if test -z "$module_standalone"; then
if test -z "$2"; then
- libname="mod_$1.la"
+ # The filename of a convenience library must have a "lib" prefix:
+ libname="lib$1.la"
BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
modpath_static="$modpath_static $libname"
cat >>$modpath_current/modules.mk<<EOF
if test "$enable_$1" != "no"; then
case "$enable_$1" in
shared*)
- enable_$1=`echo $ac_n $enable_$1$ac_c|sed 's/shared,*//'`
+ enable_$1=`echo $enable_$1|sed 's/shared,*//'`
sharedobjs=yes
shared=yes
DSO_MODULES="$DSO_MODULES $1"
module_default=yes
AC_ARG_ENABLE(modules,
- APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Modules to enable),[
+ APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
else
+ i=`echo $i | sed 's/-/_/g'`
eval "enable_$i=yes"
fi
done
])
AC_ARG_ENABLE(mods-shared,
- APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Shared modules to enable),[
+ APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Space-separated list of shared modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
dnl Determine the SSL/TLS toolkit's base directory, if any
AC_MSG_CHECKING(for SSL/TLS toolkit base)
- AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,SSL/TLS toolkit), [
+ AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS toolkit), [
+ dnl If --with-sslc specifies a directory, we use that directory or fail
+ if test "x$withval" != "xyes" -a "x$withval" != "x"; then
+ dnl This ensures $withval is actually a directory and that it is absolute
+ ap_ssltk_base="`cd $withval ; pwd`"
+ fi
+ ap_ssltk_type="sslc"
+ ])
+ AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL SSL/TLS toolkit), [
dnl If --with-ssl specifies a directory, we use that directory or fail
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
dnl This ensures $withval is actually a directory and that it is absolute
ap_ssltk_inc="-I$ap_ssltk_base/include"
CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
fi
- AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [])
if test "x$ap_ssltk_type" = "x"; then
- AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
- if test "x$ap_ssltk_type" = "x"; then
- AC_MSG_ERROR([No SSL/TLS headers were available])
- fi
- dnl so it's OpenSSL - report, then test for a good version
- echo "... SSL/TLS support configuring for OpenSSL"
AC_MSG_CHECKING(for OpenSSL version)
- AC_TRY_COMPILE([#include <openssl/opensslv.h>],
-[#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x0090609f
-#error "invalid openssl version"
+ dnl First check for manditory headers
+ AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
+ if test "$ap_ssltk_type" = "openssl"; then
+ dnl so it's OpenSSL - test for a good version
+ AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
+#if !defined(OPENSSL_VERSION_NUMBER)
+#error "Missing openssl version"
+#endif
+#if (OPENSSL_VERSION_NUMBER < 0x009060af) \
+ || ((OPENSSL_VERSION_NUMBER > 0x00907000) && (OPENSSL_VERSION_NUMBER < 0x0090702f))
+#error "Insecure openssl version " OPENSSL_VERSION_TEXT
#endif],
+ [AC_MSG_RESULT(OK)],
[dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
- AC_MSG_RESULT(OK)],
- [AC_MSG_RESULT([not encouraging])
- echo "WARNING: OpenSSL version may contain security vulnerabilities!"])
-
- else
-
- dnl so it's SSL-C - report, then test anything relevant
- echo "... SSL/TLS support configuring for SSL-C"
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: OpenSSL version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ dnl Look for additional, possibly missing headers
+ AC_CHECK_HEADERS(openssl/engine.h)
+ else
+ AC_MSG_RESULT([no OpenSSL headers found])
+ fi
+ fi
+ if test "$ap_ssltk_type" != "openssl"; then
+ dnl Might be SSL-C - report, then test anything relevant
AC_MSG_CHECKING(for SSL-C version)
- dnl FIXME: we currently don't check anything for SSL-C
- AC_MSG_RESULT([OK, but I didn't really check])
+ AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [ap_ssltk_type=""])
+ if test "$ap_ssltk_type" = "sslc"; then
+ AC_MSG_CHECKING(for SSL-C version)
+ AC_TRY_COMPILE([#include <sslc.h>],[
+#if !defined(SSLC_VERSION_NUMBER)
+#error "Missing SSL-C version"
+#endif
+#if SSLC_VERSION_NUMBER < 0x2310
+#define stringize_ver(x) #x
+#error "Insecure SSL-C version " stringize_ver(SSLC_VERSION_NUMBER)
+#endif],
+ [AC_MSG_RESULT(OK)],
+ [dnl Replace this with SSLC_VERSION_NUMBER?
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: SSL-C version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ else
+ AC_MSG_RESULT([no SSL-C headers found])
+ fi
fi
dnl restore
CPPFLAGS=$saved_CPPFLAGS
+ if test "x$ap_ssltk_type" = "x"; then
+ AC_MSG_ERROR([...No recognized SSL/TLS toolkit detected])
+ fi
- dnl Run library checks
+ dnl Run library and function checks
saved_LDFLAGS=$LDFLAGS
saved_LIBS=$LIBS
if test "x$ap_ssltk_base" != "x"; then
dnl make sure "other" flags are available so libcrypto and libssl can link
LIBS="$LIBS `$apr_config --libs`"
liberrors=""
- AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
- AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
- if test "x$liberrors" != "x"; then
- AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
+ if test "$ap_ssltk_type" = "openssl"; then
+ AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
+ AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
+ AC_CHECK_FUNCS(ENGINE_init)
+ AC_CHECK_FUNCS(ENGINE_load_builtin_engines)
+ else
+ AC_CHECK_LIB(sslc, SSLC_library_version, [], [liberrors="yes"])
+ AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"])
+ AC_CHECK_FUNCS(SSL_set_state)
fi
+ AC_CHECK_FUNCS(SSL_set_cert_store)
dnl restore
LDFLAGS=$saved_LDFLAGS
LIBS=$saved_LIBS
+ if test "x$liberrors" != "x"; then
+ AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
+ fi
dnl Adjust apache's configuration based on what we found above.
dnl (a) define preprocessor symbols
if test "$ap_ssltk_type" = "openssl"; then
- AC_DEFINE(HAVE_OPENSSL)
+ AC_DEFINE(HAVE_OPENSSL, 1, [Define if SSL is supported using OpenSSL])
else
- AC_DEFINE(HAVE_SSLC)
+ AC_DEFINE(HAVE_SSLC, 1, [Define if SSL is supported using SSL-C])
fi
dnl (b) hook up include paths
if test "x$ap_ssltk_inc" != "x"; then
if test "x$ap_ssltk_lib" != "x"; then
APR_ADDTO(LDFLAGS, ["-L$ap_ssltk_lib"])
if test "x$ap_platform_runtime_link_flag" != "x"; then
- APR_ADDTO(LDFLAGS, ["$ap_platform_runtime_link_flag$ap_ssltk_libdir"])
+ APR_ADDTO(LDFLAGS, ["$ap_platform_runtime_link_flag$ap_ssltk_lib"])
fi
fi
- dnl (d) add "-lssl -lcrypto" to LIBS because restoring LIBS after
- dnl AC_CHECK_LIB() obliterates any flags AC_CHECK_LIB() added.
- APR_ADDTO(LIBS, [-lssl -lcrypto])
+ dnl (d) add "-lssl -lcrypto" OR "-lsslc" to LIBS because restoring LIBS
+ dnl after AC_CHECK_LIB() obliterates any flags AC_CHECK_LIB() added.
+ if test "$ap_ssltk_type" = "openssl"; then
+ APR_ADDTO(LIBS, [-lssl -lcrypto])
+ else
+ APR_ADDTO(LIBS, [-lsslc])
+ fi
fi
])