source: mod_gnutls/configure.ac @ 7ff6c6c

asynciodebian/masterproxy-ticket
Last change on this file since 7ff6c6c was 7ff6c6c, checked in by Fiona Klute <fiona.klute@…>, 2 years ago

Add proof-of-concept SNI parser in a pre client hello hook

The SNI parser is complete, but right now the hook only retrieves the
SNI data and logs it. The goal is to select the right virtual host and
load ALPN parameters (and possibly others) before GnuTLS processes the
ClientHello? message. That should make different "Protocols" directives
between virtual hosts work as expected.

  • Property mode set to 100644
File size: 11.1 KB
Line 
1AC_INIT(mod_gnutls, 0.8.4)
2OOO_CONFIG_NICE(config.nice)
3MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
4AC_PREREQ(2.53)
5AC_CONFIG_SRCDIR([src/mod_gnutls.c])
6AC_CONFIG_AUX_DIR(config)
7
8OOO_MAINTAIN_MODE
9AM_MAINTAINER_MODE
10AC_CANONICAL_TARGET
11# mod_gnutls test suite requires GNU make
12AM_INIT_AUTOMAKE([-Wno-portability])
13AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
14
15LT_INIT([disable-static])
16
17AC_SUBST(MOD_GNUTLS_VERSION)
18
19AC_PROG_CC
20AC_PROG_CC_C99
21AC_PROG_LD
22AC_PROG_INSTALL
23AC_PROG_LIBTOOL
24
25AC_CONFIG_MACRO_DIR([m4])
26
27AP_VERSION=2.4.17
28CHECK_APACHE(,$AP_VERSION,
29    :,:,
30    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
31)
32
33dnl Maybe use the binaries for tests, too?
34AC_ARG_WITH([gnutls-dev],
35        AS_HELP_STRING([--with-gnutls-dev=DIR],
36                [Use GnuTLS libraries from a development (git) tree. Use \
37                this if you want to test mod_gnutls with the latest \
38                GnuTLS code.]),
39        [
40                AS_IF([test -d "${with_gnutls_dev}" ],
41                [
42                        LIBGNUTLS_CFLAGS="-I${with_gnutls_dev}/lib/includes"
43                        LIBGNUTLS_LIBS="-lgnutls -L${with_gnutls_dev}/lib/.libs -R${with_gnutls_dev}/lib/.libs"
44                ],
45                [AC_MSG_ERROR([--with-gnutls-dev=DIR requires a directory!])])
46        ], [])
47
48PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
49
50LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
51
52AC_ARG_ENABLE(vpath-install,
53       AS_HELP_STRING([--enable-vpath-install],
54               [Modify the Apache module directory provided by apxs to \
55               follow --prefix, if necessary. Most users will not want this, \
56               but it is required for VPATH builds including "make \
57               distcheck".]),
58       vpath_install=$enableval, vpath_install=no)
59AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
60
61AC_ARG_ENABLE(srp,
62       AS_HELP_STRING([--disable-srp],
63               [unconditionally disable the SRP functionality]),
64       use_srp=$enableval, use_srp=yes)
65
66# check if the available GnuTLS library supports SRP
67AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
68
69GNUTLS_FEAT_CFLAGS=""
70if test "$use_srp" != "no"; then
71        GNUTLS_FEAT_CFLAGS="-DENABLE_SRP=1"
72fi
73
74# check if the available GnuTLS library supports raw extension parsing
75AC_SEARCH_LIBS([gnutls_ext_raw_parse], [gnutls], [early_sni="yes"],
76        [early_sni="no"])
77if test "$early_sni" != "no"; then
78        GNUTLS_FEAT_CFLAGS="${GNUTLS_FEAT_CFLAGS} -DENABLE_EARLY_SNI"
79fi
80
81AC_ARG_ENABLE(strict,
82       AS_HELP_STRING([--disable-strict],
83               [Avoid strict compiler warnings and errors]),
84       use_strict=$enableval, use_strict=yes)
85
86STRICT_CFLAGS=""
87if test "$use_strict" != "no"; then
88        STRICT_CFLAGS="-Wall -Werror -Wextra -Wno-error=deprecated-declarations"
89fi
90
91AC_MSG_CHECKING([whether to enable SRP functionality])
92AC_MSG_RESULT($use_srp)
93
94dnl Optionally disable flock
95AC_ARG_ENABLE(flock,
96        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
97        (some exotic architectures don't support it)]),
98        [use_flock=$enableval], [use_flock=yes])
99# Check if flock is available and supports --timeout
100AC_PATH_PROG([FLOCK], [flock], [no])
101AS_IF([test "${FLOCK}" != "no"],
102      [
103        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
104        lockfile="$(mktemp)"
105        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
106              [flock_works="yes"], [flock_works="no"])
107        AC_MSG_RESULT([$flock_works])
108        # Old versions of flock do not support --verbose. They fail
109        # without executing the command but still return 0. Check for
110        # this behavior by testing if the rm command was executed.
111        AC_MSG_CHECKING([whether ${FLOCK} supports --verbose])
112        testfile="$(mktemp)"
113        AS_IF([${FLOCK} --verbose --timeout 1 ${lockfile} rm "${testfile}" \
114                        >&AS_MESSAGE_LOG_FD 2>&1; test ! -e "${testfile}"],
115              [flock_verbose="yes"; FLOCK="${FLOCK} --verbose"],
116              [flock_verbose="no"; rm "${testfile}"])
117        AC_MSG_RESULT([$flock_verbose])
118        rm "${lockfile}"
119      ],
120      [flock_works="no"])
121# disable flock if requested by user or it doesn't support timeout
122AM_CONDITIONAL([DISABLE_FLOCK],
123               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
124
125# openssl is needed as the responder for OCSP tests
126AC_PATH_PROG([OPENSSL], [openssl], [no])
127# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23,
128# 3.4.12, or 3.5.1 (on the respective 3.x branch) fail if intermediate
129# CAs cannot be status checked, even if there are no intermediate CAs
130# like in the mod_gnutls test suite where end entity certificates are
131# directly issued by a root CA.
132AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
133AC_PREPROC_IFELSE(
134        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
135                        #if GNUTLS_VERSION_NUMBER < 0x030317
136                        #error
137                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
138                        #error
139                        #elif GNUTLS_VERSION_NUMBER == 0x030500
140                        #error
141                        #endif
142                        ]])],
143        [gnutls_ocsp_ok="yes"],
144        [gnutls_ocsp_ok="no"],
145)
146AC_MSG_RESULT([$gnutls_ocsp_ok])
147AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
148
149dnl Enable test namespaces? Default is "yes".
150AC_ARG_ENABLE(test-namespaces,
151        AS_HELP_STRING([--disable-test-namespaces], [Disable use of \
152        namespaces for tests (limits parallelization)]),
153        [use_netns=$enableval], [use_netns=yes])
154
155# Check if "unshare" is available and has permission to create
156# network, IPC, and user namespaces
157AC_PATH_PROG([UNSHARE], [unshare], [no])
158AS_IF([test "${UNSHARE}" != "no"],
159      [
160        AC_MSG_CHECKING([for permission to use namespaces])
161        AS_IF([${UNSHARE} --net --ipc -r /bin/sh -c \
162                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
163              [unshare_works="yes"], [unshare_works="no"])
164        AC_MSG_RESULT([$unshare_works])
165      ],
166      [unshare_works="no"])
167# decide whether to enable network namespaces
168AS_IF([test "$enable_test_namespaces" != "no" \
169            && test "$unshare_works" = "yes"],
170      [use_netns="yes"], [use_netns="no"])
171AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
172# Adjust Apache configuration for tests accordingly: Use pthread mutex
173# and test specific PID files if using namespaces, defaults otherwise.
174AS_IF([test "$use_netns" = "yes"],
175      [MUTEX_CONF="Mutex pthread default"; PID_AFFIX="-\${TEST_NAME}"],
176      [MUTEX_CONF=""; PID_AFFIX=""])
177AC_SUBST(MUTEX_CONF)
178AC_SUBST(PID_AFFIX)
179AM_SUBST_NOTMAKE(MUTEX_CONF)
180AM_SUBST_NOTMAKE(PID_AFFIX)
181
182AC_ARG_ENABLE(msva,
183       AS_HELP_STRING([--enable-msva],
184               [enable Monkeysphere client certificate verification]),
185       use_msva=$enableval, use_msva=no)
186AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
187
188MSVA_CFLAGS=""
189if test "$use_msva" != "no"; then
190        AC_CHECK_HEADERS([msv/msv.h], [],
191                         [AC_MSG_ERROR([*** No libmsv headers found!])])
192        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
193                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
194        MSVA_CFLAGS="-DENABLE_MSVA=1"
195fi
196
197AC_MSG_CHECKING([whether to enable MSVA functionality])
198AC_MSG_RESULT($use_msva)
199
200# Building documentation requires pandoc, which in turn needs pdflatex
201# to build PDF output.
202build_doc=no
203AC_PATH_PROG([PANDOC], [pandoc], [no])
204if test "$PANDOC" != "no"; then
205        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
206        if test "$PDFLATEX" != "no"; then
207                build_doc="html, manual page, pdf"
208        else
209                build_doc="html, manual page"
210        fi
211else
212        AC_PATH_PROG([MARKDOWN], [markdown], [no])
213        if test "$MARKDOWN" != "no"; then
214                build_doc="html stub"
215        fi
216fi
217AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
218AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
219                               test "$PDFLATEX" != "no"])
220AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
221                               test "$MARKDOWN" != "no"])
222
223# Check for Apache binary
224AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
225if test "${APACHE2}" = "no"; then
226        AC_MSG_WARN([Neither apache2 nor httpd found in \
227                     PATH. Test suite will fail.])
228fi
229
230AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
231
232MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${GNUTLS_FEAT_CFLAGS} ${MSVA_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
233MODULE_LIBS="${LIBGNUTLS_LIBS}"
234
235AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
236if test "${SOFTHSM}" != "no"; then
237        softhsm_version=$(${SOFTHSM} --version)
238        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
239                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
240                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
241                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
242fi
243AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
244AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
245AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
246
247AC_SUBST(MODULE_CFLAGS)
248AC_SUBST(MODULE_LIBS)
249
250# assign default values to TEST_HOST and TEST_IP if necessary
251: ${TEST_HOST:="localhost"}
252: ${TEST_IP:="[[::1]] 127.0.0.1"}
253AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
254                        "make check", must resolve to addresses in TEST_IP. \
255                        The default is "localhost".])
256AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
257                      started by "make check". The default is \
258                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
259                      enclosed in square brackets.])
260
261: ${TEST_LOCK_WAIT:="30"}
262: ${TEST_QUERY_TIMEOUT:="30"}
263AC_ARG_VAR([TEST_LOCK_WAIT], [Timeout in seconds to acquire locks for \
264                             Apache instances in the test suite, or the \
265                             previous instance to remove its PID file if \
266                             flock is not used. Default is 30.])
267AC_ARG_VAR([TEST_QUERY_TIMEOUT], [Timeout in seconds for HTTPS requests \
268                                 sent using gnutls-cli in the test suite. \
269                                 Default is 30.])
270
271dnl Allow user to set SoftHSM PKCS #11 module
272AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
273                          use. By default the test suite will search common \
274                          library paths.])
275
276dnl Build list of "Listen" statements for Apache
277LISTEN_LIST="@%:@ Listen addresses for the test servers"
278for i in ${TEST_IP}; do
279        LISTEN_LIST="${LISTEN_LIST}
280Listen ${i}:\${TEST_PORT}"
281done
282# Available extra ports, tests can "Define" variables of the listed
283# names in their apache.conf to enable them.
284for j in TEST_HTTP_PORT; do
285LISTEN_LIST="${LISTEN_LIST}
286<IfDefine ${j}>"
287for i in ${TEST_IP}; do
288        LISTEN_LIST="${LISTEN_LIST}
289        Listen ${i}:\${${j}}"
290done
291LISTEN_LIST="${LISTEN_LIST}
292</IfDefine>"
293done
294AC_SUBST(LISTEN_LIST)
295AM_SUBST_NOTMAKE(LISTEN_LIST)
296
297DX_DOXYGEN_FEATURE(ON)
298DX_DOT_FEATURE(ON)
299DX_HTML_FEATURE(ON)
300DX_MAN_FEATURE(OFF)
301DX_RTF_FEATURE(OFF)
302DX_XML_FEATURE(OFF)
303DX_PDF_FEATURE(ON)
304DX_PS_FEATURE(OFF)
305DX_INIT_DOXYGEN([mod_gnutls], [doc/doxygen.conf], [doc/api])
306
307AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
308                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
309                        test/proxy_backend.conf test/ocsp_server.conf \
310                        test/apache-conf/listen.conf \
311                        test/apache-conf/netns.conf])
312AC_OUTPUT
313
314echo "---"
315echo "Configuration summary for mod_gnutls:"
316echo ""
317echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
318echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
319echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
320echo "   * CFLAGS for GnuTLS:           ${LIBGNUTLS_CFLAGS}"
321echo "   * LDFLAGS for GnuTLS:  ${LIBGNUTLS_LIBS}"
322echo "   * SRP Authentication:  ${use_srp}"
323echo "   * MSVA Client Verification:    ${use_msva}"
324echo "   * Early SNI (experimental):    ${early_sni}"
325echo "   * Build documentation: ${build_doc}"
326echo ""
327echo "---"
Note: See TracBrowser for help on using the repository browser.