Skip to content
Browse files

TS-2504: replace OpenSSL detection with AX_CHECK_OPENSSL

Use the ax_check_openssl.m4 macro from the autoconf archive so that
we don't need to carry around custom OpenSSL detection logic.
  • Loading branch information...
1 parent 4db27ec commit 6d3670bef7b274e51738a07ba61205431bf0aad7 @jpeach jpeach committed Jan 18, 2014
View
124 build/ax_check_openssl.m4
@@ -0,0 +1,124 @@
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Look for OpenSSL in a number of default spots, or in a user-selected
+# spot (via --with-openssl). Sets
+#
+# OPENSSL_INCLUDES to the include directives required
+# OPENSSL_LIBS to the -l directives required
+# OPENSSL_LDFLAGS to the -L or -R flags required
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# This macro sets OPENSSL_INCLUDES such that source files should use the
+# openssl/ directory in include directives:
+#
+# #include <openssl/hmac.h>
+#
+# LICENSE
+#
+# Copyright (c) 2009,2010 Zmanda Inc. <http://www.zmanda.com/>
+# Copyright (c) 2009,2010 Dustin J. Mitchell <dustin@zmanda.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 8
+
+AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
+AC_DEFUN([AX_CHECK_OPENSSL], [
+ found=false
+ AC_ARG_WITH([openssl],
+ [AS_HELP_STRING([--with-openssl=DIR],
+ [root of the OpenSSL directory])],
+ [
+ case "$withval" in
+ "" | y | ye | yes | n | no)
+ AC_MSG_ERROR([Invalid --with-openssl value])
+ ;;
+ *) ssldirs="$withval"
+ ;;
+ esac
+ ], [
+ # if pkg-config is installed and openssl has installed a .pc file,
+ # then use that information and don't search ssldirs
+ AC_PATH_PROG([PKG_CONFIG], [pkg-config])
+ if test x"$PKG_CONFIG" != x""; then
+ OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
+ if test $? = 0; then
+ OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
+ OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
+ found=true
+ fi
+ fi
+
+ # no such luck; use some default ssldirs
+ if ! $found; then
+ ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /opt/local /usr"
+ fi
+ ]
+ )
+
+
+ # note that we #include <openssl/foo.h>, so the OpenSSL headers have to be in
+ # an 'openssl' subdirectory
+
+ if ! $found; then
+ OPENSSL_INCLUDES=
+ for ssldir in $ssldirs; do
+ AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
+ if test -f "$ssldir/include/openssl/ssl.h"; then
+ OPENSSL_INCLUDES="-I$ssldir/include"
+ OPENSSL_LDFLAGS="-L$ssldir/lib"
+ OPENSSL_LIBS="-lssl -lcrypto"
+ found=true
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # if the file wasn't found, well, go ahead and try the link anyway -- maybe
+ # it will just work!
+ fi
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([whether compiling and linking against OpenSSL works])
+ echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \
+ "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+ LIBS="$OPENSSL_LIBS $LIBS"
+ CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)])],
+ [
+ AC_MSG_RESULT([yes])
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([OPENSSL_INCLUDES])
+ AC_SUBST([OPENSSL_LIBS])
+ AC_SUBST([OPENSSL_LDFLAGS])
+])
View
97 build/crypto.m4
@@ -25,95 +25,20 @@ AC_DEFUN([TS_CHECK_CRYPTO], [
enable_crypto=no
AC_SEARCH_LIBS([crypt], [crypt], [AC_SUBST([LIBCRYPT],["-lcrypt"])])
- TS_CHECK_CRYPTO_OPENSSL
- dnl add checks for other varieties of ssl here
-])
-dnl
-
-AC_DEFUN([TS_CHECK_CRYPTO_OPENSSL], [
-enable_openssl=no
-AC_ARG_WITH(openssl, [AC_HELP_STRING([--with-openssl=DIR],[use a specific OpenSSL library])],
-[
- if test "x$withval" != "xyes" && test "x$withval" != "x"; then
- openssl_base_dir="$withval"
- if test "$withval" != "no"; then
- enable_openssl=yes
- case "$withval" in
- *":"*)
- openssl_include="`echo $withval |sed -e 's/:.*$//'`"
- openssl_ldflags="`echo $withval |sed -e 's/^.*://'`"
- AC_MSG_CHECKING(checking for OpenSSL includes in $openssl_include libs in $openssl_ldflags )
- ;;
- *)
- openssl_include="$withval/include"
- openssl_ldflags="$withval/lib"
- AC_MSG_CHECKING(checking for OpenSSL includes in $withval)
- ;;
- esac
- fi
- fi
-])
-
-if test "x$openssl_base_dir" = "x"; then
- AC_MSG_CHECKING([for OpenSSL location])
- AC_CACHE_VAL(ats_cv_openssl_dir,[
- for dir in /usr/local/ssl /usr/pkg /usr/sfw /usr/local /usr; do
- if test -d $dir && test -f $dir/include/openssl/x509.h; then
- ats_cv_openssl_dir=$dir
- break
- fi
- done
+ AX_CHECK_OPENSSL([
+ TS_ADDTO(CPPFLAGS, [$OPENSSL_INCLUDES])
+ TS_ADDTO(LDFLAGS, [$OPENSSL_LDFLAGS])
+ ], [
+ AC_ERROR(failed to find OpenSSL)
])
- openssl_base_dir=$ats_cv_openssl_dir
- if test "x$openssl_base_dir" = "x"; then
- enable_openssl=no
- AC_MSG_RESULT([not found])
- else
- enable_openssl=yes
- openssl_include="$openssl_base_dir/include"
- openssl_ldflags="$openssl_base_dir/lib"
- AC_MSG_RESULT([${openssl_base_dir}])
- fi
-else
- if test -d $openssl_include/openssl && test -d $openssl_ldflags && test -f $openssl_include/openssl/x509.h; then
- AC_MSG_RESULT([ok])
- else
- AC_MSG_RESULT([not found])
- fi
-fi
-
-if test "$enable_openssl" != "no"; then
- saved_ldflags=$LDFLAGS
- saved_cppflags=$CPPFLAGS
- openssl_have_headers=0
- openssl_have_libs=0
- if test "$openssl_base_dir" != "/usr"; then
- TS_ADDTO(CPPFLAGS, [-I${openssl_include}])
- TS_ADDTO(LDFLAGS, [-L${openssl_ldflags}])
- TS_ADDTO(LIBTOOL_LINK_FLAGS, [-R${openssl_ldflags}])
- fi
- AC_SEARCH_LIBS([BN_init],[crypto],
- AC_SEARCH_LIBS([SSL_accept], [ssl], [openssl_have_libs=1], [], [-lcrypto]))
- if test "$openssl_have_libs" != "0"; then
- AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
- fi
- if test "$openssl_have_headers" != "0"; then
- AC_CHECK_DECLS([EVP_PKEY_CTX_new], [], [],
- [#include <openssl/evp.h>])
- enable_crypto=yes
- AC_SUBST([LIBSSL],["-lssl -lcrypto"])
- else
- enable_openssl=no
- CPPFLAGS=$saved_cppflags
- LDFLAGS=$saved_ldflags
- fi
-fi
+ dnl add checks for other varieties of ssl here
])
+dnl
AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
_eckeys_saved_LIBS=$LIBS
- TS_ADDTO(LIBS, [$LIBSSL])
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
AC_CHECK_HEADERS(openssl/ec.h)
AC_CHECK_FUNCS(EC_KEY_new_by_curve_name, [enable_tls_eckey=yes], [enable_tls_eckey=no])
LIBS=$_eckeys_saved_LIBS
@@ -127,7 +52,7 @@ AC_DEFUN([TS_CHECK_CRYPTO_EC_KEYS], [
AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [
enable_tls_npn=yes
_npn_saved_LIBS=$LIBS
- TS_ADDTO(LIBS, [$LIBSSL])
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
AC_CHECK_FUNCS(SSL_CTX_set_next_protos_advertised_cb SSL_CTX_set_next_proto_select_cb SSL_select_next_proto SSL_get0_next_proto_negotiated,
[], [enable_tls_npn=no]
)
@@ -143,7 +68,7 @@ AC_DEFUN([TS_CHECK_CRYPTO_TICKETS], [
_tickets_saved_LIBS=$LIBS
enable_tls_tickets=yes
- TS_ADDTO(LIBS, [$LIBSSL])
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h openssl/hmac.h openssl/evp.h)
AC_MSG_CHECKING([for SSL_CTX_set_tlsext_ticket_key_cb])
AC_COMPILE_IFELSE(
@@ -178,7 +103,7 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
_sni_saved_LIBS=$LIBS
enable_tls_sni=yes
- TS_ADDTO(LIBS, [$LIBSSL])
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h)
# We are looking for SSL_CTX_set_tlsext_servername_callback, but it's a
# macro, so AC_CHECK_FUNCS is not going to do the business.
View
2 cmd/traffic_cop/Makefile.am
@@ -40,4 +40,4 @@ traffic_cop_LDADD = \
$(top_builddir)/mgmt/api/libtsmgmt.la \
$(top_builddir)/lib/ts/libtsutil.la \
$(top_builddir)/lib/records/librec4cop.a \
- @LIBRESOLV@ @LIBSSL@
+ @LIBRESOLV@ @OPENSSL_LIBS@
View
2 cmd/traffic_line/Makefile.am
@@ -33,4 +33,4 @@ traffic_line_LDADD = \
$(top_builddir)/mgmt/api/libtsmgmtshare.la \
$(top_builddir)/mgmt/api/libtsmgmt.la \
$(top_builddir)/lib/ts/libtsutil.la \
- @LIBRESOLV@ @LIBTCL@ @LIBSSL@
+ @LIBRESOLV@ @LIBTCL@ @OPENSSL_LIBS@
View
2 cmd/traffic_shell/Makefile.am
@@ -72,6 +72,6 @@ traffic_shell_LDADD = \
$(top_builddir)/mgmt/utils/libutils_lm.a \
$(top_builddir)/lib/ts/libtsutil.la \
$(LIBTCL) $(LIBREADLINE) \
- @LIBRESOLV@ @LIBEXPAT@ @LIBSSL@ \
+ @LIBRESOLV@ @LIBEXPAT@ @OPENSSL_LIBS@ \
@LIBPCRE@ @LIBREADLINE@ \
-lm
View
3 configure.ac
@@ -1107,9 +1107,6 @@ AX_BOOST_BASE([1.33],
#
# Check for SSL presence and usability
TS_CHECK_CRYPTO
-if test "x${enable_crypto}" != "xyes"; then
- AC_MSG_ERROR([Need at least one SSL library, --with-openssl is supported])
-fi
#
# Check for NextProtocolNegotiation TLS extension support.
View
2 iocore/net/Makefile.am
@@ -40,7 +40,7 @@ test_certlookup_SOURCES = \
test_certlookup_LDADD = \
$(top_builddir)/lib/ts/libtsutil.la \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
- @LIBSSL@
+ @OPENSSL_LIBS@
libinknet_a_SOURCES = \
Connection.cc \
View
2 lib/ts/Makefile.am
@@ -29,7 +29,7 @@ libtsutil_la_LIBADD = \
@hwloc_LIBS@ \
@LIBOBJS@ \
@LIBPCRE@ \
- @LIBSSL@ \
+ @OPENSSL_LIBS@ \
@LIBTCL@ \
@LIBRESOLV@ \
@LIBCAP@ \
View
2 mgmt/Makefile.am
@@ -114,5 +114,5 @@ traffic_manager_LDADD += \
$(top_builddir)/lib/tsconfig/libtsconfig.la
endif
-traffic_manager_LDADD += @LIBSSL@
+traffic_manager_LDADD += @OPENSSL_LIBS@
View
2 mgmt/api/Makefile.am
@@ -88,4 +88,4 @@ traffic_api_cli_remote_LDADD = \
libtsmgmtshare.la \
libtsmgmt.la \
$(top_builddir)/lib/ts/libtsutil.la \
- @LIBTCL@ @LIBSSL@
+ @LIBTCL@ @OPENSSL_LIBS@
View
8 proxy/Makefile.am
@@ -148,7 +148,7 @@ traffic_server_LDADD = \
$(which_libts) \
@hwloc_LIBS@ \
@LIBPCRE@ \
- @LIBSSL@ \
+ @OPENSSL_LIBS@ \
@LIBTCL@ \
@LIBEXPAT@ \
@LIBDEMANGLE@ \
@@ -176,7 +176,7 @@ traffic_logcat_LDADD = \
$(top_builddir)/lib/records/librecprocess.a \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
$(top_builddir)/lib/ts/libtsutil.la \
- @LIBRESOLV@ @LIBPCRE@ @LIBSSL@ @LIBTCL@ \
+ @LIBRESOLV@ @LIBPCRE@ @OPENSSL_LIBS@ @LIBTCL@ \
@LIBEXPAT@ @LIBDEMANGLE@ @LIBPROFILER@ -lm
traffic_logstats_SOURCES = logstats.cc
@@ -192,7 +192,7 @@ traffic_logstats_LDADD = \
$(top_builddir)/lib/records/librecprocess.a \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
$(top_builddir)/lib/ts/libtsutil.la \
- @LIBRESOLV@ @LIBPCRE@ @LIBSSL@ @LIBTCL@ \
+ @LIBRESOLV@ @LIBPCRE@ @OPENSSL_LIBS@ @LIBTCL@ \
@LIBEXPAT@ @LIBDEMANGLE@ @LIBPROFILER@ -lm
traffic_sac_SOURCES = \
@@ -246,7 +246,7 @@ traffic_sac_LDADD = \
$(top_builddir)/iocore/eventsystem/libinkevent.a \
$(top_builddir)/lib/records/librecprocess.a \
$(top_builddir)/lib/ts/libtsutil.la \
- @LIBRESOLV@ @LIBPCRE@ @LIBSSL@ @LIBTCL@ \
+ @LIBRESOLV@ @LIBPCRE@ @OPENSSL_LIBS@ @LIBTCL@ \
@LIBEXPAT@ @LIBDEMANGLE@ @LIBZ@ @LIBLZMA@ @LIBPROFILER@ -lm
if BUILD_TESTS
View
2 tools/Makefile.am
@@ -31,7 +31,7 @@ jtest_jtest_LDADD = $(top_builddir)/lib/ts/libtsutil.la
if BUILD_HTTP_LOAD
noinst_PROGRAMS += http_load/http_load
-http_load_http_load_LDADD = @LIBSSL@
+http_load_http_load_LDADD = @OPENSSL_LIBS@
http_load_http_load_SOURCES = \
http_load/http_load.c \
http_load/timers.c \

0 comments on commit 6d3670b

Please sign in to comment.
Something went wrong with that request. Please try again.