• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1dnl
2dnl TLS stuff for CUPS.
3dnl
4dnl Copyright © 2020-2024 by OpenPrinting.
5dnl Copyright © 2007-2019 by Apple Inc.
6dnl Copyright © 1997-2007 by Easy Software Products, all rights reserved.
7dnl
8dnl Licensed under Apache License v2.0.  See the file "LICENSE" for more
9dnl information.
10dnl
11
12AC_ARG_WITH([tls], AS_HELP_STRING([--with-tls=...], [use cdsa (macOS), gnutls, or openssl for TLS support]))
13AS_IF([test "x$with_tls" = x], [
14    with_tls="yes"
15], [test "$with_tls" != cdsa -a "$with_tls" != gnutls -a "$with_tls" != openssl -a "$with_tls" != no -a "$with_tls" != yes], [
16    AC_MSG_ERROR([Unsupported --with-tls value "$with_tls" specified.])
17])
18
19TLSFLAGS=""
20TLSLIBS=""
21have_tls="0"
22CUPS_SERVERKEYCHAIN=""
23
24dnl First look for OpenSSL/LibreSSL...
25AS_IF([test $with_tls = yes -o $with_tls = openssl], [
26    AS_IF([test "x$PKGCONFIG" != x], [
27	# Find openssl using pkg-config...
28        AC_MSG_CHECKING([for openssl package])
29	AS_IF([$PKGCONFIG --exists openssl], [
30	    AC_MSG_RESULT([yes])
31	    have_tls="1"
32	    with_tls="openssl"
33	    TLSLIBS="$($PKGCONFIG --libs openssl)"
34	    TLSFLAGS="$($PKGCONFIG --cflags openssl)"
35	    PKGCONFIG_REQUIRES="$PKGCONFIG_REQUIRES openssl"
36	    AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
37	    AC_DEFINE([HAVE_OPENSSL], [1], [Do we have the OpenSSL library?])
38	], [
39	    AC_MSG_RESULT([no])
40	])
41    ], [
42	# Find openssl using legacy library/header checks...
43	SAVELIBS="$LIBS"
44	LIBS="-lcrypto $LIBS"
45
46	AC_CHECK_LIB([ssl], [SSL_new], [
47	    AC_CHECK_HEADER([openssl/ssl.h], [
48		have_tls="1"
49		with_tls="openssl"
50		TLSLIBS="-lssl -lcrypto"
51		PKGCONFIG_LIBS_STATIC="$PKGCONFIG_LIBS_STATIC $TLSLIBS"
52		AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
53		AC_DEFINE([HAVE_OPENSSL], [1], [Do we have the OpenSSL library?])
54	    ])
55	])
56
57	LIBS="$SAVELIBS"
58    ])
59
60    AS_IF([test $have_tls = 1], [
61	CUPS_SERVERKEYCHAIN="ssl"
62    ], [test $with_tls = openssl], [
63        AC_MSG_ERROR([--with-tls=openssl was specified but neither the OpenSSL nor LibreSSL library were found.])
64    ])
65])
66
67dnl Then look for GNU TLS...
68AS_IF([test $with_tls = yes -o $with_tls = gnutls], [
69    AC_PATH_TOOL([LIBGNUTLSCONFIG], [libgnutls-config])
70    AS_IF([test "x$PKGCONFIG" != x], [
71        AC_MSG_CHECKING([for gnutls package])
72	AS_IF([$PKGCONFIG --exists gnutls], [
73	    AC_MSG_RESULT([yes])
74	    have_tls="1"
75	    with_tls="gnutls"
76	    TLSLIBS="$($PKGCONFIG --libs gnutls)"
77	    TLSFLAGS="$($PKGCONFIG --cflags gnutls)"
78	    PKGCONFIG_REQUIRES="$PKGCONFIG_REQUIRES gnutls"
79	    AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
80	    AC_DEFINE([HAVE_GNUTLS], [1], [Do we have the GNU TLS library?])
81	], [
82	    AC_MSG_RESULT([no])
83	])
84    ])
85    AS_IF([test $have_tls = 0 -a "x$LIBGNUTLSCONFIG" != x], [
86	have_tls="1"
87	with_tls="gnutls"
88	TLSLIBS="$($LIBGNUTLSCONFIG --libs)"
89	TLSFLAGS="$($LIBGNUTLSCONFIG --cflags)"
90	PKGCONFIG_LIBS_STATIC="$PKGCONFIG_LIBS_STATIC $TLSLIBS"
91	AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
92	AC_DEFINE([HAVE_GNUTLS], [1], [Do we have the GNU TLS library?])
93    ])
94
95    AS_IF([test $have_tls = 1], [
96	CUPS_SERVERKEYCHAIN="ssl"
97
98	SAVELIBS="$LIBS"
99	LIBS="$LIBS $TLSLIBS"
100	AC_CHECK_FUNC([gnutls_transport_set_pull_timeout_function], [
101	    AC_DEFINE([HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION], [1], [Do we have the gnutls_transport_set_pull_timeout_function function?])
102	])
103	AC_CHECK_FUNC([gnutls_priority_set_direct], [
104	    AC_DEFINE([HAVE_GNUTLS_PRIORITY_SET_DIRECT], [1], [Do we have the gnutls_priority_set_direct function?])
105	])
106	LIBS="$SAVELIBS"
107    ], [test $with_tls = gnutls], [
108        AC_MSG_ERROR([--with-tls=gnutls was specified but the GNU TLS library was not found.])
109    ])
110])
111
112dnl Finally try using CSDA SSL (macOS)...
113AS_IF([test $with_tls = yes -o $with_tls = cdsa], [
114    dnl Look for CDSA...
115    AS_IF([test $host_os_name = darwin], [
116	AC_CHECK_HEADER([Security/SecureTransport.h], [
117	    have_tls="1"
118	    with_tls="cdsa"
119	    AC_DEFINE([HAVE_TLS], [1], [Do we support TLS?])
120	    AC_DEFINE([HAVE_CDSASSL], [1], [Do we have the macOS SecureTransport API?])
121	    CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
122
123	    dnl Check for the various security headers...
124	    AC_CHECK_HEADER([Security/SecCertificate.h], [
125		AC_DEFINE([HAVE_SECCERTIFICATE_H], [1], [Have the <Security/SecCertificate.h> header?])
126	    ])
127	    AC_CHECK_HEADER([Security/SecItem.h], [
128		AC_DEFINE([HAVE_SECITEM_H], [1], [Have the <Security/SecItem.h> header?])
129	    ])
130	    AC_CHECK_HEADER([Security/SecPolicy.h], [
131		AC_DEFINE([HAVE_SECPOLICY_H], [1], [Have the <Security/SecPolicy.h header?])
132	    ])
133	])
134    ], [test $with_tls = cdsa], [
135        AC_MSG_ERROR([--with-tls=cdsa is not compatible with your host operating system.])
136    ])
137])
138
139IPPALIASES="http"
140AS_IF([test $have_tls = 1], [
141    AC_MSG_NOTICE([    Using TLSLIBS="$TLSLIBS"])
142    AC_MSG_NOTICE([    Using TLSFLAGS="$TLSFLAGS"])
143    IPPALIASES="http https ipps"
144], [test $with_tls = yes], [
145    AC_MSG_ERROR([--with-tls=yes was specified but no compatible TLS libraries could be found.])
146])
147
148AC_SUBST([CUPS_SERVERKEYCHAIN])
149AC_SUBST([IPPALIASES])
150AC_SUBST([TLSFLAGS])
151AC_SUBST([TLSLIBS])
152
153EXPORT_TLSLIBS="$TLSLIBS"
154AC_SUBST([EXPORT_TLSLIBS])
155