source: mod_gnutls/configure.ac @ e2ba939

debian/masterdebian/stretch-backportsupstream
Last change on this file since e2ba939 was b674e95, checked in by Thomas Klute <thomas2.klute@…>, 4 years ago

Merge version 0.7.5 into ocsp branch

  • Property mode set to 100644
File size: 9.4 KB
RevLine 
[7bebb42]1dnl
[086cea9]2AC_INIT(mod_gnutls, 0.7.5)
[9706fc2]3OOO_CONFIG_NICE(config.nice)
[42307a9]4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
[6e0bfd6]5AC_PREREQ(2.53)
[9706fc2]6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
[6e0bfd6]7AC_CONFIG_AUX_DIR(config)
[7bebb42]8
[5a6446d]9OOO_MAINTAIN_MODE
[9706fc2]10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
[9a4d250]12# mod_gnutls test suite requires GNU make
13AM_INIT_AUTOMAKE([-Wno-portability])
[6e0bfd6]14AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
[9706fc2]15
[eda8686]16LT_INIT([disable-static])
17
[42307a9]18AC_SUBST(MOD_GNUTLS_VERSION)
[9706fc2]19
20AC_PROG_CC
[dff03fa]21AC_PROG_CC_C99
[9706fc2]22AC_PROG_LD
23AC_PROG_INSTALL
[7bebb42]24AC_PROG_LIBTOOL
[9706fc2]25
[4aec9a1]26AC_CONFIG_MACRO_DIR([m4])
27
[4038c7a]28AP_VERSION=2.2.0
[9706fc2]29CHECK_APACHE(,$AP_VERSION,
30    :,:,
31    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
32)
33
[0de1839]34PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.1.4])
[cac3a7f]35
36LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
[16068f4]37
[0bda20f]38AC_ARG_ENABLE(vpath-install,
39       AS_HELP_STRING([--enable-vpath-install],
40               [Modify the Apache module directory provided by apxs to \
41               follow --prefix, if necessary. Most users will not want this, \
42               but it is required for VPATH builds including "make \
43               distcheck".]),
44       vpath_install=$enableval, vpath_install=no)
45AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
46
[787dab7]47AC_ARG_ENABLE(srp,
48       AS_HELP_STRING([--disable-srp],
49               [unconditionally disable the SRP functionality]),
50       use_srp=$enableval, use_srp=yes)
[b072204]51
[f71e6ce]52# check if the available GnuTLS library supports SRP
53AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
54
[b072204]55SRP_CFLAGS=""
[787dab7]56if test "$use_srp" != "no"; then
[b27cce7]57        SRP_CFLAGS="-DENABLE_SRP=1"
[787dab7]58fi
[c70c6d7]59
[fd82e59]60AC_ARG_ENABLE(strict,
61       AS_HELP_STRING([--disable-strict],
62               [Avoid strict compiler warnings and errors]),
63       use_strict=$enableval, use_strict=yes)
64
65STRICT_CFLAGS=""
66if test "$use_strict" != "no"; then
67        STRICT_CFLAGS="-Wall -Werror -Wextra"
68fi
69
[787dab7]70AC_MSG_CHECKING([whether to enable SRP functionality])
71AC_MSG_RESULT($use_srp)
72
[412ee84]73dnl Optionally disable flock
74AC_ARG_ENABLE(flock,
[dff57b4]75        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
76        (some exotic architectures don't support it)]),
[412ee84]77        [use_flock=$enableval], [use_flock=yes])
[5d9f34e]78# Check if flock is available and supports --timeout
79AC_PATH_PROG([FLOCK], [flock], [no])
80AS_IF([test "${FLOCK}" != "no"],
81      [
82        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
83        lockfile="$(mktemp)"
84        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
85              [flock_works="yes"], [flock_works="no"])
86        rm "${lockfile}"
87        AC_MSG_RESULT([$flock_works])
88      ],
89      [flock_works="no"])
90# disable flock if requested by user or it doesn't support timeout
91AM_CONDITIONAL([DISABLE_FLOCK],
92               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
[412ee84]93
[21181b2]94# openssl is needed as the responder for OCSP tests
95AC_PATH_PROG([OPENSSL], [openssl], [no])
[efe884e]96# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23 or
97# 3.4.12 fail if intermediate CAs cannot be status checked, even if
98# there are no intermediate CAs like in the mod_gnutls test suite
99# where end entity certificates are directly issued by a root
100# CA. Release 3.5.0 does not contain the fix, but git commit
101# cf09cd11fb7416f2bc8e64876d81bbeaf468fd20 which adds the fix still
102# uses the same version number, so I'm not blocking 0x030500 for the
103# sake of anyone who might be experimenting with the git version.
104AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
105AC_PREPROC_IFELSE(
106        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
107                        #if GNUTLS_VERSION_NUMBER < 0x030317
108                        #error
109                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
110                        #error
111                        #endif
112                        ]])],
113        [gnutls_ocsp_ok="yes"],
114        [gnutls_ocsp_ok="no"],
115)
116AC_MSG_RESULT([$gnutls_ocsp_ok])
117AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
[42bee37]118
[cf4e708]119dnl Enable test namespaces? Default is "yes".
120AC_ARG_ENABLE(test-namespaces,
121        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
122        namespaces to run tests in parallel (some architectures might not \
123        support it)]),
124        [use_netns=$enableval], [use_netns=yes])
[b21bf4f]125
126# Check if "unshare" is available and has permission to create network
127# and user namespaces
128AC_PATH_PROG([UNSHARE], [unshare], [no])
129AS_IF([test "${UNSHARE}" != "no"],
130      [
[5aae10e]131        AC_MSG_CHECKING([for permission to create network and user namespaces])
[b21bf4f]132        AS_IF([${UNSHARE} --net -r /bin/sh -c \
[d7c2508]133                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
[b21bf4f]134              [unshare_works="yes"], [unshare_works="no"])
135        AC_MSG_RESULT([$unshare_works])
136      ],
[1bb6b1c]137      [unshare_works="no"])
[b21bf4f]138# decide whether to enable network namespaces
139AS_IF([test "$enable_test_namespaces" != "no" \
140            && test "$unshare_works" = "yes"],
141      [use_netns="yes"], [use_netns="no"])
[cf4e708]142AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
[b21bf4f]143# Adjust Apache configuration for tests accordingly: Use pthread mutex
144# and test specific PID files if using namespaces, defaults otherwise.
145AS_IF([test "$use_netns" = "yes"],
146      [MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"],
147      [MUTEX_TYPE="default"; PID_AFFIX=""])
[cf4e708]148AC_SUBST(MUTEX_TYPE)
149AC_SUBST(PID_AFFIX)
150AM_SUBST_NOTMAKE(MUTEX_TYPE)
151AM_SUBST_NOTMAKE(PID_AFFIX)
152
[fa45dcb]153AC_ARG_ENABLE(msva,
154       AS_HELP_STRING([--enable-msva],
155               [enable Monkeysphere client certificate verification]),
156       use_msva=$enableval, use_msva=no)
[b27cce7]157AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
[fa45dcb]158
159MSVA_CFLAGS=""
160if test "$use_msva" != "no"; then
[b27cce7]161        AC_CHECK_HEADERS([msv/msv.h], [],
[fa45dcb]162                         [AC_MSG_ERROR([*** No libmsv headers found!])])
163        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
164                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
[b27cce7]165        MSVA_CFLAGS="-DENABLE_MSVA=1"
[fa45dcb]166fi
167
168AC_MSG_CHECKING([whether to enable MSVA functionality])
169AC_MSG_RESULT($use_msva)
170
[6e0bfd6]171have_apr_memcache=0
172CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
173AC_SUBST(have_apr_memcache)
[ed47098]174
[6e1d45d]175# Building documentation requires pandoc, which in turn needs pdflatex
176# to build PDF output.
[28f3f4f]177build_doc=no
[6e1d45d]178AC_PATH_PROG([PANDOC], [pandoc], [no])
179if test "$PANDOC" != "no"; then
180        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
[28f3f4f]181        if test "$PDFLATEX" != "no"; then
182                build_doc=yes
183        else
184                build_doc="html only"
185        fi
[7225749]186else
187        AC_PATH_PROG([MARKDOWN], [markdown], [no])
188        if test "$MARKDOWN" != "no"; then
189                build_doc="html stub"
190        fi
[6e1d45d]191fi
192AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
193AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
194                               test "$PDFLATEX" != "no"])
[7225749]195AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
196                               test "$MARKDOWN" != "no"])
[6e1d45d]197
[af7da2d]198# Check for Apache binary
[83b3901]199AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
[af7da2d]200if test "${APACHE2}" = "no"; then
201        AC_MSG_WARN([Neither apache2 nor httpd found in \
[52c3f68]202                     PATH. Test suite will fail.])
203fi
204
[67f2f58]205AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
206
[fd82e59]207MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
[5021874]208MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
[9706fc2]209
[b0e5dae]210AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
[74772b2]211if test "${SOFTHSM}" != "no"; then
212        softhsm_version=$(${SOFTHSM} --version)
213        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
214                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
215                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
216                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
217fi
[5eb4544]218AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
[74772b2]219AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
220AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
[5eb4544]221
[9706fc2]222AC_SUBST(MODULE_CFLAGS)
[16068f4]223AC_SUBST(MODULE_LIBS)
[9706fc2]224
[26081ce]225# assign default values to TEST_HOST and TEST_IP if necessary
226: ${TEST_HOST:="localhost"}
[a08b25e]227: ${TEST_IP:="[[::1]] 127.0.0.1"}
[26081ce]228AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
[a08b25e]229                        "make check", must resolve to addresses in TEST_IP. \
230                        The default is "localhost".])
231AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
232                      started by "make check". The default is \
233                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
234                      enclosed in square brackets.])
235AM_SUBST_NOTMAKE(TEST_IP)
236
[aeaf28b]237dnl Allow user to set SoftHSM PKCS #11 module
238AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
239                          use. By default the test suite will search common \
240                          library paths.])
241
[a08b25e]242dnl Build list of "Listen" statements for Apache
[21181b2]243LISTEN_LIST="@%:@ Listen addresses for the test servers"
[a08b25e]244for i in ${TEST_IP}; do
245        LISTEN_LIST="${LISTEN_LIST}
246Listen ${i}:\${TEST_PORT}"
247done
[21181b2]248# Available extra ports, tests can "Define" variables of the listed
249# names in their apache.conf to enable them.
250for j in TEST_HTTP_PORT OCSP_PORT; do
[8ac7c0d]251LISTEN_LIST="${LISTEN_LIST}
[21181b2]252<IfDefine ${j}>"
[8ac7c0d]253for i in ${TEST_IP}; do
254        LISTEN_LIST="${LISTEN_LIST}
[21181b2]255        Listen ${i}:\${${j}}"
[8ac7c0d]256done
257LISTEN_LIST="${LISTEN_LIST}
258</IfDefine>"
[21181b2]259done
[a08b25e]260AC_SUBST(LISTEN_LIST)
261AM_SUBST_NOTMAKE(LISTEN_LIST)
[26081ce]262
[6e1d45d]263AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
[ddf6027]264                        doc/Makefile include/mod_gnutls.h \
[f87c1b5]265                        test/proxy_backend.conf \
[ddf6027]266                        test/apache-conf/listen.conf \
267                        test/apache-conf/netns.conf])
[9706fc2]268AC_OUTPUT
269
270echo "---"
[42307a9]271echo "Configuration summary for mod_gnutls:"
[9706fc2]272echo ""
[ea14e97]273echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
[16068f4]274echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
[42307a9]275echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
[28f3f4f]276echo "   * SRP Authentication:  ${use_srp}"
277echo "   * MSVA Client Verification:    ${use_msva}"
278echo "   * Build documentation: ${build_doc}"
[9706fc2]279echo ""
280echo "---"
Note: See TracBrowser for help on using the repository browser.