APACHE_SUBST(MODULE_DIRS)
APACHE_SUBST(MODULE_CLEANDIRS)
APACHE_SUBST(PORT)
+ APACHE_SUBST(nonssl_listen_stmt_1)
+ APACHE_SUBST(nonssl_listen_stmt_2)
APACHE_SUBST(CORE_IMPLIB_FILE)
APACHE_SUBST(CORE_IMPLIB)
APACHE_SUBST(SH_LIBS)
APACHE_SUBST(SH_LIBTOOL)
APACHE_SUBST(MK_IMPLIB)
+ APACHE_SUBST(MKDEP)
APACHE_SUBST(INSTALL_PROG_FLAGS)
APACHE_SUBST(DSO_MODULES)
+ APACHE_SUBST(APR_BINDIR)
+ APACHE_SUBST(APR_INCLUDEDIR)
+ APACHE_SUBST(APU_BINDIR)
+ APACHE_SUBST(APU_INCLUDEDIR)
abs_srcdir="`(cd $srcdir && pwd)`"
if test -z "$module_standalone"; then
if test -z "$2"; then
- libname="mod_$1.la"
+ # The filename of a convenience library must have a "lib" prefix:
+ libname="lib$1.la"
BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
modpath_static="$modpath_static $libname"
cat >>$modpath_current/modules.mk<<EOF
if test "$enable_$1" != "no"; then
case "$enable_$1" in
shared*)
- enable_$1=`echo $ac_n $enable_$1$ac_c|sed 's/shared,*//'`
+ enable_$1=`echo $enable_$1|sed 's/shared,*//'`
sharedobjs=yes
shared=yes
DSO_MODULES="$DSO_MODULES $1"
fi
])dnl
-dnl
-dnl APACHE_LAYOUT(configlayout, layoutname)
-dnl
-AC_DEFUN(APACHE_LAYOUT,[
- if test ! -f $srcdir/config.layout; then
- echo "** Error: Layout file $srcdir/config.layout not found"
- echo "** Error: Cannot use undefined layout '$LAYOUT'"
- exit 1
- fi
- pldconf=./config.pld
- changequote({,})
- sed -e "1,/[ ]*<[lL]ayout[ ]*$2[ ]*>[ ]*/d" \
- -e '/[ ]*<\/Layout>[ ]*/,$d' \
- -e "s/^[ ]*//g" \
- -e "s/:[ ]*/=\'/g" \
- -e "s/[ ]*$/'/g" \
- $1 > $pldconf
- layout_name=$2
- . $pldconf
- rm $pldconf
- for var in prefix exec_prefix bindir sbindir libexecdir mandir \
- sysconfdir datadir errordir iconsdir htdocsdir cgidir \
- includedir localstatedir runtimedir logfiledir libdir \
- manualdir proxycachedir installbuilddir; do
- eval "val=\"\$$var\""
- case $val in
- *+)
- val=`echo $val | sed -e 's;\+$;;'`
- eval "$var=\"\$val\""
- autosuffix=yes
- ;;
- *)
- autosuffix=no
- ;;
- esac
- val=`echo $val | sed -e 's:\(.\)/*$:\1:'`
- val=`echo $val | sed -e 's:[\$]\([a-z_]*\):${\1}:g'`
- if test "$autosuffix" = "yes"; then
- if echo $val | grep apache >/dev/null; then
- addtarget=no
- else
- addtarget=yes
- fi
- if test "$addtarget" = "yes"; then
- val="$val/apache2"
- fi
- fi
- eval "$var='$val'"
- done
- changequote([,])
-])dnl
-
-dnl
-dnl APACHE_ENABLE_LAYOUT
-dnl
-AC_DEFUN(APACHE_ENABLE_LAYOUT,[
-AC_ARG_ENABLE(layout,
-[ --enable-layout=LAYOUT],[
- LAYOUT=$enableval
-])
-
-if test -z "$LAYOUT"; then
- LAYOUT="Apache"
-fi
-APACHE_LAYOUT($srcdir/config.layout, $LAYOUT)
-
-AC_MSG_CHECKING(for chosen layout)
-AC_MSG_RESULT($layout_name)
-])
-
dnl
dnl APACHE_ENABLE_MODULES
dnl
module_default=yes
AC_ARG_ENABLE(modules,
- APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Modules to enable),[
+ APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
else
+ i=`echo $i | sed 's/-/_/g'`
eval "enable_$i=yes"
fi
done
])
AC_ARG_ENABLE(mods-shared,
- APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Shared modules to enable),[
+ APACHE_HELP_STRING(--enable-mods-shared=MODULE-LIST,Space-separated list of shared modules to enable | "all" | "most"),[
for i in $enableval; do
if test "$i" = "all" -o "$i" = "most"; then
module_selection=$i
dnl
dnl APACHE_CHECK_SSL_TOOLKIT
dnl
-dnl Find the openssl toolkit installation and check it for the right
-dnl version, then add its flags to INCLUDES and LIBS. This should
-dnl really be using a custom AC_TRY_COMPILE function to test the includes
-dnl and then AC_TRY_LINK to test the libraries directly for the version,
-dnl but that will require someone who knows how to program openssl.
+dnl Configure for the detected openssl/ssl-c toolkit installation, giving
+dnl preference to "--with-ssl=<path>" if it was specified.
dnl
AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
-if test "x$ap_ssltk_base" = "x"; then
- AC_MSG_CHECKING(for SSL/TLS toolkit base)
+if test "x$ap_ssltk_configured" = "x"; then
+ dnl initialise the variables we use
ap_ssltk_base=""
- AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,SSL/TLS toolkit (OpenSSL)), [
+ ap_ssltk_inc=""
+ ap_ssltk_lib=""
+ ap_ssltk_type=""
+
+ dnl Determine the SSL/TLS toolkit's base directory, if any
+ AC_MSG_CHECKING(for SSL/TLS toolkit base)
+ AC_ARG_WITH(sslc, APACHE_HELP_STRING(--with-sslc=DIR,RSA SSL-C SSL/TLS toolkit), [
+ dnl If --with-sslc specifies a directory, we use that directory or fail
if test "x$withval" != "xyes" -a "x$withval" != "x"; then
- ap_ssltk_base="$withval"
- if test -f "$ap_ssltk_base/bin/openssl"; then
- ap_ssltk_version="`$ap_ssltk_base/bin/openssl version`"
- else
- ap_ssltk_version="unknown"
- fi
+ dnl This ensures $withval is actually a directory and that it is absolute
+ ap_ssltk_base="`cd $withval ; pwd`"
+ fi
+ ap_ssltk_type="sslc"
+ ])
+ AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL SSL/TLS toolkit), [
+ dnl If --with-ssl specifies a directory, we use that directory or fail
+ if test "x$withval" != "xyes" -a "x$withval" != "x"; then
+ dnl This ensures $withval is actually a directory and that it is absolute
+ ap_ssltk_base="`cd $withval ; pwd`"
fi
])
if test "x$ap_ssltk_base" = "x"; then
- AC_CACHE_VAL(ap_cv_ssltk,[
- #
- # shotgun approach: find all occurrences of the openssl program
- #
- # The IFS=... trick eliminates the colons from $PATH, without using an external program
- for p in `IFS=":$IFS"; echo $PATH` /usr/local/openssl/bin /usr/local/ssl/bin; do
- if test -f "$p/openssl"; then
- ap_ssltk_version="`$p/openssl version`"
- if test "x$ap_ssltk_version" != "x"; then
- ap_cv_ssltk="`(cd $p/.. && pwd)`"
- break
- fi
- fi
- done
- if test "x$ap_cv_ssltk" = "x"; then
- AC_MSG_ERROR([requires OpenSSL 0.9.6e or higher])
- fi
- ])
- ap_ssltk_base="$ap_cv_ssltk"
+ AC_MSG_RESULT(none)
+ else
+ AC_MSG_RESULT($ap_ssltk_base)
fi
- if test ! -d $ap_ssltk_base; then
- AC_MSG_ERROR([invalid SSL/TLS toolkit base directory $ap_ssltk_base])
+
+ dnl Run header and version checks
+ saved_CPPFLAGS=$CPPFLAGS
+ if test "x$ap_ssltk_base" != "x"; then
+ ap_ssltk_inc="-I$ap_ssltk_base/include"
+ CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
fi
- AC_MSG_RESULT($ap_ssltk_base)
-
- AC_MSG_CHECKING(for SSL/TLS toolkit version)
- AC_MSG_RESULT($ap_ssltk_version)
- case "$ap_ssltk_version" in
- "OpenSSL "[[1-9]]* | \
- "OpenSSL "0.9.6[[e-z]]* | \
- "OpenSSL "0.9.[[7-9]]* | \
- "OpenSSL "0.[[1-9]][[0-9]]* )
- # okay versions that do not have known security holes
- ;;
- "OpenSSL"*)
- AC_MSG_WARN([OpenSSL versions prior to 0.9.6e have known security holes])
- ;;
- *)
- # unknown version -- assume the user knows what they are doing
- ;;
- esac
-
- AC_MSG_CHECKING(for SSL/TLS toolkit includes)
- ap_ssltk_incdir=""
- for p in $ap_ssltk_base/include /usr/local/openssl/include \
- /usr/local/ssl/include /usr/local/include /usr/include; do
- if test -f "$p/openssl/ssl.h"; then
- ap_ssltk_incdir="$p"
- break
- elif test -f "$p/ssl.h"; then
- ap_ssltk_incdir="$p"
- break
+ if test "x$ap_ssltk_type" = "x"; then
+ AC_MSG_CHECKING(for OpenSSL version)
+ dnl First check for manditory headers
+ AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], [])
+ if test "$ap_ssltk_type" = "openssl"; then
+ dnl so it's OpenSSL - test for a good version
+ AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
+#if !defined(OPENSSL_VERSION_NUMBER)
+#error "Missing openssl version"
+#endif
+#if (OPENSSL_VERSION_NUMBER < 0x009060af) \
+ || ((OPENSSL_VERSION_NUMBER > 0x00907000) && (OPENSSL_VERSION_NUMBER < 0x0090702f))
+#error "Insecure openssl version " OPENSSL_VERSION_TEXT
+#endif],
+ [AC_MSG_RESULT(OK)],
+ [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: OpenSSL version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ dnl Look for additional, possibly missing headers
+ AC_CHECK_HEADERS(openssl/engine.h)
+ else
+ AC_MSG_RESULT([no OpenSSL headers found])
fi
- done
- if test "x$ap_ssltk_incdir" = "x"; then
- AC_MSG_ERROR([OpenSSL headers not found])
fi
- AC_MSG_RESULT($ap_ssltk_incdir)
+ if test "$ap_ssltk_type" != "openssl"; then
+ dnl Might be SSL-C - report, then test anything relevant
+ AC_MSG_CHECKING(for SSL-C version)
+ AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [ap_ssltk_type=""])
+ if test "$ap_ssltk_type" = "sslc"; then
+ AC_MSG_CHECKING(for SSL-C version)
+ AC_TRY_COMPILE([#include <sslc.h>],[
+#if !defined(SSLC_VERSION_NUMBER)
+#error "Missing SSL-C version"
+#endif
+#if SSLC_VERSION_NUMBER < 0x2310
+#define stringize_ver(x) #x
+#error "Insecure SSL-C version " stringize_ver(SSLC_VERSION_NUMBER)
+#endif],
+ [AC_MSG_RESULT(OK)],
+ [dnl Replace this with SSLC_VERSION_NUMBER?
+ AC_MSG_RESULT([not encouraging])
+ echo "WARNING: SSL-C version may contain security vulnerabilities!"
+ echo " Ensure the latest security patches have been applied!"
+ ])
+ else
+ AC_MSG_RESULT([no SSL-C headers found])
+ fi
+ fi
+ dnl restore
+ CPPFLAGS=$saved_CPPFLAGS
+ if test "x$ap_ssltk_type" = "x"; then
+ AC_MSG_ERROR([...No recognized SSL/TLS toolkit detected])
+ fi
- AC_MSG_CHECKING(for SSL/TLS toolkit libraries)
- ap_ssltk_libdir=""
- for p in $ap_ssltk_base/lib /usr/local/openssl/lib \
- /usr/local/ssl/lib /usr/local/lib /usr/lib /lib /usr/lib64; do
- if test -f "$p/libssl.a" -o -f "$p/libssl.so" -o -f "$p/libssl.dylib"; then
- ap_ssltk_libdir="$p"
- break
+ dnl Run library and function checks
+ saved_LDFLAGS=$LDFLAGS
+ saved_LIBS=$LIBS
+ if test "x$ap_ssltk_base" != "x"; then
+ if test -d "$ap_ssltk_base/lib"; then
+ ap_ssltk_lib="$ap_ssltk_base/lib"
+ else
+ ap_ssltk_lib="$ap_ssltk_base"
fi
- done
- if test ".$ap_ssltk_libdir" = .; then
- AC_MSG_ERROR([OpenSSL libraries not found])
+ LDFLAGS="$LDFLAGS -L$ap_ssltk_lib"
+ fi
+ dnl make sure "other" flags are available so libcrypto and libssl can link
+ LIBS="$LIBS `$apr_config --libs`"
+ liberrors=""
+ if test "$ap_ssltk_type" = "openssl"; then
+ AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
+ AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
+ AC_CHECK_FUNCS(ENGINE_init)
+ AC_CHECK_FUNCS(ENGINE_load_builtin_engines)
+ else
+ AC_CHECK_LIB(sslc, SSLC_library_version, [], [liberrors="yes"])
+ AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"])
+ AC_CHECK_FUNCS(SSL_set_state)
+ fi
+ AC_CHECK_FUNCS(SSL_set_cert_store)
+ dnl restore
+ LDFLAGS=$saved_LDFLAGS
+ LIBS=$saved_LIBS
+ if test "x$liberrors" != "x"; then
+ AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
fi
- AC_MSG_RESULT($ap_ssltk_libdir)
- dnl # annotate the Apache build environment with determined information
- APR_ADDTO(INCLUDES, [-I$ap_ssltk_incdir/openssl])
- if test "x$ap_ssltk_incdir" != "x/usr/include"; then
- APR_ADDTO(INCLUDES, [-I$ap_ssltk_incdir])
+ dnl Adjust apache's configuration based on what we found above.
+ dnl (a) define preprocessor symbols
+ if test "$ap_ssltk_type" = "openssl"; then
+ AC_DEFINE(HAVE_OPENSSL, 1, [Define if SSL is supported using OpenSSL])
+ else
+ AC_DEFINE(HAVE_SSLC, 1, [Define if SSL is supported using SSL-C])
fi
- if test "x$ap_ssltk_libdir" != "x/usr/lib"; then
- APR_ADDTO(LDFLAGS, [-L$ap_ssltk_libdir])
+ dnl (b) hook up include paths
+ if test "x$ap_ssltk_inc" != "x"; then
+ APR_ADDTO(INCLUDES, [$ap_ssltk_inc])
+ fi
+ dnl (c) hook up linker paths
+ if test "x$ap_ssltk_lib" != "x"; then
+ APR_ADDTO(LDFLAGS, ["-L$ap_ssltk_lib"])
if test "x$ap_platform_runtime_link_flag" != "x"; then
- APR_ADDTO(LDFLAGS, [$ap_platform_runtime_link_flag$ap_ssltk_libdir])
+ APR_ADDTO(LDFLAGS, ["$ap_platform_runtime_link_flag$ap_ssltk_lib"])
fi
fi
- APR_ADDTO(LIBS, [-lssl -lcrypto])
- ap_cv_ssltk="$ap_ssltk_base"
+ dnl (d) add "-lssl -lcrypto" OR "-lsslc" to LIBS because restoring LIBS
+ dnl after AC_CHECK_LIB() obliterates any flags AC_CHECK_LIB() added.
+ if test "$ap_ssltk_type" = "openssl"; then
+ APR_ADDTO(LIBS, [-lssl -lcrypto])
+ else
+ APR_ADDTO(LIBS, [-lsslc])
+ fi
fi
])