APACHE_SUBST(DSO_MODULES)
APACHE_SUBST(APR_BINDIR)
APACHE_SUBST(APR_INCLUDEDIR)
+ APACHE_SUBST(APR_VERSION)
+ APACHE_SUBST(APR_CONFIG)
APACHE_SUBST(APU_BINDIR)
APACHE_SUBST(APU_INCLUDEDIR)
+ APACHE_SUBST(APU_VERSION)
+ APACHE_SUBST(APU_CONFIG)
abs_srcdir="`(cd $srcdir && pwd)`"
if test -z "$module_standalone"; then
if test -z "$2"; then
- libname="mod_$1.la"
+ # The filename of a convenience library must have a "lib" prefix:
+ libname="libmod_$1.la"
BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
modpath_static="$modpath_static $libname"
cat >>$modpath_current/modules.mk<<EOF
$libname: $objects
- \$(MOD_LINK) $objects
+ \$(MOD_LINK) $objects $5
EOF
else
apache_need_shared=yes
if test "$enable_$1" != "no"; then
case "$enable_$1" in
shared*)
- enable_$1=`echo $ac_n $enable_$1$ac_c|sed 's/shared,*//'`
+ enable_$1=`echo $enable_$1|sed 's/shared,*//'`
sharedobjs=yes
shared=yes
DSO_MODULES="$DSO_MODULES $1"
fi
shared="";;
esac
- APACHE_MODPATH_ADD($1, $shared, $3)
+ define([modprefix], [MOD_]translit($1, [a-z-], [A-Z_]))
+ APACHE_MODPATH_ADD($1, $shared, $3,, [\$(]modprefix[_LDADD)])
+ APACHE_SUBST(modprefix[_LDADD])
+ undefine([modprefix])
fi
])dnl
module_default=yes
AC_ARG_ENABLE(modules,
- APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Modules to enable),[
+ APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
else
+ i=`echo $i | sed 's/-/_/g'`
eval "enable_$i=yes"
fi
done
])
AC_ARG_ENABLE(mods-shared,
- APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Shared modules to enable),[
+ APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Space-separated list of shared modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
dnl Determine the SSL/TLS toolkit's base directory, if any
AC_MSG_CHECKING(for SSL/TLS toolkit base)
- AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,SSL/TLS toolkit), [
+ AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS toolkit), [
+ dnl If --with-sslc specifies a directory, we use that directory or fail
+ if test "x$withval" != "xyes" -a "x$withval" != "x"; then
+ dnl This ensures $withval is actually a directory and that it is absolute
+ ap_ssltk_base="`cd $withval ; pwd`"
+ fi
+ ap_ssltk_type="sslc"
+ ])
+ AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL SSL/TLS toolkit), [
dnl If --with-ssl specifies a directory, we use that directory or fail
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
dnl This ensures $withval is actually a directory and that it is absolute
ap_ssltk_inc="-I$ap_ssltk_base/include"
CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
fi
- AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [])
if test "x$ap_ssltk_type" = "x"; then
- AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
- if test "x$ap_ssltk_type" = "x"; then
- AC_MSG_ERROR([No SSL/TLS headers were available])
- fi
- dnl so it's OpenSSL - report, then test for a good version
- echo "... SSL/TLS support configuring for OpenSSL"
AC_MSG_CHECKING(for OpenSSL version)
- AC_TRY_COMPILE([#include <openssl/opensslv.h>],
-[#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x0090609f
-#error "invalid openssl version"
+ dnl First check for manditory headers
+ AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
+ if test "$ap_ssltk_type" = "openssl"; then
+ dnl so it's OpenSSL - test for a good version
+ AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
+#if !defined(OPENSSL_VERSION_NUMBER)
+#error "Missing openssl version"
+#endif
+#if (OPENSSL_VERSION_NUMBER < 0x009060af) \
+ || ((OPENSSL_VERSION_NUMBER > 0x00907000) && (OPENSSL_VERSION_NUMBER < 0x0090702f))
+#error "Insecure openssl version " OPENSSL_VERSION_TEXT
#endif],
+ [AC_MSG_RESULT(OK)],
[dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
- AC_MSG_RESULT(OK)],
- [AC_MSG_RESULT([not encouraging])
- echo "WARNING: OpenSSL version may contain security vulnerabilities!"])
-
- else
-
- dnl so it's SSL-C - report, then test anything relevant
- echo "... SSL/TLS support configuring for SSL-C"
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: OpenSSL version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ dnl Look for additional, possibly missing headers
+ AC_CHECK_HEADERS(openssl/engine.h)
+ if test -n "$PKGCONFIG"; then
+ $PKGCONFIG openssl
+ if test $? -eq 0; then
+ ap_ssltk_inc="$ap_ssltk_inc `$PKGCONFIG --cflags-only-I openssl`"
+ CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
+ fi
+ fi
+ else
+ AC_MSG_RESULT([no OpenSSL headers found])
+ fi
+ fi
+ if test "$ap_ssltk_type" != "openssl"; then
+ dnl Might be SSL-C - report, then test anything relevant
AC_MSG_CHECKING(for SSL-C version)
- AC_TRY_COMPILE([#include <sslc.h>],
-[#if !defined(SSLC_VERSION_NUMBER) || SSLC_VERSION_NUMBER < 0x2100
-#error "invalid SSL-C version"
+ AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [ap_ssltk_type=""])
+ if test "$ap_ssltk_type" = "sslc"; then
+ AC_MSG_CHECKING(for SSL-C version)
+ AC_TRY_COMPILE([#include <sslc.h>],[
+#if !defined(SSLC_VERSION_NUMBER)
+#error "Missing SSL-C version"
+#endif
+#if SSLC_VERSION_NUMBER < 0x2310
+#define stringize_ver(x) #x
+#error "Insecure SSL-C version " stringize_ver(SSLC_VERSION_NUMBER)
#endif],
- [AC_MSG_RESULT(OK)],
- [AC_MSG_ERROR([SSL-C Versions < 2.1 has not been tested])])
+ [AC_MSG_RESULT(OK)],
+ [dnl Replace this with SSLC_VERSION_NUMBER?
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: SSL-C version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ else
+ AC_MSG_RESULT([no SSL-C headers found])
+ fi
fi
dnl restore
CPPFLAGS=$saved_CPPFLAGS
+ if test "x$ap_ssltk_type" = "x"; then
+ AC_MSG_ERROR([...No recognized SSL/TLS toolkit detected])
+ fi
- dnl Run library checks
+ dnl Run library and function checks
saved_LDFLAGS=$LDFLAGS
saved_LIBS=$LIBS
if test "x$ap_ssltk_base" != "x"; then
AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
AC_CHECK_FUNCS(ENGINE_init)
+ AC_CHECK_FUNCS(ENGINE_load_builtin_engines)
else
AC_CHECK_LIB(sslc, SSLC_library_version, [], [liberrors="yes"])
AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"])
AC_CHECK_FUNCS(SSL_set_state)
fi
AC_CHECK_FUNCS(SSL_set_cert_store)
- if test "x$liberrors" != "x"; then
- AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
- fi
dnl restore
LDFLAGS=$saved_LDFLAGS
LIBS=$saved_LIBS
+ if test "x$liberrors" != "x"; then
+ AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
+ fi
dnl Adjust apache's configuration based on what we found above.
dnl (a) define preprocessor symbols
if test "$ap_ssltk_type" = "openssl"; then
- AC_DEFINE(HAVE_OPENSSL)
+ AC_DEFINE(HAVE_OPENSSL, 1, [Define if SSL is supported using OpenSSL])
else
- AC_DEFINE(HAVE_SSLC)
+ AC_DEFINE(HAVE_SSLC, 1, [Define if SSL is supported using SSL-C])
fi
dnl (b) hook up include paths
if test "x$ap_ssltk_inc" != "x"; then
APR_ADDTO(LDFLAGS, ["$ap_platform_runtime_link_flag$ap_ssltk_lib"])
fi
fi
- dnl (d) add "-lssl -lcrypto" OR "-lsslc" to LIBS because restoring LIBS
- dnl after AC_CHECK_LIB() obliterates any flags AC_CHECK_LIB() added.
+ # Put SSL libraries in SSL_LIBS.
if test "$ap_ssltk_type" = "openssl"; then
- APR_ADDTO(LIBS, [-lssl -lcrypto])
+ APR_SETVAR(SSL_LIBS, [-lssl -lcrypto])
+ if test -n "$PKGCONFIG"; then
+ $PKGCONFIG openssl
+ if test $? -eq 0; then
+ ap_ssltk_libdep=`$PKGCONFIG --libs openssl`
+ APR_ADDTO(SSL_LIBS, $ap_ssltk_libdep)
+ fi
+ fi
else
- APR_ADDTO(LIBS, [-lsslc])
+ APR_SETVAR(SSL_LIBS, [-lsslc])
fi
+ APACHE_SUBST(SSL_LIBS)
fi
])