source: mod_gnutls/configure.ac @ 2cde026d

debian/masterdebian/stretch-backportsjessie-backportsupstream
Last change on this file since 2cde026d was 0de1839, checked in by Thomas Klute <thomas2.klute@…>, 5 years ago

Support X.509 auth for TLS proxy connections

This commit adds support for X.509 certificate based authentication for
TLS proxy back end connections, including both server certificate
checking and (optionally) TLS client authentication. Some functions used
for this require GnuTLS 3.1.4 or later, so requirements change
accordingly.

Three new configuration parameters are added:

GnuTLSProxyCAFile FILEPATH

The given file must contain trusted CA certificates for server
verification. Required.

GnuTLSProxyKeyFile FILEPATH
GnuTLSProxyCertificateFile FILEPATH

Key and certificate for TLS client auth towards TLS back end servers. If
not set, TLS client auth is disabled.

  • Property mode set to 100644
File size: 2.7 KB
Line 
1dnl
2AC_INIT(mod_gnutls, 0.6)
3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53)
6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
7AC_CONFIG_AUX_DIR(config)
8
9OOO_MAINTAIN_MODE
10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
12AM_INIT_AUTOMAKE
13AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
14
15AC_SUBST(MOD_GNUTLS_VERSION)
16
17AC_PROG_CC
18AC_PROG_LD
19AC_PROG_INSTALL
20AC_PROG_LIBTOOL
21
22AC_CONFIG_MACRO_DIR([m4])
23
24AP_VERSION=2.0.40
25CHECK_APACHE(,$AP_VERSION,
26    :,:,
27    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
28)
29
30PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.1.4])
31
32LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
33
34AC_ARG_ENABLE(srp,
35       AS_HELP_STRING([--disable-srp],
36               [unconditionally disable the SRP functionality]),
37       use_srp=$enableval, use_srp=yes)
38
39SRP_CFLAGS=""
40if test "$use_srp" != "no"; then
41        SRP_CFLAGS="-DENABLE_SRP=1"
42fi
43
44AC_ARG_ENABLE(strict,
45       AS_HELP_STRING([--disable-strict],
46               [Avoid strict compiler warnings and errors]),
47       use_strict=$enableval, use_strict=yes)
48
49STRICT_CFLAGS=""
50if test "$use_strict" != "no"; then
51        STRICT_CFLAGS="-Wall -Werror -Wextra"
52fi
53
54AC_MSG_CHECKING([whether to enable SRP functionality])
55AC_MSG_RESULT($use_srp)
56
57AC_ARG_ENABLE(msva,
58       AS_HELP_STRING([--enable-msva],
59               [enable Monkeysphere client certificate verification]),
60       use_msva=$enableval, use_msva=no)
61AM_CONDITIONAL([USE_MSVA], [test "$use_msva" = "$enableval"])
62
63MSVA_CFLAGS=""
64if test "$use_msva" != "no"; then
65        AC_CHECK_HEADERS([msv/msv.h], [],
66                         [AC_MSG_ERROR([*** No libmsv headers found!])])
67        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
68                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
69        MSVA_CFLAGS="-DENABLE_MSVA=1"
70fi
71
72AC_MSG_CHECKING([whether to enable MSVA functionality])
73AC_MSG_RESULT($use_msva)
74
75have_apr_memcache=0
76CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
77AC_SUBST(have_apr_memcache)
78
79MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
80MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
81
82AC_SUBST(MODULE_CFLAGS)
83AC_SUBST(MODULE_LIBS)
84
85AC_CONFIG_FILES([Makefile src/Makefile test/Makefile include/mod_gnutls.h])
86AC_OUTPUT
87
88echo "---"
89echo "Configuration summary for mod_gnutls:"
90echo ""
91echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
92echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
93echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
94echo "   * SRP Authentication:          ${use_srp}"
95echo "   * MSVA Client Verification:    ${use_msva}"
96echo ""
97echo "---"
Note: See TracBrowser for help on using the repository browser.