source: mod_gnutls/configure.ac @ 967bf9b

Last change on this file since 967bf9b was 967bf9b, checked in by Thomas Klute <thomas2.klute@…>, 2 months ago

Test suite: Prevent duplicate "Listen" on OCSP_PORT

  • Property mode set to 100644
File size: 10.5 KB
Line 
1dnl
2AC_INIT(mod_gnutls, 0.8.2)
3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53)
6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
7AC_CONFIG_AUX_DIR(config)
8
9OOO_MAINTAIN_MODE
10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
12# mod_gnutls test suite requires GNU make
13AM_INIT_AUTOMAKE([-Wno-portability])
14AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
15
16LT_INIT([disable-static])
17
18AC_SUBST(MOD_GNUTLS_VERSION)
19
20AC_PROG_CC
21AC_PROG_CC_C99
22AC_PROG_LD
23AC_PROG_INSTALL
24AC_PROG_LIBTOOL
25
26AC_CONFIG_MACRO_DIR([m4])
27
28AP_VERSION=2.4.0
29CHECK_APACHE(,$AP_VERSION,
30    :,:,
31    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
32)
33
34PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
35
36LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
37
38AC_ARG_ENABLE(vpath-install,
39       AS_HELP_STRING([--enable-vpath-install],
40               [Modify the Apache module directory provided by apxs to \
41               follow --prefix, if necessary. Most users will not want this, \
42               but it is required for VPATH builds including "make \
43               distcheck".]),
44       vpath_install=$enableval, vpath_install=no)
45AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
46
47AC_ARG_ENABLE(srp,
48       AS_HELP_STRING([--disable-srp],
49               [unconditionally disable the SRP functionality]),
50       use_srp=$enableval, use_srp=yes)
51
52# check if the available GnuTLS library supports SRP
53AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
54
55SRP_CFLAGS=""
56if test "$use_srp" != "no"; then
57        SRP_CFLAGS="-DENABLE_SRP=1"
58fi
59
60AC_ARG_ENABLE(strict,
61       AS_HELP_STRING([--disable-strict],
62               [Avoid strict compiler warnings and errors]),
63       use_strict=$enableval, use_strict=yes)
64
65STRICT_CFLAGS=""
66if test "$use_strict" != "no"; then
67        STRICT_CFLAGS="-Wall -Werror -Wextra -Wno-error=deprecated-declarations"
68fi
69
70AC_MSG_CHECKING([whether to enable SRP functionality])
71AC_MSG_RESULT($use_srp)
72
73dnl Optionally disable flock
74AC_ARG_ENABLE(flock,
75        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
76        (some exotic architectures don't support it)]),
77        [use_flock=$enableval], [use_flock=yes])
78# Check if flock is available and supports --timeout
79AC_PATH_PROG([FLOCK], [flock], [no])
80AS_IF([test "${FLOCK}" != "no"],
81      [
82        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
83        lockfile="$(mktemp)"
84        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
85              [flock_works="yes"], [flock_works="no"])
86        AC_MSG_RESULT([$flock_works])
87        # Old versions of flock do not support --verbose. They fail
88        # without executing the command but still return 0. Check for
89        # this behavior by testing if the rm command was executed.
90        AC_MSG_CHECKING([whether ${FLOCK} supports --verbose])
91        testfile="$(mktemp)"
92        AS_IF([${FLOCK} --verbose --timeout 1 ${lockfile} rm "${testfile}" \
93                        >&AS_MESSAGE_LOG_FD 2>&1; test ! -e "${testfile}"],
94              [flock_verbose="yes"; FLOCK="${FLOCK} --verbose"],
95              [flock_verbose="no"; rm "${testfile}"])
96        AC_MSG_RESULT([$flock_verbose])
97        rm "${lockfile}"
98      ],
99      [flock_works="no"])
100# disable flock if requested by user or it doesn't support timeout
101AM_CONDITIONAL([DISABLE_FLOCK],
102               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
103
104# openssl is needed as the responder for OCSP tests
105AC_PATH_PROG([OPENSSL], [openssl], [no])
106# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23,
107# 3.4.12, or 3.5.1 (on the respective 3.x branch) fail if intermediate
108# CAs cannot be status checked, even if there are no intermediate CAs
109# like in the mod_gnutls test suite where end entity certificates are
110# directly issued by a root CA.
111AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
112AC_PREPROC_IFELSE(
113        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
114                        #if GNUTLS_VERSION_NUMBER < 0x030317
115                        #error
116                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
117                        #error
118                        #elif GNUTLS_VERSION_NUMBER == 0x030500
119                        #error
120                        #endif
121                        ]])],
122        [gnutls_ocsp_ok="yes"],
123        [gnutls_ocsp_ok="no"],
124)
125AC_MSG_RESULT([$gnutls_ocsp_ok])
126AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
127
128dnl Enable test namespaces? Default is "yes".
129AC_ARG_ENABLE(test-namespaces,
130        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
131        namespaces to run tests in parallel (some architectures might not \
132        support it)]),
133        [use_netns=$enableval], [use_netns=yes])
134
135# Check if "unshare" is available and has permission to create network
136# and user namespaces
137AC_PATH_PROG([UNSHARE], [unshare], [no])
138AS_IF([test "${UNSHARE}" != "no"],
139      [
140        AC_MSG_CHECKING([for permission to create network and user namespaces])
141        AS_IF([${UNSHARE} --net -r /bin/sh -c \
142                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
143              [unshare_works="yes"], [unshare_works="no"])
144        AC_MSG_RESULT([$unshare_works])
145      ],
146      [unshare_works="no"])
147# decide whether to enable network namespaces
148AS_IF([test "$enable_test_namespaces" != "no" \
149            && test "$unshare_works" = "yes"],
150      [use_netns="yes"], [use_netns="no"])
151AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
152# Adjust Apache configuration for tests accordingly: Use pthread mutex
153# and test specific PID files if using namespaces, defaults otherwise.
154AS_IF([test "$use_netns" = "yes"],
155      [MUTEX_CONF="Mutex pthread default"; PID_AFFIX="-\${TEST_NAME}"],
156      [MUTEX_CONF=""; PID_AFFIX=""])
157AC_SUBST(MUTEX_CONF)
158AC_SUBST(PID_AFFIX)
159AM_SUBST_NOTMAKE(MUTEX_CONF)
160AM_SUBST_NOTMAKE(PID_AFFIX)
161
162AC_ARG_ENABLE(msva,
163       AS_HELP_STRING([--enable-msva],
164               [enable Monkeysphere client certificate verification]),
165       use_msva=$enableval, use_msva=no)
166AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
167
168MSVA_CFLAGS=""
169if test "$use_msva" != "no"; then
170        AC_CHECK_HEADERS([msv/msv.h], [],
171                         [AC_MSG_ERROR([*** No libmsv headers found!])])
172        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
173                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
174        MSVA_CFLAGS="-DENABLE_MSVA=1"
175fi
176
177AC_MSG_CHECKING([whether to enable MSVA functionality])
178AC_MSG_RESULT($use_msva)
179
180have_apr_memcache=0
181CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
182AC_SUBST(have_apr_memcache)
183
184# Building documentation requires pandoc, which in turn needs pdflatex
185# to build PDF output.
186build_doc=no
187AC_PATH_PROG([PANDOC], [pandoc], [no])
188if test "$PANDOC" != "no"; then
189        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
190        if test "$PDFLATEX" != "no"; then
191                build_doc=yes
192        else
193                build_doc="html only"
194        fi
195else
196        AC_PATH_PROG([MARKDOWN], [markdown], [no])
197        if test "$MARKDOWN" != "no"; then
198                build_doc="html stub"
199        fi
200fi
201AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
202AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
203                               test "$PDFLATEX" != "no"])
204AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
205                               test "$MARKDOWN" != "no"])
206
207# Check for Apache binary
208AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
209if test "${APACHE2}" = "no"; then
210        AC_MSG_WARN([Neither apache2 nor httpd found in \
211                     PATH. Test suite will fail.])
212fi
213
214AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
215
216MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
217MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
218
219AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
220if test "${SOFTHSM}" != "no"; then
221        softhsm_version=$(${SOFTHSM} --version)
222        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
223                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
224                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
225                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
226fi
227AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
228AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
229AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
230
231AC_SUBST(MODULE_CFLAGS)
232AC_SUBST(MODULE_LIBS)
233
234# assign default values to TEST_HOST and TEST_IP if necessary
235: ${TEST_HOST:="localhost"}
236: ${TEST_IP:="[[::1]] 127.0.0.1"}
237AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
238                        "make check", must resolve to addresses in TEST_IP. \
239                        The default is "localhost".])
240AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
241                      started by "make check". The default is \
242                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
243                      enclosed in square brackets.])
244AM_SUBST_NOTMAKE(TEST_IP)
245
246: ${TEST_LOCK_WAIT:="30"}
247: ${TEST_QUERY_TIMEOUT:="30"}
248AC_ARG_VAR([TEST_LOCK_WAIT], [Timeout in seconds to acquire locks for \
249                             Apache instances in the test suite, or the \
250                             previous instance to remove its PID file if \
251                             flock is not used. Default is 30.])
252AC_ARG_VAR([TEST_QUERY_TIMEOUT], [Timeout in seconds for HTTPS requests \
253                                 sent using gnutls-cli in the test suite. \
254                                 Default is 30.])
255
256dnl Allow user to set SoftHSM PKCS #11 module
257AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
258                          use. By default the test suite will search common \
259                          library paths.])
260
261dnl Build list of "Listen" statements for Apache
262LISTEN_LIST="@%:@ Listen addresses for the test servers"
263for i in ${TEST_IP}; do
264        LISTEN_LIST="${LISTEN_LIST}
265Listen ${i}:\${TEST_PORT}"
266done
267# Available extra ports, tests can "Define" variables of the listed
268# names in their apache.conf to enable them.
269for j in TEST_HTTP_PORT; do
270LISTEN_LIST="${LISTEN_LIST}
271<IfDefine ${j}>"
272for i in ${TEST_IP}; do
273        LISTEN_LIST="${LISTEN_LIST}
274        Listen ${i}:\${${j}}"
275done
276LISTEN_LIST="${LISTEN_LIST}
277</IfDefine>"
278done
279AC_SUBST(LISTEN_LIST)
280AM_SUBST_NOTMAKE(LISTEN_LIST)
281
282DX_DOXYGEN_FEATURE(ON)
283DX_DOT_FEATURE(ON)
284DX_HTML_FEATURE(ON)
285DX_MAN_FEATURE(OFF)
286DX_RTF_FEATURE(OFF)
287DX_XML_FEATURE(OFF)
288DX_PDF_FEATURE(ON)
289DX_PS_FEATURE(OFF)
290DX_INIT_DOXYGEN([mod_gnutls], [doc/doxygen.conf], [doc/api])
291
292AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
293                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
294                        test/proxy_backend.conf test/ocsp_server.conf \
295                        test/apache-conf/listen.conf \
296                        test/apache-conf/netns.conf])
297AC_OUTPUT
298
299echo "---"
300echo "Configuration summary for mod_gnutls:"
301echo ""
302echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
303echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
304echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
305echo "   * CFLAGS for GnuTLS:           ${LIBGNUTLS_CFLAGS}"
306echo "   * LDFLAGS for GnuTLS:  ${LIBGNUTLS_LIBS}"
307echo "   * SRP Authentication:  ${use_srp}"
308echo "   * MSVA Client Verification:    ${use_msva}"
309echo "   * Build documentation: ${build_doc}"
310echo ""
311echo "---"
Note: See TracBrowser for help on using the repository browser.