Changeset ea9c699 in mod_gnutls for configure.ac


Ignore:
Timestamp:
Jan 28, 2019, 2:50:38 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master
Children:
19e80a5
Parents:
8a264b0 (diff), 510764a (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

New upstream version 0.9.0

File:
1 edited

Legend:

Unmodified
Added
Removed
  • configure.ac

    r8a264b0 rea9c699  
    1 dnl
    2 AC_INIT(mod_gnutls, 0.7.3)
     1AC_INIT(mod_gnutls, 0.9.0)
    32OOO_CONFIG_NICE(config.nice)
    43MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
     
    1413AM_CONFIG_HEADER(include/mod_gnutls_config.h:config.in)
    1514
     15LT_INIT([disable-static])
     16
    1617AC_SUBST(MOD_GNUTLS_VERSION)
    1718
     
    2425AC_CONFIG_MACRO_DIR([m4])
    2526
    26 AP_VERSION=2.2.0
     27AP_VERSION=2.4.17
    2728CHECK_APACHE(,$AP_VERSION,
    2829    :,:,
     
    3031)
    3132
    32 PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.1.4])
     33dnl Maybe use the binaries for tests, too?
     34AC_ARG_WITH([gnutls-dev],
     35        AS_HELP_STRING([--with-gnutls-dev=DIR],
     36                [Use GnuTLS libraries from a development (git) tree. Use \
     37                this if you want to test mod_gnutls with the latest \
     38                GnuTLS code.]),
     39        [
     40                AS_IF([test -d "${with_gnutls_dev}" ],
     41                [
     42                        LIBGNUTLS_CFLAGS="-I${with_gnutls_dev}/lib/includes"
     43                        LIBGNUTLS_LIBS="-lgnutls -L${with_gnutls_dev}/lib/.libs -R${with_gnutls_dev}/lib/.libs"
     44                ],
     45                [AC_MSG_ERROR([--with-gnutls-dev=DIR requires a directory!])])
     46        ], [])
     47
     48PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
    3349
    3450LIBGNUTLS_VERSION=`pkg-config --modversion gnutls`
     51
     52AC_ARG_ENABLE(vpath-install,
     53       AS_HELP_STRING([--enable-vpath-install],
     54               [Modify the Apache module directory provided by apxs to \
     55               follow --prefix, if necessary. Most users will not want this, \
     56               but it is required for VPATH builds including "make \
     57               distcheck".]),
     58       vpath_install=$enableval, vpath_install=no)
     59AM_CONDITIONAL([ENABLE_VPATH_INSTALL], [test "$vpath_install" = "yes"])
    3560
    3661AC_ARG_ENABLE(srp,
     
    4267AC_SEARCH_LIBS([gnutls_srp_server_get_username], [gnutls], [], [use_srp="no"])
    4368
    44 SRP_CFLAGS=""
     69GNUTLS_FEAT_CFLAGS=""
    4570if test "$use_srp" != "no"; then
    46         SRP_CFLAGS="-DENABLE_SRP=1"
    47 fi
     71        GNUTLS_FEAT_CFLAGS="-DENABLE_SRP=1"
     72fi
     73
     74# check if the available GnuTLS library supports raw extension parsing
     75AC_SEARCH_LIBS([gnutls_ext_raw_parse], [gnutls], [early_sni="yes"],
     76        [early_sni="no"])
     77if test "$early_sni" != "no"; then
     78        ENABLE_EARLY_SNI=1
     79        # This is for the test server configuration
     80        EXPECT_EARLY_SNI="Define EXPECT_EARLY_SNI"
     81else
     82        ENABLE_EARLY_SNI=0
     83        EXPECT_EARLY_SNI=""
     84fi
     85AC_SUBST(ENABLE_EARLY_SNI)
     86AC_SUBST(EXPECT_EARLY_SNI)
     87AM_SUBST_NOTMAKE(EXPECT_EARLY_SNI)
    4888
    4989AC_ARG_ENABLE(strict,
     
    5494STRICT_CFLAGS=""
    5595if test "$use_strict" != "no"; then
    56         STRICT_CFLAGS="-Wall -Werror -Wextra"
     96        STRICT_CFLAGS="-Wall -Werror -Wextra -Wno-error=deprecated-declarations"
    5797fi
    5898
     
    73113        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
    74114              [flock_works="yes"], [flock_works="no"])
     115        AC_MSG_RESULT([$flock_works])
     116        # Old versions of flock do not support --verbose. They fail
     117        # without executing the command but still return 0. Check for
     118        # this behavior by testing if the rm command was executed.
     119        AC_MSG_CHECKING([whether ${FLOCK} supports --verbose])
     120        testfile="$(mktemp)"
     121        AS_IF([${FLOCK} --verbose --timeout 1 ${lockfile} rm "${testfile}" \
     122                        >&AS_MESSAGE_LOG_FD 2>&1; test ! -e "${testfile}"],
     123              [flock_verbose="yes"; FLOCK="${FLOCK} --verbose"],
     124              [flock_verbose="no"; rm "${testfile}"])
     125        AC_MSG_RESULT([$flock_verbose])
    75126        rm "${lockfile}"
    76         AC_MSG_RESULT([$flock_works])
    77127      ],
    78128      [flock_works="no"])
     
    81131               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
    82132
     133# openssl is needed as the responder for OCSP tests
     134AC_PATH_PROG([OPENSSL], [openssl], [no])
     135# OCSP checks with gnutls-cli from GnuTLS versions before 3.3.23,
     136# 3.4.12, or 3.5.1 (on the respective 3.x branch) fail if intermediate
     137# CAs cannot be status checked, even if there are no intermediate CAs
     138# like in the mod_gnutls test suite where end entity certificates are
     139# directly issued by a root CA.
     140AC_MSG_CHECKING([for gnutls-cli version supporting OCSP for EE under root CA])
     141AC_PREPROC_IFELSE(
     142        [AC_LANG_SOURCE([[#include "gnutls/gnutls.h"
     143                        #if GNUTLS_VERSION_NUMBER < 0x030317
     144                        #error
     145                        #elif GNUTLS_VERSION_NUMBER >= 0x030400 && GNUTLS_VERSION_NUMBER < 0x03040c
     146                        #error
     147                        #elif GNUTLS_VERSION_NUMBER == 0x030500
     148                        #error
     149                        #endif
     150                        ]])],
     151        [gnutls_ocsp_ok="yes"],
     152        [gnutls_ocsp_ok="no"],
     153)
     154AC_MSG_RESULT([$gnutls_ocsp_ok])
     155AM_CONDITIONAL([ENABLE_OCSP_TEST], [test "${OPENSSL}" != "no" && test "${gnutls_ocsp_ok}" = "yes"])
     156
    83157dnl Enable test namespaces? Default is "yes".
    84158AC_ARG_ENABLE(test-namespaces,
    85         AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
    86         namespaces to run tests in parallel (some architectures might not \
    87         support it)]),
     159        AS_HELP_STRING([--disable-test-namespaces], [Disable use of \
     160        namespaces for tests (limits parallelization)]),
    88161        [use_netns=$enableval], [use_netns=yes])
    89162
    90 # Check if "unshare" is available and has permission to create network
    91 # and user namespaces
     163# Check if "unshare" is available and has permission to create
     164# network, IPC, and user namespaces
    92165AC_PATH_PROG([UNSHARE], [unshare], [no])
    93166AS_IF([test "${UNSHARE}" != "no"],
    94167      [
    95         AC_MSG_CHECKING([for permission to create network and user namespaces])
    96         AS_IF([${UNSHARE} --net -r /bin/sh -c \
     168        AC_MSG_CHECKING([for permission to use namespaces])
     169        AS_IF([${UNSHARE} --net --ipc -r /bin/sh -c \
    97170                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
    98171              [unshare_works="yes"], [unshare_works="no"])
     
    108181# and test specific PID files if using namespaces, defaults otherwise.
    109182AS_IF([test "$use_netns" = "yes"],
    110       [MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"],
    111       [MUTEX_TYPE="default"; PID_AFFIX=""])
    112 AC_SUBST(MUTEX_TYPE)
     183      [MUTEX_CONF="Mutex pthread default"; PID_AFFIX="-\${TEST_NAME}"],
     184      [MUTEX_CONF=""; PID_AFFIX=""])
     185AC_SUBST(MUTEX_CONF)
    113186AC_SUBST(PID_AFFIX)
    114 AM_SUBST_NOTMAKE(MUTEX_TYPE)
     187AM_SUBST_NOTMAKE(MUTEX_CONF)
    115188AM_SUBST_NOTMAKE(PID_AFFIX)
    116189
     
    133206AC_MSG_RESULT($use_msva)
    134207
    135 have_apr_memcache=0
    136 CHECK_APR_MEMCACHE([have_apr_memcache=1], [have_apr_memcache=0])
    137 AC_SUBST(have_apr_memcache)
    138 
    139208# Building documentation requires pandoc, which in turn needs pdflatex
    140209# to build PDF output.
     
    144213        AC_PATH_PROG([PDFLATEX], [pdflatex], [no])
    145214        if test "$PDFLATEX" != "no"; then
    146                 build_doc=yes
     215                build_doc="html, manual page, pdf"
    147216        else
    148                 build_doc="html only"
     217                build_doc="html, manual page"
    149218        fi
    150219else
     
    169238AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
    170239
    171 MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
    172 MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
     240MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${GNUTLS_FEAT_CFLAGS} ${MSVA_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
     241MODULE_LIBS="${LIBGNUTLS_LIBS}"
     242
     243AC_PATH_PROGS([SOFTHSM], [softhsm2-util softhsm], [no])
     244if test "${SOFTHSM}" != "no"; then
     245        softhsm_version=$(${SOFTHSM} --version)
     246        AS_VERSION_COMPARE([$(${SOFTHSM} --version)], [2.0.0],
     247                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [1])],
     248                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])],
     249                           [AC_SUBST(SOFTHSM_MAJOR_VERSION, [2])])
     250fi
     251AM_CONDITIONAL([HAVE_SOFTHSM], [test "${SOFTHSM}" != "no"])
     252AM_CONDITIONAL([HAVE_SOFTHSM1], [test "${SOFTHSM_MAJOR_VERSION}" = "1"])
     253AM_CONDITIONAL([HAVE_SOFTHSM2], [test "${SOFTHSM_MAJOR_VERSION}" = "2"])
    173254
    174255AC_SUBST(MODULE_CFLAGS)
     
    185266                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
    186267                      enclosed in square brackets.])
    187 AM_SUBST_NOTMAKE(TEST_IP)
     268
     269: ${TEST_LOCK_WAIT:="30"}
     270: ${TEST_QUERY_TIMEOUT:="30"}
     271AC_ARG_VAR([TEST_LOCK_WAIT], [Timeout in seconds to acquire locks for \
     272                             Apache instances in the test suite, or the \
     273                             previous instance to remove its PID file if \
     274                             flock is not used. Default is 30.])
     275AC_ARG_VAR([TEST_QUERY_TIMEOUT], [Timeout in seconds for HTTPS requests \
     276                                 sent using gnutls-cli in the test suite. \
     277                                 Default is 30.])
     278
     279dnl Allow user to set SoftHSM PKCS #11 module
     280AC_ARG_VAR([SOFTHSM_LIB], [Absolute path of the SoftHSM PKCS @%:@11 module to \
     281                          use. By default the test suite will search common \
     282                          library paths.])
    188283
    189284dnl Build list of "Listen" statements for Apache
    190 LISTEN_LIST="# Listen addresses for the test servers"
     285LISTEN_LIST="@%:@ Listen addresses for the test servers"
    191286for i in ${TEST_IP}; do
    192287        LISTEN_LIST="${LISTEN_LIST}
    193288Listen ${i}:\${TEST_PORT}"
    194289done
    195 dnl HTTP ports, only active if TEST_HTTP_PORT is defined
     290# Available extra ports, tests can "Define" variables of the listed
     291# names in their apache.conf to enable them.
     292for j in TEST_HTTP_PORT; do
    196293LISTEN_LIST="${LISTEN_LIST}
    197 <IfDefine TEST_HTTP_PORT>"
     294<IfDefine ${j}>"
    198295for i in ${TEST_IP}; do
    199296        LISTEN_LIST="${LISTEN_LIST}
    200         Listen ${i}:\${TEST_HTTP_PORT}"
     297        Listen ${i}:\${${j}}"
    201298done
    202299LISTEN_LIST="${LISTEN_LIST}
    203300</IfDefine>"
     301done
    204302AC_SUBST(LISTEN_LIST)
    205303AM_SUBST_NOTMAKE(LISTEN_LIST)
    206304
     305DX_DOXYGEN_FEATURE(ON)
     306DX_DOT_FEATURE(ON)
     307DX_HTML_FEATURE(ON)
     308DX_MAN_FEATURE(OFF)
     309DX_RTF_FEATURE(OFF)
     310DX_XML_FEATURE(OFF)
     311DX_PDF_FEATURE(OFF)
     312DX_PS_FEATURE(OFF)
     313DX_INIT_DOXYGEN([mod_gnutls], [doc/doxygen.conf], [doc/api])
     314
    207315AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
    208                         doc/Makefile include/mod_gnutls.h \
    209                         test/proxy_backend.conf \
     316                        doc/Makefile doc/doxygen.conf include/mod_gnutls.h \
     317                        test/proxy_backend.conf test/ocsp_server.conf \
     318                        test/apache-conf/early_sni.conf \
    210319                        test/apache-conf/listen.conf \
    211320                        test/apache-conf/netns.conf])
     
    218327echo "   * Apache Modules directory:    ${AP_LIBEXECDIR}"
    219328echo "   * GnuTLS Library version:      ${LIBGNUTLS_VERSION}"
     329echo "   * CFLAGS for GnuTLS:           ${LIBGNUTLS_CFLAGS}"
     330echo "   * LDFLAGS for GnuTLS:  ${LIBGNUTLS_LIBS}"
    220331echo "   * SRP Authentication:  ${use_srp}"
    221332echo "   * MSVA Client Verification:    ${use_msva}"
     333echo "   * Early SNI:                   ${early_sni}"
    222334echo "   * Build documentation: ${build_doc}"
    223335echo ""
Note: See TracChangeset for help on using the changeset viewer.