source: mod_gnutls/configure.ac @ ed82a6a

debian/masterdebian/stretch-backportsjessie-backportsproxy-ticketupstream
Last change on this file since ed82a6a was 0de1839, checked in by Thomas Klute <thomas2.klute@…>, 6 years ago

Support X.509 auth for TLS proxy connections

This commit adds support for X.509 certificate based authentication for
TLS proxy back end connections, including both server certificate
checking and (optionally) TLS client authentication. Some functions used
for this require GnuTLS 3.1.4 or later, so requirements change
accordingly.

Three new configuration parameters are added:

GnuTLSProxyCAFile FILEPATH

The given file must contain trusted CA certificates for server
verification. Required.

GnuTLSProxyKeyFile FILEPATH
GnuTLSProxyCertificateFile FILEPATH

Key and certificate for TLS client auth towards TLS back end servers. If
not set, TLS client auth is disabled.

  • Property mode set to 100644
File size: 2.7 KB
RevLine 
[7bebb42]1dnl
[460c048]2AC_INIT(mod_gnutls, 0.6)
[9706fc2]3OOO_CONFIG_NICE(config.nice)
[42307a9]4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
[6e0bfd6]5AC_PREREQ(2.53)
[9706fc2]6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
[6e0bfd6]7AC_CONFIG_AUX_DIR(config)
[7bebb42]8
[5a6446d]9OOO_MAINTAIN_MODE
[9706fc2]10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
[8a30d35]12AM_INIT_AUTOMAKE
[6e0bfd6]13AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
[9706fc2]14
[42307a9]15AC_SUBST(MOD_GNUTLS_VERSION)
[9706fc2]16
17AC_PROG_CC
18AC_PROG_LD
19AC_PROG_INSTALL
[7bebb42]20AC_PROG_LIBTOOL
[9706fc2]21
[4aec9a1]22AC_CONFIG_MACRO_DIR([m4])
23
[9706fc2]24AP_VERSION=2.0.40
25CHECK_APACHE(,$AP_VERSION,
26    :,:,
27    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
28)
29
[0de1839]30PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.1.4])
[cac3a7f]31
32LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
[16068f4]33
[787dab7]34AC_ARG_ENABLE(srp,
35       AS_HELP_STRING([--disable-srp],
36               [unconditionally disable the SRP functionality]),
37       use_srp=$enableval, use_srp=yes)
[b072204]38
39SRP_CFLAGS=""
[787dab7]40if test "$use_srp" != "no"; then
[b072204]41        SRP_CFLAGS="-DENABLE_SRP=1"
[787dab7]42fi
[c70c6d7]43
[fd82e59]44AC_ARG_ENABLE(strict,
45       AS_HELP_STRING([--disable-strict],
46               [Avoid strict compiler warnings and errors]),
47       use_strict=$enableval, use_strict=yes)
48
49STRICT_CFLAGS=""
50if test "$use_strict" != "no"; then
51        STRICT_CFLAGS="-Wall -Werror -Wextra"
52fi
53
[787dab7]54AC_MSG_CHECKING([whether to enable SRP functionality])
55AC_MSG_RESULT($use_srp)
56
[fa45dcb]57AC_ARG_ENABLE(msva,
58       AS_HELP_STRING([--enable-msva],
59               [enable Monkeysphere client certificate verification]),
60       use_msva=$enableval, use_msva=no)
[65c18ce]61AM_CONDITIONAL([USE_MSVA], [test "$use_msva" = "$enableval"])
[fa45dcb]62
63MSVA_CFLAGS=""
64if test "$use_msva" != "no"; then
65        AC_CHECK_HEADERS([msv/msv.h], [],
66                         [AC_MSG_ERROR([*** No libmsv headers found!])])
67        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
68                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
69        MSVA_CFLAGS="-DENABLE_MSVA=1"
70fi
71
72AC_MSG_CHECKING([whether to enable MSVA functionality])
73AC_MSG_RESULT($use_msva)
74
[6e0bfd6]75have_apr_memcache=0
76CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
77AC_SUBST(have_apr_memcache)
[ed47098]78
[fd82e59]79MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
[5021874]80MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
[9706fc2]81
82AC_SUBST(MODULE_CFLAGS)
[16068f4]83AC_SUBST(MODULE_LIBS)
[9706fc2]84
[8dcf888]85AC_CONFIG_FILES([Makefile src/Makefile test/Makefile include/mod_gnutls.h])
[9706fc2]86AC_OUTPUT
87
88echo "---"
[42307a9]89echo "Configuration summary for mod_gnutls:"
[9706fc2]90echo ""
[ea14e97]91echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
[16068f4]92echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
[42307a9]93echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
[b072204]94echo "   * SRP Authentication:          ${use_srp}"
[fa45dcb]95echo "   * MSVA Client Verification:    ${use_msva}"
[9706fc2]96echo ""
97echo "---"
Note: See TracBrowser for help on using the repository browser.