From patchwork Tue May 15 00:55:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Grandbois, Brett" X-Patchwork-Id: 913378 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40lK004Zfdz9s01 for ; Tue, 15 May 2018 10:56:48 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=opengear.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="v0wJ5KyA"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 40lK002ZQRzF3L4 for ; Tue, 15 May 2018 10:56:48 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=opengear.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="v0wJ5KyA"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=opengear.com (client-ip=104.47.38.71; helo=nam02-bl2-obe.outbound.protection.outlook.com; envelope-from=brett.grandbois@opengear.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=none dis=none) header.from=opengear.com Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=opengear.com header.i=@opengear.com header.b="v0wJ5KyA"; dkim-atps=neutral Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0071.outbound.protection.outlook.com [104.47.38.71]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 40lJzc6nY1zF3L4 for ; Tue, 15 May 2018 10:56:28 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=opengear.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=o0vPXOm1A8lpjDOLKaRQkiMIIMCPpgqehpr2PNbbEMM=; b=v0wJ5KyAHBMo6qK2G96EGt1ogWVkQ0oRAXNO6zz7/opN9Kzv2pEZ+F8aJy9Su35Rbdw/xJUlh/FJqTESfmlI5ljYJHNleuNWF04LxDwVJtrOqS53uc+FtcuFQV3cgB3fSKvSuu4AD7iO3UY+yq5wZABjbEpp9sannNR7h4ku6nI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brett.grandbois@opengear.com; Received: from opengear.com (59.167.150.161) by MW2PR1501MB2057.namprd15.prod.outlook.com (2603:10b6:302:c::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.755.16; Tue, 15 May 2018 00:56:18 +0000 From: Brett Grandbois To: petitboot@lists.ozlabs.org Subject: [PATCH v2 1/5] configure: Add signed-boot openssl configuration support Date: Tue, 15 May 2018 10:55:48 +1000 Message-Id: <1526345752-21072-2-git-send-email-brett.grandbois@opengear.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1526345752-21072-1-git-send-email-brett.grandbois@opengear.com> References: <1526345752-21072-1-git-send-email-brett.grandbois@opengear.com> MIME-Version: 1.0 X-Originating-IP: [59.167.150.161] X-ClientProxiedBy: ME2PR01CA0091.ausprd01.prod.outlook.com (2603:10c6:201:2d::31) To MW2PR1501MB2057.namprd15.prod.outlook.com (2603:10b6:302:c::21) X-MS-PublicTrafficType: Email X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(2017052603328)(7153060)(7193020); SRVR:MW2PR1501MB2057; X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2057; 3:zQ/AQD7DFMIxWB3RooEttTfJo+uOhYrwBbPaj6NRRoXPTAjDymkJFyXgms/F1GWBBQa7XUcKkwhLgHuRsxfE5+2v/VIIyOWcHofWioeIBaUpncw1I1vAKkEAynxH7iCVr0Tb8lBAA1zcrJvsuVz15iyrMpIGjBfu/rrF5IP8o/gElppl7npGG6JfBC0QhxGwOrIeoUoXOiiX5SP7BWy6Umv1g/DWO1xIAUyMrsNR4CPl+a2bae5cldnvYlREa5CG; 25:FBTDhyOGGocZjZVLz7omik0njP8p2UkNeKGcKQq7qx1PVluqXTYDg6b3XqGcjVfpHrfpgAC3E8Wm1+ZyfgiE44hrDZ9zjvyjvoCWajH98SRXfjK9kvdPdUMFOaoIlhik/CcQv2dorAVQtFcH8/oOrtBZT4lEEgt78TZoaxzIuNm4QdbUsIBXxgGdKxelWVYJJvuFbT4cKJCtdbj6Wi8Jgm2cCxzYQU9bl31N+YikaTY/uCqMDZsP5tdc90fSUxR8ypuipq7DgvTkTE+azqKW6pvxS2jHSidENCv92LXrSdUOICUhD7niooAFIkhr/31atV5zB0tE0JRDFF7+RluHhg==; 31:AHYf/+30/xVQW95jB2iWP9f4MRz85407qfVNcwBdoIUb1wXOxCgqFhrvNYrSVxnd0cbHpj7ZkcjJN3ro2jdcMAjE2Sq0H12xZZOCMAtcBt2zC+1sx5DOU6xGivletyXGRiekvNZzQYHAd83pZrocK8Y7SIiBWuj7FiruqLexv+CeFaAJXIS/KKPV75fQbeJQhwm+tJpKN7R9P6Fk+fjAD+0booqsaZ/b19HmZm8Gsto= X-MS-TrafficTypeDiagnostic: MW2PR1501MB2057: X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2057; 20:wpExQ1JOyjDwbxh3KK/lHnMHw+RMmmKaA/o6DLNHeDnMxqwEfW2Z+MF2nsZHErrGjRJkShdXSbw+OmmJRED7DW0gb2jGBvkZzdxC2RttGpH9+6KNt9umBquVkHH/kWWpfLSxuTdhEtFkQPYRj6zn4M6TOANsL7VhPgvLr+ZSgis=; 4:B8KJ3T8iYeB1Uqtj0GqUVb/811L8jMpO/wcUzZVKKu0WTQeCyyqldlBA2XfDvnRZROAvkGb3R9ey4BNBRfnuAbn6CnjF0FxmAeLdRrqeXK5IWG5nLykEfElQBUw1x4B8KxVorzknIO0g7e+O1OH3Sgyqg1vWMtr+HXbr+Y1y4PBTth7i4i0KRXf67s10tJMbL4SrShdNij0SP2nIJNicWUMvXehXv7VuDBqFebu1yDQrom9DNBbG9OdXfGyRnvcpmAAeiFwSHItl+TE1ylts97QEONaja5yfGBG9T3f/VmFTidak6RCebjtSFz4xgejLLvHBENLKbF8330jh17hwcXh46vodEoXh32q0Oyrszyc= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(250305191791016)(22074186197030); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(3231254)(944501410)(52105095)(93006095)(93001095)(149027)(150027)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:MW2PR1501MB2057; BCL:0; PCL:0; RULEID:; SRVR:MW2PR1501MB2057; X-Forefront-PRVS: 0673F5BE31 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39380400002)(376002)(346002)(396003)(39840400004)(366004)(189003)(199004)(105586002)(6916009)(86362001)(478600001)(36756003)(81166006)(66066001)(486006)(2361001)(26005)(68736007)(21086003)(476003)(11346002)(956004)(53936002)(2616005)(446003)(5660300001)(44832011)(6306002)(106356001)(6666003)(55016002)(305945005)(33026002)(386003)(7736002)(97736004)(16586007)(8936002)(16526019)(50466002)(48376002)(69596002)(186003)(2906002)(3846002)(7696005)(51416003)(52116002)(316002)(966005)(2351001)(76176011)(59450400001)(50226002)(8676002)(47776003)(25786009)(6116002)(81156014); DIR:OUT; SFP:1101; SCL:1; SRVR:MW2PR1501MB2057; H:opengear.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: opengear.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; MW2PR1501MB2057; 23:GjbaJ8OY0hUEG6aklCKz8X4QDukW7tZmU1wOdi9?= nGbwq5vQ3PKCXsJHu8tjnoxga00bUbMPJaIz5a+6fLdMWWQQa4sIdwzWL8COmYfTqMTs1spmhXCmRmMtuK1dKE3T4nUsmPqbOge3CaCDS8b5XOKEb5lFovnYfIaTP0CVKhSbeeGLKg58W4e22n5mlNn7uHR9XAZzQvypYyzgtr5x8C/6viU1GocF9pbrARZoIgJrlwHxfU3rIAX19QL5VZUlc+IBh6PQb4wjIpKwLz2qskko/Y5e93b0Hr1TrVZVO747KcIuVY0ECq0X3cUsb/2IZqru+beZREMZt1GQC+RMEINdVpibybj5YzobuPirOo4or9nDzw8T+muDi/FO1spi1QZe/NWqGgCk3xkEJ8G3Uu6F6jRN0q8I7QiDlAhHQ3OW1KRi2TNeV4rxaMwgs7sRUwlNAB5MOO8efT3w0xHV5G/0ypIWKAn+9v3Yz+6daLEuyM2XWSqH6Q2jNszBD68t+o5AhZqOWzwsx+bSpP6jC1ZfZc1zIkAGOAM4l9EpdzX0wTzkxCMwNwPORwfqVmOFQDCooR8Fma2A4zdj4O2/Oq3y29US0S2MGd8/21ZQtUcOVIMiT2hN+e0PSUv2v0Q5d6fpdio4SQZQxAFWWRSQoix8bB2POA75JUR4Je6GqF0OOTEu1hvz6Kk3OPkm5aACHPJ7daACBJ4gDGZ7vpnRL9l1tRk1bZ2USLBAulfPFWERv8mV7gHorU0uouIJxfFNLYVjeyqC/yo23Nre1G+J5+zaKPAp5+FZrliIf92mYPnChimBxCkytqsLuzl91ZB2T80RHBhOAj4FLfYLIj3SSCtJQpS8mj/DpR5ZYh5cmUfObTx6b4WCiPszmV3ytbCIo5KGqbrYxgRBhUSOdFUBfDtPL9jC7+7FlvwKW/dOw3Haknd7DGaJcRoh8Gnu+imRr57L4R3egZojxh4r8yq4Hninr4FDv8gu23G4aLsV7OBxxVCqtyimtKgt5stSMg9sEq797HfkZRwOjblmrFyfPv3JXQrPk+nNt+XJBSTzscnpTRZaU/Jw2ll9YsLuxkcGbxtD9o6vX02ONropuPB1CGiMw382EGupxlTfT75oHz6TtaBS9vYvgOT+qa9R7TTOE6OKZACIogEu53L32MW5ocsRDBUedsvR8p+P96sR2i3pvHhniU4Ow85r62Qd04sdAjx2TDNREmZxZ7DCD3uNPl7pDJx2n7uheyzDd/MMsWgBkdETboaKqkAlBoyXi3ZqL7el4YjB/4LeGy6dwWp4hEZIqLjLIHOUJaU/6Lok0OcGTwqYcKQVrCpW2FszstYbr X-Microsoft-Antispam-Message-Info: OF/dSfxHRjnXreIRhCX2HafAMms+gghIdXSJXzTX69HyWWna/E+F4NmSHsMQdvncKCT92Bx+/ffBSsDJGiyLhdZfOjxyTm80f0dqkxSt51c8v1vGsnLpR2xVgjEE9zweORG45fqeZcotXHK+Dz8oC+mCUAG9T8J11y0cz6zXPw2u2kZXyqTBu7Q+naHVQ/Y8 X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2057; 6:jP7vIyCtqepRX/XcfnN2bsjQpwYZV3+PEzfk8SLPulUxWhnENrmo9/uD7xYqc4m+2HRRBAdlEo8GVvxQ8eqlLnTmflzPHXql6S7dk44ULRYEIZXd2CBaGF9aN66k6u2wRUDNFyUNazASHaSTI+iffNM+o536KTs8/QjmsjN1HSoxwzYEt1FKazUdjTJeNfT/vrSWqBif7Youh/wVepaVk7yE8c5IJJRpazseihdg6IGyxsuzKjFRFblrbeK2bvs88/ChUDaO247lDsBjqL4aVpSiUxNaRP4vBL+KAwilD5QOCzk3kAz6safEj0t3CdFYhAPDYniFj6ny1hovSc/4qlvwpZcTpJyuI+9tyzbcPfRpdcdOlWAvOlklbnvYREVsJeR/Z2z0gyfEPGYzPAv3zM3EBEnq+vIQr9lhiR81FmOSODuY+RumjyPiREs1rhXKGx6GCtiQcrOYwCVe2s9ahw==; 5:+pRhFbg+22p6BlCoJ8yNgLni0XIclHVgr6QDSo6SnAiUmHQBke7D+r9069RizCq/iekKjex6BI4oGYQRL88hXYOu61Of40ZdMGuzKyvaN2c9l4XMGy5JItHS+LpHSFjyOhtzsUn0i8hmVrt1txd1z7vRAzx3DqSp5tixR6Q/LrA=; 24:eb4L+JbNAA1zrNGhwPZF7z/BxJiVDJfQE9JsjZ+H12m5uXC4HfywDgjXUoMydZfv870EJwjW7YoXU/mBHhyxaGGsvNjFtBG6rA/WmqY5CDE= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; MW2PR1501MB2057; 7:DNN7457aaW3ghNGSfNQvBZs8oe5Y82SRRdpxCXBgssKqd9VrUnsg1fYi9z5LaeFhA2p8rQTrIVdem8sBF1CzrCE3cSnQ6sC44pq3Gb6yXvKU1+jYp6DBieB/Sdi3UApFd1TAJu0m4in4LJTuZG93YcpTSzhHYTRSzTGEtHUVSil/l4H6X/ummWkaSgxCZ8mmEHI2ZCJvEtZ/UaqJhqbUW5rRkIdS98Hvd1i2MlBtgKHzzKJIhpAkq9NPGqVLhl8H X-MS-Office365-Filtering-Correlation-Id: 66fe293b-400a-4252-fbdf-08d5b9feab70 X-OriginatorOrg: opengear.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 May 2018 00:56:18.5683 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 66fe293b-400a-4252-fbdf-08d5b9feab70 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: a6251c26-d21f-4164-a225-1f4eaebf5f9a X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR1501MB2057 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Change the with-signed-boot option to take the following values: no - disable signed boot (as before) gpgme - configure for gpgme, fail if not found openssl - configure for openssl, fail if not found yes - look first for gpgme then openssl using first found, fail on none this should behave as before if gpgme has been installed fail on any other invalid options add in the ax_check_openssl.m4 macro to facilitate openssl probing Signed-off-by: Brett Grandbois --- configure.ac | 95 ++++++++++++++++++------------------- m4/ax_check_openssl.m4 | 124 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 170 insertions(+), 49 deletions(-) create mode 100644 m4/ax_check_openssl.m4 diff --git a/configure.ac b/configure.ac index 566742c..6cae48f 100644 --- a/configure.ac +++ b/configure.ac @@ -178,59 +178,42 @@ AS_IF( AC_ARG_WITH( [signed-boot], - [AS_HELP_STRING([--with-signed-boot], - [build kernel signature checking support [default=no]] + [AS_HELP_STRING([--with-signed-boot=@<:@no|yes|gpgme|openssl@:>@], + [Build kernel signature checking support with specified + crypto pacakge. A @<:@yes@:>@ value will first check + for gpgme then openssl and use the first found. + @<:@default=no@:>@] + )], + [AS_IF([test "x$with_signed_boot" = xno],[], + [test "x$with_signed_boot" = xyes], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=yes specified but gpgme or openssl not found])] + )] + )], + [test "x$with_signed_boot" = xgpgme], + [AM_PATH_GPGME([1.0.0], + [sboot=gpgme], + [AC_MSG_FAILURE([--with-signed-boot=gpgme specified but gpgme not found])] + )], + [test "x$with_signed_boot" = xopenssl], + [AX_CHECK_OPENSSL( + [sboot=openssl], + [AC_MSG_FAILURE([--with-signed-boot=openssl specified but openssl not found])] + )], + [AC_MSG_FAILURE([--with-signed-boot given invalid option: $with_signed_boot])] )], - [], [with_signed_boot=no] ) -AM_CONDITIONAL( - [WITH_SIGNED_BOOT], - [test "x$with_signed_boot" = "xyes"]) - -AS_IF( - [test "x$with_signed_boot" = "xyes"], - [PKG_CHECK_MODULES( - [GPGME], - [gpgme >= 1.0.0], - [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS" - AC_CHECK_LIB( - [gpgme], - [gpgme_op_verify], - [], - [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])] - ) - LIBS="$SAVE_LIBS" - ], - [AM_PATH_GPGME([1.0.0], [SAVE_LIBS="$LIBS" LIBS="$LIBS $gpgme_LIBS" - AC_CHECK_LIB( - [gpgme], - [gpgme_op_verify], - [], - [AC_MSG_FAILURE([--with-signed-boot was given but the test for gpgme failed.])] - ) - LIBS="$SAVE_LIBS"], - [AC_MSG_RESULT([$gpgme_PKG_ERRORS]) - AC_MSG_FAILURE([ Consider adjusting PKG_CONFIG_PATH environment variable]) - ]) - ] - )] -) - -AS_IF( - [test "x$with_signed_boot" = "xyes"], - [SAVE_CPPFLAGS="$CPPFLAGS" CPPFLAGS="$CPPFLAGS $gpgme_CFLAGS" - AC_CHECK_HEADERS( - [gpgme.h], - [], - [AC_MSG_FAILURE([ --with-signed-boot given but gpgme.h not found])] - ) - CPPFLAGS="$SAVE_CPPFLAGS" - ] -) - -AM_CONDITIONAL([WITH_GPGME], [test "x$with_signed_boot" = "xyes"]) +AM_CONDITIONAL([WITH_GPGME], [test "x$sboot" = xgpgme]) +AM_CONDITIONAL([WITH_OPENSSL], [test "x$sboot" = xopenssl]) +AM_CONDITIONAL([WITH_SIGNED_BOOT], [test "x$with_signed_boot" != xno]) +AM_COND_IF([WITH_SIGNED_BOOT], + [AC_DEFINE([SIGNED_BOOT], 1, [Define if you have signed boot enabled])], + []) AC_ARG_VAR( [lockdown_file], @@ -239,6 +222,20 @@ AC_ARG_VAR( AS_IF([test "x$lockdown_file" = x], [lockdown_file="/etc/pb-lockdown"]) AC_DEFINE_UNQUOTED(LOCKDOWN_FILE, "$lockdown_file", [Lockdown file location]) +AC_ARG_VAR( + [KEYRING_PATH], + [Path to keyring (gpgme home dir) @<:@default="/etc/gpg"@:>@] +) +AS_IF([test "x$KEYRING_PATH" = x], [KEYRING_PATH="/etc/gpg"]) +AC_DEFINE_UNQUOTED(KEYRING_PATH, "$KEYRING_PATH", [gpgme home dir]) + +AC_ARG_VAR( + [VERIFY_DIGEST], + [Signed boot signature verification digest algorithm to use (only valid in openssl) @<:@default="sha256"@:>@] +) +AS_IF([test "x$VERIFY_DIGEST" = x], [VERIFY_DIGEST="sha256"]) +AC_DEFINE_UNQUOTED(VERIFY_DIGEST, "$VERIFY_DIGEST", [openssl verify dgst]) + AC_ARG_ENABLE( [busybox], [AS_HELP_STRING( diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 new file mode 100644 index 0000000..28e48cb --- /dev/null +++ b/m4/ax_check_openssl.m4 @@ -0,0 +1,124 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_check_openssl.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]]) +# +# DESCRIPTION +# +# Look for OpenSSL in a number of default spots, or in a user-selected +# spot (via --with-openssl). Sets +# +# OPENSSL_INCLUDES to the include directives required +# OPENSSL_LIBS to the -l directives required +# OPENSSL_LDFLAGS to the -L or -R flags required +# +# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately +# +# This macro sets OPENSSL_INCLUDES such that source files should use the +# openssl/ directory in include directives: +# +# #include +# +# LICENSE +# +# Copyright (c) 2009,2010 Zmanda Inc. +# Copyright (c) 2009,2010 Dustin J. Mitchell +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 10 + +AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL]) +AC_DEFUN([AX_CHECK_OPENSSL], [ + found=false + AC_ARG_WITH([openssl], + [AS_HELP_STRING([--with-openssl=DIR], + [root of the OpenSSL directory])], + [ + case "$withval" in + "" | y | ye | yes | n | no) + AC_MSG_ERROR([Invalid --with-openssl value]) + ;; + *) ssldirs="$withval" + ;; + esac + ], [ + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) + if test x"$PKG_CONFIG" != x""; then + OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` + if test $? = 0; then + OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` + OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` + found=true + fi + fi + + # no such luck; use some default ssldirs + if ! $found; then + ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" + fi + ] + ) + + + # note that we #include , so the OpenSSL headers have to be in + # an 'openssl' subdirectory + + if ! $found; then + OPENSSL_INCLUDES= + for ssldir in $ssldirs; do + AC_MSG_CHECKING([for openssl/ssl.h in $ssldir]) + if test -f "$ssldir/include/openssl/ssl.h"; then + OPENSSL_INCLUDES="-I$ssldir/include" + OPENSSL_LDFLAGS="-L$ssldir/lib" + OPENSSL_LIBS="-lssl -lcrypto" + found=true + AC_MSG_RESULT([yes]) + break + else + AC_MSG_RESULT([no]) + fi + done + + # if the file wasn't found, well, go ahead and try the link anyway -- maybe + # it will just work! + fi + + # try the preprocessor and linker with our new flags, + # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS + + AC_MSG_CHECKING([whether compiling and linking against OpenSSL works]) + echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \ + "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD + + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" + save_CPPFLAGS="$CPPFLAGS" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" + LIBS="$OPENSSL_LIBS $LIBS" + CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([#include ], [SSL_new(NULL)])], + [ + AC_MSG_RESULT([yes]) + $1 + ], [ + AC_MSG_RESULT([no]) + $2 + ]) + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + + AC_SUBST([OPENSSL_INCLUDES]) + AC_SUBST([OPENSSL_LIBS]) + AC_SUBST([OPENSSL_LDFLAGS]) +])