Rename --with-proxy-tls-impl to --with-tls-impl

Make the configure option for TLS implementation more generic, in case we use the k5tls module for something other than KDC proxy support. Rename all of the associated symbols for consistency. ticket: 7929
krb5 · Jul 19, 2014 · 788e70c · 788e70c
1 parent 472349d
commit 788e70c
Show file tree

Hide file tree

Showing 8 changed files with 35 additions and 38 deletions.
diff --git a/src/Makefile.in b/src/Makefile.in
@@ -554,7 +554,7 @@ pyrunenv.vals: Makefile
 	for i in $(RUN_VARS); do \
 		eval echo 'env['\\\'$$i\\\''] = '\\\'\$$$$i\\\'; \
 	done > $@
-	echo "proxy_tls_impl = '$(PROXY_TLS_IMPL)'" >> $@
+	echo "tls_impl = '$(TLS_IMPL)'" >> $@
 
 runenv.py: pyrunenv.vals
 	echo 'env = {}' > $@

diff --git a/src/config/pre.in b/src/config/pre.in
@@ -429,10 +429,10 @@ PKINIT_CRYPTO_IMPL		= @PKINIT_CRYPTO_IMPL@
 PKINIT_CRYPTO_IMPL_CFLAGS	= @PKINIT_CRYPTO_IMPL_CFLAGS@
 PKINIT_CRYPTO_IMPL_LIBS		= @PKINIT_CRYPTO_IMPL_LIBS@
 
-# TLS implementation selection for HTTPS proxy support
-PROXY_TLS_IMPL                  = @PROXY_TLS_IMPL@
-PROXY_TLS_IMPL_CFLAGS           = @PROXY_TLS_IMPL_CFLAGS@
-PROXY_TLS_IMPL_LIBS             = @PROXY_TLS_IMPL_LIBS@
+# TLS implementation selection
+TLS_IMPL	= @TLS_IMPL@
+TLS_IMPL_CFLAGS = @TLS_IMPL_CFLAGS@
+TLS_IMPL_LIBS	= @TLS_IMPL_LIBS@
 
 # error table rules
 #

diff --git a/src/configure.in b/src/configure.in
@@ -272,50 +272,48 @@ AC_SUBST(PKINIT_CRYPTO_IMPL)
 AC_SUBST(PKINIT_CRYPTO_IMPL_CFLAGS)
 AC_SUBST(PKINIT_CRYPTO_IMPL_LIBS)
 
-# WITH_PROXY_TLS_IMPL
+# WITH_TLS_IMPL
 
-AC_ARG_WITH([proxy-tls-impl],
-AC_HELP_STRING([--with-proxy-tls-impl=IMPL],
-               [use specified TLS implementation for HTTPS @<:@auto@:>@]),
-[PROXY_TLS_IMPL=$withval],[PROXY_TLS_IMPL=auto])
-case "$PROXY_TLS_IMPL" in
+AC_ARG_WITH([tls-impl],
+AC_HELP_STRING([--with-tls-impl=IMPL],
+               [use specified TLS implementation @<:@auto@:>@]),
+[TLS_IMPL=$withval],[TLS_IMPL=auto])
+case "$TLS_IMPL" in
 openssl|auto)
   AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
                -lcrypto)
   AC_MSG_CHECKING([for OpenSSL])
   if test x$have_lib_ssl = xtrue ; then
-    AC_DEFINE(PROXY_TLS_IMPL_OPENSSL,1,
-              [Define if HTTPS TLS implementation is OpenSSL])
+    AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
     AC_MSG_RESULT([yes])
-    PROXY_TLS_IMPL_LIBS="-lssl -lcrypto"
-    PROXY_TLS_IMPL=openssl
-    AC_MSG_NOTICE(HTTPS support will use TLS from '$PROXY_TLS_IMPL')
+    TLS_IMPL_LIBS="-lssl -lcrypto"
+    TLS_IMPL=openssl
+    AC_MSG_NOTICE([TLS module will use OpenSSL])
   else
-    if test "$PROXY_TLS_IMPL" = openssl ; then
+    if test "$TLS_IMPL" = openssl ; then
       AC_MSG_ERROR([OpenSSL not found!])
     else
       AC_MSG_WARN([OpenSSL not found!])
     fi
-    PROXY_TLS_IMPL=no
-    AC_MSG_NOTICE(building without HTTPS support)
+    TLS_IMPL=no
+    AC_MSG_NOTICE(building without TLS support)
   fi
   ;;
 no)
-  AC_MSG_NOTICE(building without HTTPS support)
+  AC_MSG_NOTICE(building without TLS support)
   ;;
 *)
-  AC_MSG_ERROR([Unsupported HTTPS proxy TLS implementation $withval])
+  AC_MSG_ERROR([Unsupported TLS implementation $withval])
   ;;
 esac
 
-if test "$PROXY_TLS_IMPL" = no; then
-   AC_DEFINE(PROXY_TLS_IMPL_NONE,1,
-             [Define if no HTTP TLS implementation is selected])
+if test "$TLS_IMPL" = no; then
+   AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
 fi
 
-AC_SUBST(PROXY_TLS_IMPL)
-AC_SUBST(PROXY_TLS_IMPL_CFLAGS)
-AC_SUBST(PROXY_TLS_IMPL_LIBS)
+AC_SUBST(TLS_IMPL)
+AC_SUBST(TLS_IMPL_CFLAGS)
+AC_SUBST(TLS_IMPL_LIBS)
 
 AC_ARG_ENABLE([aesni],
 AC_HELP_STRING([--disable-aesni],[Do not build with AES-NI support]), ,

diff --git a/src/plugins/tls/k5tls/Makefile.in b/src/plugins/tls/k5tls/Makefile.in
@@ -1,14 +1,14 @@
 mydir=plugins$(S)tls$(S)k5tls
 BUILDTOP=$(REL)..$(S)..$(S)..
 MODULE_INSTALL_DIR = $(KRB5_TLS_MODULE_DIR)
-LOCALINCLUDES= $(PROXY_TLS_IMPL_CFLAGS)
+LOCALINCLUDES= $(TLS_IMPL_CFLAGS)
 
 LIBBASE=k5tls
 LIBMAJOR=0
 LIBMINOR=0
 RELDIR=../plugins/tls/k5tls
 SHLIB_EXPDEPS= $(KRB5_DEPLIB) $(SUPPORT_DEPLIB)
-SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(PROXY_TLS_IMPL_LIBS)
+SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(TLS_IMPL_LIBS)
 
 STLIBOBJS=openssl.o notls.o
 

diff --git a/src/plugins/tls/k5tls/notls.c b/src/plugins/tls/k5tls/notls.c
@@ -36,7 +36,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_NONE
+#ifdef TLS_IMPL_NONE
 
 krb5_error_code
 tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
@@ -50,4 +50,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_NONE */
+#endif /* TLS_IMPL_NONE */
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
@@ -31,7 +31,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_OPENSSL
+#ifdef TLS_IMPL_OPENSSL
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
@@ -567,4 +567,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_OPENSSL */
+#endif /* TLS_IMPL_OPENSSL */
diff --git a/src/tests/t_proxy.py b/src/tests/t_proxy.py
@@ -2,9 +2,8 @@
 from k5test import *
 
 # Skip this test if we're missing proxy functionality or parts of the proxy.
-if runenv.proxy_tls_impl == 'no':
-    success('Warning: not testing proxy support because feature ' +
-            'was not enabled')
+if runenv.tls_impl == 'no':
+    success('Warning: not testing proxy support because TLS was not enabled')
     exit(0)
 try:
     from paste import httpserver

diff --git a/src/util/k5test.py b/src/util/k5test.py
@@ -179,8 +179,8 @@
 
 * runenv: The contents of $srctop/runenv.py, containing a dictionary
   'env' which specifies additional variables to be added to the realm
-  environment, and a variable 'proxy_tls_impl', which indicates which
-  SSL implementation (if any) is being used by libkrb5's support for
+  environment, and a variable 'tls_impl', which indicates which TLS
+  implementation (if any) is being used by libkrb5's support for
   contacting KDCs and kpasswd servers over HTTPS.
 
 * verbose: Whether the script is running verbosely.