source: mod_gnutls/configure.ac @ 94430e6

debian/masterdebian/stretch-backportsupstream
Last change on this file since 94430e6 was 94430e6, checked in by Thomas Klute <thomas2.klute@…>, 2 years ago

Test suite: Run a separate Apache instance for the OCSP responder

This change will be needed to cache OCSP responses on start (and
schedule) instead of when needed. An OCSP responder in the same Apache
instance won't be ready while the mod_gnutls post_config hook is
executing.

The changes to lock file handling included in this patch mean that
most parts of the test framework won't need to check which locking
method (if any) is used, they can just pass a lock file which is then
used for flock or PID file checks depending on ./configure results.

  • Property mode set to 100644
File size: 10.5 KB
Line 
1dnl
2AC_INIT(mod_gnutls, 0.8.2)
3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53)
6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
7AC_CONFIG_AUX_DIR(config)
8
9OOO_MAINTAIN_MODE
10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
12# mod_gnutls test suite requires GNU make
13AM_INIT_AUTOMAKE([-Wno-portability])
14AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
15
16LT_INIT([disable-static])
17
18AC_SUBST(MOD_GNUTLS_VERSION)
19
20AC_PROG_CC
21AC_PROG_CC_C99
22AC_PROG_LD
23AC_PROG_INSTALL
24AC_PROG_LIBTOOL
25
26AC_CONFIG_MACRO_DIR([m4])
27
28AP_VERSION=2.4.0
29CHECK_APACHE(,$AP_VERSION,
30    :,:,
31    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
32)
33
34PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
35
36LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
37
38AC_ARG_ENABLE(vpath-install,
39       AS_HELP_STRING([--enable-vpath-install],
40               [Modify the Apache module directory provided by apxs to \
41               follow --prefix, if necessary. Most users will not want this, \
42               but it is required for VPATH builds including "make \
43               distcheck".]),
44       vpath_install=$enableval, vpath_install=no)
45AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
46
47AC_ARG_ENABLE(srp,
48       AS_HELP_STRING([--disable-srp],
49               [unconditionally disable the SRP functionality]),
50       use_srp=$enableval, use_srp=yes)
51
52# check if the available GnuTLS library supports SRP
53AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
54
55SRP_CFLAGS=""
56if test "$use_srp" != "no"; then
57        SRP_CFLAGS="-DENABLE_SRP=1"
58fi
59
60AC_ARG_ENABLE(strict,
61       AS_HELP_STRING([--disable-strict],
62               [Avoid strict compiler warnings and errors]),
63       use_strict=$enableval, use_strict=yes)
64
65STRICT_CFLAGS=""
66if test "$use_strict" != "no"; then
67        STRICT_CFLAGS="-Wall -Werror -Wextra -Wno-error=deprecated-declarations"
68fi
69
70AC_MSG_CHECKING([whether to enable SRP functionality])
71AC_MSG_RESULT($use_srp)
72
73dnl Optionally disable flock
74AC_ARG_ENABLE(flock,
75        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
76        (some exotic architectures don't support it)]),
77        [use_flock=$enableval], [use_flock=yes])
78# Check if flock is available and supports --timeout
79AC_PATH_PROG([FLOCK], [flock], [no])
80AS_IF([test "${FLOCK}" != "no"],
81      [
82        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
83        lockfile="$(mktemp)"
84        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
85              [flock_works="yes"], [flock_works="no"])
86        AC_MSG_RESULT([$flock_works])
87        # Old versions of flock do not support --verbose. They fail
88        # without executing the command but still return 0. Check for
89        # this behavior by testing if the rm command was executed.
90        AC_MSG_CHECKING([whether ${FLOCK} supports --verbose])
91        testfile="$(mktemp)"
92        AS_IF([${FLOCK} --verbose --timeout 1 ${lockfile} rm "${testfile}" \
93                        >&AS_MESSAGE_LOG_FD 2>&1; test ! -e "${testfile}"],
94              [flock_verbose="yes"; FLOCK="${FLOCK} --verbose"],
95              [flock_verbose="no"; rm "${testfile}"])
96        AC_MSG_RESULT([$flock_verbose])
97        rm "${lockfile}"
98      ],
99      [flock_works="no"])
100# disable flock if requested by user or it doesn't support timeout
101AM_CONDITIONAL([DISABLE_FLOCK],
102               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
103
104# openssl is needed as the responder for OCSP tests
105AC_PATH_PROG([OPENSSL], [openssl], [no])
106# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23,
107# 3.4.12, or 3.5.1 (on the respective 3.x branch) fail if intermediate
108# CAs cannot be status checked, even if there are no intermediate CAs
109# like in the mod_gnutls test suite where end entity certificates are
110# directly issued by a root CA.
111AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
112AC_PREPROC_IFELSE(
113        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
114                        #if GNUTLS_VERSION_NUMBER < 0x030317
115                        #error
116                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
117                        #error
118                        #elif GNUTLS_VERSION_NUMBER == 0x030500
119                        #error
120                        #endif
121                        ]])],
122        [gnutls_ocsp_ok="yes"],
123        [gnutls_ocsp_ok="no"],
124)
125AC_MSG_RESULT([$gnutls_ocsp_ok])
126AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
127
128dnl Enable test namespaces? Default is "yes".
129AC_ARG_ENABLE(test-namespaces,
130        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
131        namespaces to run tests in parallel (some architectures might not \
132        support it)]),
133        [use_netns=$enableval], [use_netns=yes])
134
135# Check if "unshare" is available and has permission to create network
136# and user namespaces
137AC_PATH_PROG([UNSHARE], [unshare], [no])
138AS_IF([test "${UNSHARE}" != "no"],
139      [
140        AC_MSG_CHECKING([for permission to create network and user namespaces])
141        AS_IF([${UNSHARE} --net -r /bin/sh -c \
142                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
143              [unshare_works="yes"], [unshare_works="no"])
144        AC_MSG_RESULT([$unshare_works])
145      ],
146      [unshare_works="no"])
147# decide whether to enable network namespaces
148AS_IF([test "$enable_test_namespaces" != "no" \
149            && test "$unshare_works" = "yes"],
150      [use_netns="yes"], [use_netns="no"])
151AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
152# Adjust Apache configuration for tests accordingly: Use pthread mutex
153# and test specific PID files if using namespaces, defaults otherwise.
154AS_IF([test "$use_netns" = "yes"],
155      [MUTEX_CONF="Mutex pthread default"; PID_AFFIX="-\${TEST_NAME}"],
156      [MUTEX_CONF=""; PID_AFFIX=""])
157AC_SUBST(MUTEX_CONF)
158AC_SUBST(PID_AFFIX)
159AM_SUBST_NOTMAKE(MUTEX_CONF)
160AM_SUBST_NOTMAKE(PID_AFFIX)
161
162AC_ARG_ENABLE(msva,
163       AS_HELP_STRING([--enable-msva],
164               [enable Monkeysphere client certificate verification]),
165       use_msva=$enableval, use_msva=no)
166AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
167
168MSVA_CFLAGS=""
169if test "$use_msva" != "no"; then
170        AC_CHECK_HEADERS([msv/msv.h], [],
171                         [AC_MSG_ERROR([*** No libmsv headers found!])])
172        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
173                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
174        MSVA_CFLAGS="-DENABLE_MSVA=1"
175fi
176
177AC_MSG_CHECKING([whether to enable MSVA functionality])
178AC_MSG_RESULT($use_msva)
179
180have_apr_memcache=0
181CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
182AC_SUBST(have_apr_memcache)
183
184# Building documentation requires pandoc, which in turn needs pdflatex
185# to build PDF output.
186build_doc=no
187AC_PATH_PROG([PANDOC], [pandoc], [no])
188if test "$PANDOC" != "no"; then
189        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
190        if test "$PDFLATEX" != "no"; then
191                build_doc=yes
192        else
193                build_doc="html only"
194        fi
195else
196        AC_PATH_PROG([MARKDOWN], [markdown], [no])
197        if test "$MARKDOWN" != "no"; then
198                build_doc="html stub"
199        fi
200fi
201AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
202AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
203                               test "$PDFLATEX" != "no"])
204AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
205                               test "$MARKDOWN" != "no"])
206
207# Check for Apache binary
208AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
209if test "${APACHE2}" = "no"; then
210        AC_MSG_WARN([Neither apache2 nor httpd found in \
211                     PATH. Test suite will fail.])
212fi
213
214AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
215
216MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
217MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
218
219AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
220if test "${SOFTHSM}" != "no"; then
221        softhsm_version=$(${SOFTHSM} --version)
222        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
223                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
224                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
225                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
226fi
227AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
228AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
229AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
230
231AC_SUBST(MODULE_CFLAGS)
232AC_SUBST(MODULE_LIBS)
233
234# assign default values to TEST_HOST and TEST_IP if necessary
235: ${TEST_HOST:="localhost"}
236: ${TEST_IP:="[[::1]] 127.0.0.1"}
237AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
238                        "make check", must resolve to addresses in TEST_IP. \
239                        The default is "localhost".])
240AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
241                      started by "make check". The default is \
242                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
243                      enclosed in square brackets.])
244AM_SUBST_NOTMAKE(TEST_IP)
245
246: ${TEST_LOCK_WAIT:="30"}
247: ${TEST_QUERY_TIMEOUT:="30"}
248AC_ARG_VAR([TEST_LOCK_WAIT], [Timeout in seconds to acquire locks for \
249                             Apache instances in the test suite, or the \
250                             previous instance to remove its PID file if \
251                             flock is not used. Default is 30.])
252AC_ARG_VAR([TEST_QUERY_TIMEOUT], [Timeout in seconds for HTTPS requests \
253                                 sent using gnutls-cli in the test suite. \
254                                 Default is 30.])
255
256dnl Allow user to set SoftHSM PKCS #11 module
257AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
258                          use. By default the test suite will search common \
259                          library paths.])
260
261dnl Build list of "Listen" statements for Apache
262LISTEN_LIST="@%:@ Listen addresses for the test servers"
263for i in ${TEST_IP}; do
264        LISTEN_LIST="${LISTEN_LIST}
265Listen ${i}:\${TEST_PORT}"
266done
267# Available extra ports, tests can "Define" variables of the listed
268# names in their apache.conf to enable them.
269for j in TEST_HTTP_PORT OCSP_PORT; do
270LISTEN_LIST="${LISTEN_LIST}
271<IfDefine ${j}>"
272for i in ${TEST_IP}; do
273        LISTEN_LIST="${LISTEN_LIST}
274        Listen ${i}:\${${j}}"
275done
276LISTEN_LIST="${LISTEN_LIST}
277</IfDefine>"
278done
279AC_SUBST(LISTEN_LIST)
280AM_SUBST_NOTMAKE(LISTEN_LIST)
281
282DX_DOXYGEN_FEATURE(ON)
283DX_DOT_FEATURE(ON)
284DX_HTML_FEATURE(ON)
285DX_MAN_FEATURE(OFF)
286DX_RTF_FEATURE(OFF)
287DX_XML_FEATURE(OFF)
288DX_PDF_FEATURE(ON)
289DX_PS_FEATURE(OFF)
290DX_INIT_DOXYGEN([mod_gnutls], [doc/doxygen.conf], [doc/api])
291
292AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
293                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
294                        test/proxy_backend.conf test/ocsp_server.conf \
295                        test/apache-conf/listen.conf \
296                        test/apache-conf/netns.conf])
297AC_OUTPUT
298
299echo "---"
300echo "Configuration summary for mod_gnutls:"
301echo ""
302echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
303echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
304echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
305echo "   * CFLAGS for GnuTLS:           ${LIBGNUTLS_CFLAGS}"
306echo "   * LDFLAGS for GnuTLS:  ${LIBGNUTLS_LIBS}"
307echo "   * SRP Authentication:  ${use_srp}"
308echo "   * MSVA Client Verification:    ${use_msva}"
309echo "   * Build documentation: ${build_doc}"
310echo ""
311echo "---"
Note: See TracBrowser for help on using the repository browser.