source: mod_gnutls/configure.ac @ 849b87e

debian/masterproxy-ticket
Last change on this file since 849b87e was 849b87e, checked in by Fiona Klute <fiona.klute@…>, 2 years ago

Test suite: Add support for IP-based virtual hosts

  • Pass TEST_IP to the tests
  • Add IP addresses to the server certificate
  • Allow tests to access the server via an IP address instead of TEST_HOST
  • Property mode set to 100644
File size: 10.8 KB
Line 
1AC_INIT(mod_gnutls, 0.8.4)
2OOO_CONFIG_NICE(config.nice)
3MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
4AC_PREREQ(2.53)
5AC_CONFIG_SRCDIR([src/mod_gnutls.c])
6AC_CONFIG_AUX_DIR(config)
7
8OOO_MAINTAIN_MODE
9AM_MAINTAINER_MODE
10AC_CANONICAL_TARGET
11# mod_gnutls test suite requires GNU make
12AM_INIT_AUTOMAKE([-Wno-portability])
13AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
14
15LT_INIT([disable-static])
16
17AC_SUBST(MOD_GNUTLS_VERSION)
18
19AC_PROG_CC
20AC_PROG_CC_C99
21AC_PROG_LD
22AC_PROG_INSTALL
23AC_PROG_LIBTOOL
24
25AC_CONFIG_MACRO_DIR([m4])
26
27AP_VERSION=2.4.17
28CHECK_APACHE(,$AP_VERSION,
29    :,:,
30    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
31)
32
33dnl Maybe use the binaries for tests, too?
34AC_ARG_WITH([gnutls-dev],
35        AS_HELP_STRING([--with-gnutls-dev=DIR],
36                [Use GnuTLS libraries from a development (git) tree. Use \
37                this if you want to test mod_gnutls with the latest \
38                GnuTLS code.]),
39        [
40                AS_IF([test -d "${with_gnutls_dev}" ],
41                [
42                        LIBGNUTLS_CFLAGS="-I${with_gnutls_dev}/lib/includes"
43                        LIBGNUTLS_LIBS="-lgnutls -L${with_gnutls_dev}/lib/.libs -R${with_gnutls_dev}/lib/.libs"
44                ],
45                [AC_MSG_ERROR([--with-gnutls-dev=DIR requires a directory!])])
46        ], [])
47
48PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
49
50LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
51
52AC_ARG_ENABLE(vpath-install,
53       AS_HELP_STRING([--enable-vpath-install],
54               [Modify the Apache module directory provided by apxs to \
55               follow --prefix, if necessary. Most users will not want this, \
56               but it is required for VPATH builds including "make \
57               distcheck".]),
58       vpath_install=$enableval, vpath_install=no)
59AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
60
61AC_ARG_ENABLE(srp,
62       AS_HELP_STRING([--disable-srp],
63               [unconditionally disable the SRP functionality]),
64       use_srp=$enableval, use_srp=yes)
65
66# check if the available GnuTLS library supports SRP
67AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
68
69SRP_CFLAGS=""
70if test "$use_srp" != "no"; then
71        SRP_CFLAGS="-DENABLE_SRP=1"
72fi
73
74AC_ARG_ENABLE(strict,
75       AS_HELP_STRING([--disable-strict],
76               [Avoid strict compiler warnings and errors]),
77       use_strict=$enableval, use_strict=yes)
78
79STRICT_CFLAGS=""
80if test "$use_strict" != "no"; then
81        STRICT_CFLAGS="-Wall -Werror -Wextra -Wno-error=deprecated-declarations"
82fi
83
84AC_MSG_CHECKING([whether to enable SRP functionality])
85AC_MSG_RESULT($use_srp)
86
87dnl Optionally disable flock
88AC_ARG_ENABLE(flock,
89        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
90        (some exotic architectures don't support it)]),
91        [use_flock=$enableval], [use_flock=yes])
92# Check if flock is available and supports --timeout
93AC_PATH_PROG([FLOCK], [flock], [no])
94AS_IF([test "${FLOCK}" != "no"],
95      [
96        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
97        lockfile="$(mktemp)"
98        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
99              [flock_works="yes"], [flock_works="no"])
100        AC_MSG_RESULT([$flock_works])
101        # Old versions of flock do not support --verbose. They fail
102        # without executing the command but still return 0. Check for
103        # this behavior by testing if the rm command was executed.
104        AC_MSG_CHECKING([whether ${FLOCK} supports --verbose])
105        testfile="$(mktemp)"
106        AS_IF([${FLOCK} --verbose --timeout 1 ${lockfile} rm "${testfile}" \
107                        >&AS_MESSAGE_LOG_FD 2>&1; test ! -e "${testfile}"],
108              [flock_verbose="yes"; FLOCK="${FLOCK} --verbose"],
109              [flock_verbose="no"; rm "${testfile}"])
110        AC_MSG_RESULT([$flock_verbose])
111        rm "${lockfile}"
112      ],
113      [flock_works="no"])
114# disable flock if requested by user or it doesn't support timeout
115AM_CONDITIONAL([DISABLE_FLOCK],
116               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
117
118# openssl is needed as the responder for OCSP tests
119AC_PATH_PROG([OPENSSL], [openssl], [no])
120# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23,
121# 3.4.12, or 3.5.1 (on the respective 3.x branch) fail if intermediate
122# CAs cannot be status checked, even if there are no intermediate CAs
123# like in the mod_gnutls test suite where end entity certificates are
124# directly issued by a root CA.
125AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
126AC_PREPROC_IFELSE(
127        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
128                        #if GNUTLS_VERSION_NUMBER < 0x030317
129                        #error
130                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
131                        #error
132                        #elif GNUTLS_VERSION_NUMBER == 0x030500
133                        #error
134                        #endif
135                        ]])],
136        [gnutls_ocsp_ok="yes"],
137        [gnutls_ocsp_ok="no"],
138)
139AC_MSG_RESULT([$gnutls_ocsp_ok])
140AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
141
142dnl Enable test namespaces? Default is "yes".
143AC_ARG_ENABLE(test-namespaces,
144        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
145        namespaces to run tests in parallel (some architectures might not \
146        support it)]),
147        [use_netns=$enableval], [use_netns=yes])
148
149# Check if "unshare" is available and has permission to create network
150# and user namespaces
151AC_PATH_PROG([UNSHARE], [unshare], [no])
152AS_IF([test "${UNSHARE}" != "no"],
153      [
154        AC_MSG_CHECKING([for permission to create network and user namespaces])
155        AS_IF([${UNSHARE} --net -r /bin/sh -c \
156                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
157              [unshare_works="yes"], [unshare_works="no"])
158        AC_MSG_RESULT([$unshare_works])
159      ],
160      [unshare_works="no"])
161# decide whether to enable network namespaces
162AS_IF([test "$enable_test_namespaces" != "no" \
163            && test "$unshare_works" = "yes"],
164      [use_netns="yes"], [use_netns="no"])
165AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
166# Adjust Apache configuration for tests accordingly: Use pthread mutex
167# and test specific PID files if using namespaces, defaults otherwise.
168AS_IF([test "$use_netns" = "yes"],
169      [MUTEX_CONF="Mutex pthread default"; PID_AFFIX="-\${TEST_NAME}"],
170      [MUTEX_CONF=""; PID_AFFIX=""])
171AC_SUBST(MUTEX_CONF)
172AC_SUBST(PID_AFFIX)
173AM_SUBST_NOTMAKE(MUTEX_CONF)
174AM_SUBST_NOTMAKE(PID_AFFIX)
175
176AC_ARG_ENABLE(msva,
177       AS_HELP_STRING([--enable-msva],
178               [enable Monkeysphere client certificate verification]),
179       use_msva=$enableval, use_msva=no)
180AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
181
182MSVA_CFLAGS=""
183if test "$use_msva" != "no"; then
184        AC_CHECK_HEADERS([msv/msv.h], [],
185                         [AC_MSG_ERROR([*** No libmsv headers found!])])
186        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
187                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
188        MSVA_CFLAGS="-DENABLE_MSVA=1"
189fi
190
191AC_MSG_CHECKING([whether to enable MSVA functionality])
192AC_MSG_RESULT($use_msva)
193
194# Building documentation requires pandoc, which in turn needs pdflatex
195# to build PDF output.
196build_doc=no
197AC_PATH_PROG([PANDOC], [pandoc], [no])
198if test "$PANDOC" != "no"; then
199        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
200        if test "$PDFLATEX" != "no"; then
201                build_doc=yes
202        else
203                build_doc="html only"
204        fi
205else
206        AC_PATH_PROG([MARKDOWN], [markdown], [no])
207        if test "$MARKDOWN" != "no"; then
208                build_doc="html stub"
209        fi
210fi
211AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
212AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
213                               test "$PDFLATEX" != "no"])
214AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
215                               test "$MARKDOWN" != "no"])
216
217# Check for Apache binary
218AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
219if test "${APACHE2}" = "no"; then
220        AC_MSG_WARN([Neither apache2 nor httpd found in \
221                     PATH. Test suite will fail.])
222fi
223
224AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
225
226MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
227MODULE_LIBS="${LIBGNUTLS_LIBS}"
228
229AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
230if test "${SOFTHSM}" != "no"; then
231        softhsm_version=$(${SOFTHSM} --version)
232        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
233                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
234                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
235                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
236fi
237AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
238AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
239AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
240
241AC_SUBST(MODULE_CFLAGS)
242AC_SUBST(MODULE_LIBS)
243
244# assign default values to TEST_HOST and TEST_IP if necessary
245: ${TEST_HOST:="localhost"}
246: ${TEST_IP:="[[::1]] 127.0.0.1"}
247AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
248                        "make check", must resolve to addresses in TEST_IP. \
249                        The default is "localhost".])
250AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
251                      started by "make check". The default is \
252                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
253                      enclosed in square brackets.])
254
255: ${TEST_LOCK_WAIT:="30"}
256: ${TEST_QUERY_TIMEOUT:="30"}
257AC_ARG_VAR([TEST_LOCK_WAIT], [Timeout in seconds to acquire locks for \
258                             Apache instances in the test suite, or the \
259                             previous instance to remove its PID file if \
260                             flock is not used. Default is 30.])
261AC_ARG_VAR([TEST_QUERY_TIMEOUT], [Timeout in seconds for HTTPS requests \
262                                 sent using gnutls-cli in the test suite. \
263                                 Default is 30.])
264
265dnl Allow user to set SoftHSM PKCS #11 module
266AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
267                          use. By default the test suite will search common \
268                          library paths.])
269
270dnl Build list of "Listen" statements for Apache
271LISTEN_LIST="@%:@ Listen addresses for the test servers"
272for i in ${TEST_IP}; do
273        LISTEN_LIST="${LISTEN_LIST}
274Listen ${i}:\${TEST_PORT}"
275done
276# Available extra ports, tests can "Define" variables of the listed
277# names in their apache.conf to enable them.
278for j in TEST_HTTP_PORT; do
279LISTEN_LIST="${LISTEN_LIST}
280<IfDefine ${j}>"
281for i in ${TEST_IP}; do
282        LISTEN_LIST="${LISTEN_LIST}
283        Listen ${i}:\${${j}}"
284done
285LISTEN_LIST="${LISTEN_LIST}
286</IfDefine>"
287done
288AC_SUBST(LISTEN_LIST)
289AM_SUBST_NOTMAKE(LISTEN_LIST)
290
291DX_DOXYGEN_FEATURE(ON)
292DX_DOT_FEATURE(ON)
293DX_HTML_FEATURE(ON)
294DX_MAN_FEATURE(OFF)
295DX_RTF_FEATURE(OFF)
296DX_XML_FEATURE(OFF)
297DX_PDF_FEATURE(ON)
298DX_PS_FEATURE(OFF)
299DX_INIT_DOXYGEN([mod_gnutls], [doc/doxygen.conf], [doc/api])
300
301AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
302                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
303                        test/proxy_backend.conf test/ocsp_server.conf \
304                        test/apache-conf/listen.conf \
305                        test/apache-conf/netns.conf])
306AC_OUTPUT
307
308echo "---"
309echo "Configuration summary for mod_gnutls:"
310echo ""
311echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
312echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
313echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
314echo "   * CFLAGS for GnuTLS:           ${LIBGNUTLS_CFLAGS}"
315echo "   * LDFLAGS for GnuTLS:  ${LIBGNUTLS_LIBS}"
316echo "   * SRP Authentication:  ${use_srp}"
317echo "   * MSVA Client Verification:    ${use_msva}"
318echo "   * Build documentation: ${build_doc}"
319echo ""
320echo "---"
Note: See TracBrowser for help on using the repository browser.