source: mod_gnutls/configure.ac @ efe884e

debian/masterdebian/stretch-backportsupstream
Last change on this file since efe884e was efe884e, checked in by Thomas Klute <thomas2.klute@…>, 3 years ago

Skip OCSP test with incompatible GnuTLS versions

Please see the comment in configure.ac for details. Note that release
3.5.0 does not work, but git master since commit
cf09cd11fb7416f2bc8e64876d81bbeaf468fd20 does and uses the same
version number.

  • Property mode set to 100644
File size: 8.9 KB
Line 
1dnl
2AC_INIT(mod_gnutls, 0.7.4)
3OOO_CONFIG_NICE(config.nice)
4MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
5AC_PREREQ(2.53)
6AC_CONFIG_SRCDIR([src/mod_gnutls.c])
7AC_CONFIG_AUX_DIR(config)
8
9OOO_MAINTAIN_MODE
10AM_MAINTAINER_MODE
11AC_CANONICAL_TARGET
12# mod_gnutls test suite requires GNU make
13AM_INIT_AUTOMAKE([-Wno-portability])
14AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
15
16AC_SUBST(MOD_GNUTLS_VERSION)
17
18AC_PROG_CC
19AC_PROG_CC_C99
20AC_PROG_LD
21AC_PROG_INSTALL
22AC_PROG_LIBTOOL
23
24AC_CONFIG_MACRO_DIR([m4])
25
26AP_VERSION=2.2.0
27CHECK_APACHE(,$AP_VERSION,
28    :,:,
29    AC_MSG_ERROR([*** Apache version $AP_VERSION not found!])
30)
31
32PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.1.4])
33
34LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
35
36AC_ARG_ENABLE(srp,
37       AS_HELP_STRING([--disable-srp],
38               [unconditionally disable the SRP functionality]),
39       use_srp=$enableval, use_srp=yes)
40
41# check if the available GnuTLS library supports SRP
42AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
43
44SRP_CFLAGS=""
45if test "$use_srp" != "no"; then
46        SRP_CFLAGS="-DENABLE_SRP=1"
47fi
48
49AC_ARG_ENABLE(strict,
50       AS_HELP_STRING([--disable-strict],
51               [Avoid strict compiler warnings and errors]),
52       use_strict=$enableval, use_strict=yes)
53
54STRICT_CFLAGS=""
55if test "$use_strict" != "no"; then
56        STRICT_CFLAGS="-Wall -Werror -Wextra"
57fi
58
59AC_MSG_CHECKING([whether to enable SRP functionality])
60AC_MSG_RESULT($use_srp)
61
62dnl Optionally disable flock
63AC_ARG_ENABLE(flock,
64        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
65        (some exotic architectures don't support it)]),
66        [use_flock=$enableval], [use_flock=yes])
67# Check if flock is available and supports --timeout
68AC_PATH_PROG([FLOCK], [flock], [no])
69AS_IF([test "${FLOCK}" != "no"],
70      [
71        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
72        lockfile="$(mktemp)"
73        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
74              [flock_works="yes"], [flock_works="no"])
75        rm "${lockfile}"
76        AC_MSG_RESULT([$flock_works])
77      ],
78      [flock_works="no"])
79# disable flock if requested by user or it doesn't support timeout
80AM_CONDITIONAL([DISABLE_FLOCK],
81               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
82
83# openssl is needed as the responder for OCSP tests
84AC_PATH_PROG([OPENSSL], [openssl], [no])
85# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23 or
86# 3.4.12 fail if intermediate CAs cannot be status checked, even if
87# there are no intermediate CAs like in the mod_gnutls test suite
88# where end entity certificates are directly issued by a root
89# CA. Release 3.5.0 does not contain the fix, but git commit
90# cf09cd11fb7416f2bc8e64876d81bbeaf468fd20 which adds the fix still
91# uses the same version number, so I'm not blocking 0x030500 for the
92# sake of anyone who might be experimenting with the git version.
93AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
94AC_PREPROC_IFELSE(
95        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
96                        #if GNUTLS_VERSION_NUMBER < 0x030317
97                        #error
98                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
99                        #error
100                        #endif
101                        ]])],
102        [gnutls_ocsp_ok="yes"],
103        [gnutls_ocsp_ok="no"],
104)
105AC_MSG_RESULT([$gnutls_ocsp_ok])
106AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
107
108dnl Enable test namespaces? Default is "yes".
109AC_ARG_ENABLE(test-namespaces,
110        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
111        namespaces to run tests in parallel (some architectures might not \
112        support it)]),
113        [use_netns=$enableval], [use_netns=yes])
114
115# Check if "unshare" is available and has permission to create network
116# and user namespaces
117AC_PATH_PROG([UNSHARE], [unshare], [no])
118AS_IF([test "${UNSHARE}" != "no"],
119      [
120        AC_MSG_CHECKING([for permission to create network and user namespaces])
121        AS_IF([${UNSHARE} --net -r /bin/sh -c \
122                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
123              [unshare_works="yes"], [unshare_works="no"])
124        AC_MSG_RESULT([$unshare_works])
125      ],
126      [unshare_works="no"])
127# decide whether to enable network namespaces
128AS_IF([test "$enable_test_namespaces" != "no" \
129            && test "$unshare_works" = "yes"],
130      [use_netns="yes"], [use_netns="no"])
131AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
132# Adjust Apache configuration for tests accordingly: Use pthread mutex
133# and test specific PID files if using namespaces, defaults otherwise.
134AS_IF([test "$use_netns" = "yes"],
135      [MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"],
136      [MUTEX_TYPE="default"; PID_AFFIX=""])
137AC_SUBST(MUTEX_TYPE)
138AC_SUBST(PID_AFFIX)
139AM_SUBST_NOTMAKE(MUTEX_TYPE)
140AM_SUBST_NOTMAKE(PID_AFFIX)
141
142AC_ARG_ENABLE(msva,
143       AS_HELP_STRING([--enable-msva],
144               [enable Monkeysphere client certificate verification]),
145       use_msva=$enableval, use_msva=no)
146AM_CONDITIONAL([USE_MSVA], [test "$use_msva" != "no"])
147
148MSVA_CFLAGS=""
149if test "$use_msva" != "no"; then
150        AC_CHECK_HEADERS([msv/msv.h], [],
151                         [AC_MSG_ERROR([*** No libmsv headers found!])])
152        AC_SEARCH_LIBS([msv_query_agent], [msv], [],
153                         [AC_MSG_ERROR([*** No libmsv found with msv_query_agent!])])
154        MSVA_CFLAGS="-DENABLE_MSVA=1"
155fi
156
157AC_MSG_CHECKING([whether to enable MSVA functionality])
158AC_MSG_RESULT($use_msva)
159
160have_apr_memcache=0
161CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
162AC_SUBST(have_apr_memcache)
163
164# Building documentation requires pandoc, which in turn needs pdflatex
165# to build PDF output.
166build_doc=no
167AC_PATH_PROG([PANDOC], [pandoc], [no])
168if test "$PANDOC" != "no"; then
169        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
170        if test "$PDFLATEX" != "no"; then
171                build_doc=yes
172        else
173                build_doc="html only"
174        fi
175else
176        AC_PATH_PROG([MARKDOWN], [markdown], [no])
177        if test "$MARKDOWN" != "no"; then
178                build_doc="html stub"
179        fi
180fi
181AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
182AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
183                               test "$PDFLATEX" != "no"])
184AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
185                               test "$MARKDOWN" != "no"])
186
187# Check for Apache binary
188AC_PATH_PROGS([APACHE2], [apache2 httpd], [no], [$PATH:/usr/sbin])
189if test "${APACHE2}" = "no"; then
190        AC_MSG_WARN([Neither apache2 nor httpd found in \
191                     PATH. Test suite will fail.])
192fi
193
194AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
195
196MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
197MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
198
199AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
200if test "${SOFTHSM}" != "no"; then
201        softhsm_version=$(${SOFTHSM} --version)
202        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
203                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
204                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
205                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
206fi
207AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
208AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
209AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
210
211AC_SUBST(MODULE_CFLAGS)
212AC_SUBST(MODULE_LIBS)
213
214# assign default values to TEST_HOST and TEST_IP if necessary
215: ${TEST_HOST:="localhost"}
216: ${TEST_IP:="[[::1]] 127.0.0.1"}
217AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
218                        "make check", must resolve to addresses in TEST_IP. \
219                        The default is "localhost".])
220AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
221                      started by "make check". The default is \
222                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
223                      enclosed in square brackets.])
224AM_SUBST_NOTMAKE(TEST_IP)
225
226dnl Allow user to set SoftHSM PKCS #11 module
227AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
228                          use. By default the test suite will search common \
229                          library paths.])
230
231dnl Build list of "Listen" statements for Apache
232LISTEN_LIST="@%:@ Listen addresses for the test servers"
233for i in ${TEST_IP}; do
234        LISTEN_LIST="${LISTEN_LIST}
235Listen ${i}:\${TEST_PORT}"
236done
237# Available extra ports, tests can "Define" variables of the listed
238# names in their apache.conf to enable them.
239for j in TEST_HTTP_PORT OCSP_PORT; do
240LISTEN_LIST="${LISTEN_LIST}
241<IfDefine ${j}>"
242for i in ${TEST_IP}; do
243        LISTEN_LIST="${LISTEN_LIST}
244        Listen ${i}:\${${j}}"
245done
246LISTEN_LIST="${LISTEN_LIST}
247</IfDefine>"
248done
249AC_SUBST(LISTEN_LIST)
250AM_SUBST_NOTMAKE(LISTEN_LIST)
251
252AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
253                        doc/Makefile include/mod_gnutls.h \
254                        test/proxy_backend.conf \
255                        test/apache-conf/listen.conf \
256                        test/apache-conf/netns.conf])
257AC_OUTPUT
258
259echo "---"
260echo "Configuration summary for mod_gnutls:"
261echo ""
262echo "   * mod_gnutls version:  ${MOD_GNUTLS_VERSION}"
263echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
264echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
265echo "   * SRP Authentication:  ${use_srp}"
266echo "   * MSVA Client Verification:    ${use_msva}"
267echo "   * Build documentation: ${build_doc}"
268echo ""
269echo "---"
Note: See TracBrowser for help on using the repository browser.