From 6c1331f7335217a175d4678c3b31c98e5302730e Mon Sep 17 00:00:00 2001 From: Matt Benjamin Date: Tue, 21 Jun 2016 15:59:18 -0400 Subject: [PATCH] automake, ssl: real openssl detection, fix ssl linkage w/NSS This change mainly intends to prevent linking with libssl when the crypto provider is NSS, which provides an SSL implementation (the implementation we must use and prefer when NSS is selected). Secondarily, actually detect openssl when it is selected, which happens by default and co-selects with cryptopp. To do this, we import the ax_check_openssl.m4 from the automake archive. Signed-off-by: Matt Benjamin --- configure.ac | 11 ++++ m4/ax_c_var_func.m4 | 11 ++-- m4/ax_check_compile_flag.m4 | 12 ++-- m4/ax_check_openssl.m4 | 124 ++++++++++++++++++++++++++++++++++++ src/rgw/Makefile.am | 4 +- 5 files changed, 150 insertions(+), 12 deletions(-) create mode 100644 m4/ax_check_openssl.m4 diff --git a/configure.ac b/configure.ac index b83cdf9e4e91e0..2f2cb12eff93d8 100644 --- a/configure.ac +++ b/configure.ac @@ -439,6 +439,8 @@ if test "x$have_nss" = "xno" -a "x$with_nss" != "xcheck" -a "x$with_nss" != "xno AC_MSG_FAILURE([--with-nss was given, but library was not found]) fi +AC_MSG_NOTICE([NSS is selected, now we really do something]) + # now decide which crypto library to really use if test "x$have_cryptopp" = "xyes"; then AC_MSG_NOTICE([using cryptopp for cryptography]) @@ -447,6 +449,14 @@ if test "x$have_cryptopp" = "xyes"; then #AC_SUBST([CRYPTO_CXXFLAGS], [$CRYPTOPP_CXXFLAGS]) AM_CXXFLAGS="${AM_CXXFLAGS} ${CRYPTOPP_CXXFLAGS}" AC_SUBST([CRYPTO_LIBS], [$CRYPTOPP_LIBS]) + # OpenSSL -- defines OPENSSL_{INCLUDES,LIBS,LDFLAGS} on success + AX_CHECK_OPENSSL([], [found_openssl=1], [found_openssl=0]) + if test $found_openssl = 1; then + AC_MSG_FAILURE([CryptoPP build selected but OpenSSL not found]) + else + AC_SUBST([SSL_INCLUDES], [$OPENSSL_INCLUDES]) + AC_SUBST([SSL_LIBS], [$OPENSSL_LIBS]) + fi elif test "x$have_nss" = "xyes"; then AC_MSG_NOTICE([using nss for cryptography]) AC_DEFINE([USE_NSS], [1], [Define if using NSS.]) @@ -455,6 +465,7 @@ elif test "x$have_nss" = "xyes"; then #AC_SUBST([CRYPTO_CXXFLAGS], [$NSS_CFLAGS $NSS_CXXFLAGS]) AM_CXXFLAGS="${AM_CXXFLAGS} ${NSS_CFLAGS} ${NSS_CXXFLAGS}" AC_SUBST([CRYPTO_LIBS], [$NSS_LIBS]) + AC_SUBST([SSL_LIBS], [$NSS_LIBS]) else AC_MSG_FAILURE([no suitable crypto library found]) fi diff --git a/m4/ax_c_var_func.m4 b/m4/ax_c_var_func.m4 index 8b57563621d8f3..2893d3cbad0055 100644 --- a/m4/ax_c_var_func.m4 +++ b/m4/ax_c_var_func.m4 @@ -50,17 +50,18 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 5 +#serial 6 AU_ALIAS([AC_C_VAR_FUNC], [AX_C_VAR_FUNC]) AC_DEFUN([AX_C_VAR_FUNC], [AC_REQUIRE([AC_PROG_CC]) AC_CACHE_CHECK(whether $CC recognizes __func__, ac_cv_c_var_func, AC_TRY_COMPILE(, -[ +[int main() { char *s = __func__; -], -AC_DEFINE(HAVE_FUNC,, -[Define if the C complier supports __func__]) ac_cv_c_var_func=yes, +}], ac_cv_c_var_func=yes, ac_cv_c_var_func=no) ) +if test "x$ac_cv_c_var_func" = xyes; then + AC_DEFINE(HAVE_FUNC,,[Define if the C complier supports __func__]) +fi ])dnl diff --git a/m4/ax_check_compile_flag.m4 b/m4/ax_check_compile_flag.m4 index c3a8d695a1bcda..ca3639715e7243 100644 --- a/m4/ax_check_compile_flag.m4 +++ b/m4/ax_check_compile_flag.m4 @@ -4,7 +4,7 @@ # # SYNOPSIS # -# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS]) +# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) # # DESCRIPTION # @@ -19,6 +19,8 @@ # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to # force the compiler to issue an error when a bad flag is given. # +# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +# # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. # @@ -53,19 +55,19 @@ # modified version of the Autoconf Macro, you may extend this special # exception to the GPL to apply to your modified version as well. -#serial 2 +#serial 4 AC_DEFUN([AX_CHECK_COMPILE_FLAG], -[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX +[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], + AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], [AS_VAR_SET(CACHEVAR,[yes])], [AS_VAR_SET(CACHEVAR,[no])]) _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) -AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes], +AS_VAR_IF(CACHEVAR,yes, [m4_default([$2], :)], [m4_default([$3], :)]) AS_VAR_POPDEF([CACHEVAR])dnl diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 new file mode 100644 index 00000000000000..a87c5a6b6f93ba --- /dev/null +++ b/m4/ax_check_openssl.m4 @@ -0,0 +1,124 @@ +# =========================================================================== +# http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]]) +# +# DESCRIPTION +# +# Look for OpenSSL in a number of default spots, or in a user-selected +# spot (via --with-openssl). Sets +# +# OPENSSL_INCLUDES to the include directives required +# OPENSSL_LIBS to the -l directives required +# OPENSSL_LDFLAGS to the -L or -R flags required +# +# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately +# +# This macro sets OPENSSL_INCLUDES such that source files should use the +# openssl/ directory in include directives: +# +# #include +# +# LICENSE +# +# Copyright (c) 2009,2010 Zmanda Inc. +# Copyright (c) 2009,2010 Dustin J. Mitchell +# +# Copying and distribution of this file, with or without modification, are +# permitted in any medium without royalty provided the copyright notice +# and this notice are preserved. This file is offered as-is, without any +# warranty. + +#serial 8 + +AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL]) +AC_DEFUN([AX_CHECK_OPENSSL], [ + found=false + AC_ARG_WITH([openssl], + [AS_HELP_STRING([--with-openssl=DIR], + [root of the OpenSSL directory])], + [ + case "$withval" in + "" | y | ye | yes | n | no) + AC_MSG_ERROR([Invalid --with-openssl value]) + ;; + *) ssldirs="$withval" + ;; + esac + ], [ + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + AC_PATH_PROG([PKG_CONFIG], [pkg-config]) + if test x"$PKG_CONFIG" != x""; then + OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` + if test $? = 0; then + OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` + OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` + found=true + fi + fi + + # no such luck; use some default ssldirs + if ! $found; then + ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" + fi + ] + ) + + + # note that we #include , so the OpenSSL headers have to be in + # an 'openssl' subdirectory + + if ! $found; then + OPENSSL_INCLUDES= + for ssldir in $ssldirs; do + AC_MSG_CHECKING([for openssl/ssl.h in $ssldir]) + if test -f "$ssldir/include/openssl/ssl.h"; then + OPENSSL_INCLUDES="-I$ssldir/include" + OPENSSL_LDFLAGS="-L$ssldir/lib" + OPENSSL_LIBS="-lssl -lcrypto" + found=true + AC_MSG_RESULT([yes]) + break + else + AC_MSG_RESULT([no]) + fi + done + + # if the file wasn't found, well, go ahead and try the link anyway -- maybe + # it will just work! + fi + + # try the preprocessor and linker with our new flags, + # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS + + AC_MSG_CHECKING([whether compiling and linking against OpenSSL works]) + echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \ + "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD + + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" + save_CPPFLAGS="$CPPFLAGS" + LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS" + LIBS="$OPENSSL_LIBS $LIBS" + CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS" + AC_LINK_IFELSE( + [AC_LANG_PROGRAM([#include ], [SSL_new(NULL)])], + [ + AC_MSG_RESULT([yes]) + $1 + ], [ + AC_MSG_RESULT([no]) + $2 + ]) + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + + AC_SUBST([OPENSSL_INCLUDES]) + AC_SUBST([OPENSSL_LIBS]) + AC_SUBST([OPENSSL_LDFLAGS]) +]) diff --git a/src/rgw/Makefile.am b/src/rgw/Makefile.am index 25931cfefd3524..59179c217711d8 100644 --- a/src/rgw/Makefile.am +++ b/src/rgw/Makefile.am @@ -143,8 +143,8 @@ libcivetweb_la_SOURCES = \ libcivetweb_la_CXXFLAGS = ${CIVETWEB_INCLUDE} -fPIC -Woverloaded-virtual \ ${AM_CXXFLAGS} -libcivetweb_la_CFLAGS = -I$(srcdir)/civetweb/include ${CIVETWEB_INCLUDE} -fPIC -DNO_SSL_DL -LIBCIVETWEB_DEPS += -lssl -lcrypto +libcivetweb_la_CFLAGS = -I$(srcdir)/civetweb/include ${CIVETWEB_INCLUDE} ${SSL_INCLUDES} -fPIC -DNO_SSL_DL +LIBCIVETWEB_DEPS += ${SSL_LIBS} noinst_LTLIBRARIES += libcivetweb.la