 222 else 223 AC_MSG_RESULT(yes) 224 fi 225 226 else 227 228 dnl Have the libraries--check for OpenSSL headers 229 AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ 230 openssl/pem.h openssl/ssl.h openssl/err.h, 231 ssl_msg="OpenSSL" 232 test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes 233 OPENSSL_ENABLED=1 234 AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) 235 fi 236 237 if test X"$OPENSSL_ENABLED" != X"1"; then 238 LIBS="$CLEANLIBS" 239 fi 240 241 if test X"$OPT_OPENSSL" != Xoff && 242 test "$OPENSSL_ENABLED" != "1"; then 243 AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) 244 fi 245 fi 246 247 if test X"$OPENSSL_ENABLED" = X"1"; then 248 dnl These can only exist if OpenSSL exists 249 250 AC_MSG_CHECKING([for BoringSSL]) 251 AC_COMPILE_IFELSE([ 252 AC_LANG_PROGRAM([[ 253 #include <openssl/base.h> 254 ]],[[ 255 #ifndef OPENSSL_IS_BORINGSSL 256 #error not boringssl 257 #endif 258 ]]) 259 ],[ 260 AC_MSG_RESULT([yes]) 261 ssl_msg="BoringSSL" 262 OPENSSL_IS_BORINGSSL=1 263 ],[ 264 AC_MSG_RESULT([no]) 265 ]) 266 267 AC_MSG_CHECKING([for AWS-LC]) 268 AC_COMPILE_IFELSE([ 269 AC_LANG_PROGRAM([[ 270 #include <openssl/base.h> 271 ]],[[ 272 #ifndef OPENSSL_IS_AWSLC 273 #error not AWS-LC 274 #endif 275 ]]) 276 ],[ 277 AC_MSG_RESULT([yes]) 278 ssl_msg="AWS-LC" 279 OPENSSL_IS_BORINGSSL=1 280 ],[ 281 AC_MSG_RESULT([no]) 282 ]) 283 284 AC_MSG_CHECKING([for LibreSSL]) 285 AC_COMPILE_IFELSE([ 286 AC_LANG_PROGRAM([[ 287 #include <openssl/opensslv.h> 288 ]],[[ 289 int dummy = LIBRESSL_VERSION_NUMBER; 290 (void)dummy; 291 ]]) 292 ],[ 293 AC_MSG_RESULT([yes]) 294 ssl_msg="LibreSSL" 295 ],[ 296 AC_MSG_RESULT([no]) 297 ]) 298 299 AC_MSG_CHECKING([for OpenSSL >= v3]) 300 AC_COMPILE_IFELSE([ 301 AC_LANG_PROGRAM([[ 302 #include <openssl/opensslv.h> 303 ]],[[ 304 #if (OPENSSL_VERSION_NUMBER >= 0x30000000L) 305 return 0; 306 #else 307 #error older than 3 308 #endif 309 ]]) 310 ],[ 311 AC_MSG_RESULT([yes]) 312 ssl_msg="OpenSSL v3+" 313 ],[ 314 AC_MSG_RESULT([no]) 315 ]) 316 fi 317 318 dnl is this OpenSSL (fork) providing the original QUIC API? 319 AC_CHECK_FUNCS([SSL_set_quic_use_legacy_codepoint], [QUIC_ENABLED=yes]) 320 if test "$QUIC_ENABLED" = "yes"; then 321 AC_MSG_NOTICE([OpenSSL fork speaks QUIC API]) 322 else 323 AC_CHECK_FUNCS([SSL_set_quic_tls_cbs], [QUIC_ENABLED=yes]) 324 if test "$QUIC_ENABLED" = "yes"; then 325 AC_MSG_NOTICE([OpenSSL with QUIC APIv2]) 326 OPENSSL_QUIC_API2=1 327 else 328 AC_MSG_NOTICE([OpenSSL version does not speak any known QUIC API]) 329 fi 330 fi 331 332 if test "$OPENSSL_ENABLED" = "1"; then 333 if test -n "$LIB_OPENSSL"; then 334 dnl when the ssl shared libs were found in a path that the run-time 335 dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH 336 dnl to prevent further configure tests to fail due to this 337 if test "x$cross_compiling" != "xyes"; then 338 CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" 339 export CURL_LIBRARY_PATH 340 AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) 341 fi 342 fi 343 check_for_ca_bundle=1 344 LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE openssl" 345 fi 346 347 test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" 348 fi 349 350 if test X"$OPT_OPENSSL" != Xno && 351 test "$OPENSSL_ENABLED" != "1"; then 352 AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL]) 353 AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) 354 AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) 355 fi 356 357 dnl --- 358 dnl We require OpenSSL with SRP support. 359 dnl --- 360 if test "$OPENSSL_ENABLED" = "1"; then 361 AC_MSG_CHECKING([for SRP support in OpenSSL]) 362 AC_LINK_IFELSE([ 363 AC_LANG_PROGRAM([[ 364 #ifndef OPENSSL_SUPPRESS_DEPRECATED 365 #define OPENSSL_SUPPRESS_DEPRECATED 366 #endif 367 #include <openssl/ssl.h> 368 ]],[[ 369 SSL_CTX_set_srp_username(NULL, NULL); 370 SSL_CTX_set_srp_password(NULL, NULL); 371 ]]) 372 ],[ 373 AC_MSG_RESULT([yes]) 374 AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password]) 375 HAVE_OPENSSL_SRP=1 376 ],[ 377 AC_MSG_RESULT([no]) 378 ]) 379 fi 380 381 dnl --- 382 dnl Whether the OpenSSL configuration will be loaded automatically 383 dnl --- 384 if test X"$OPENSSL_ENABLED" = X"1"; then 385 AC_ARG_ENABLE(openssl-auto-load-config, 386 AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) 387 AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), 388 [ if test X"$enableval" = X"no"; then 389 AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) 390 AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) 391 fi 392 ]) 393 fi 394 395 dnl --- 396 dnl We may use OpenSSL QUIC. 397 dnl --- 398 if test "$OPENSSL_ENABLED" = "1"; then 399 AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3]) 400 AC_LINK_IFELSE([ 401 AC_LANG_PROGRAM([[ 402 #include <openssl/ssl.h> 403 ]],[[ 404 #if (OPENSSL_VERSION_NUMBER < 0x30300000L) 405 #error need at least version 3.3.0 406 #endif 407 OSSL_QUIC_client_method(); 408 ]]) 409 ],[ 410 AC_MSG_RESULT([yes]) 411 have_openssl_quic=1 412 ],[ 413 AC_MSG_RESULT([no]) 414 ]) 415 fi 416 ])