1#*************************************************************************** 2# _ _ ____ _ 3# Project ___| | | | _ \| | 4# / __| | | | |_) | | 5# | (__| |_| | _ <| |___ 6# \___|\___/|_| \_\_____| 7# 8# Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al. 9# 10# This software is licensed as described in the file COPYING, which 11# you should have received as part of this distribution. The terms 12# are also available at https://curl.se/docs/copyright.html. 13# 14# You may opt to use, copy, modify, merge, publish, distribute and/or sell 15# copies of the Software, and permit persons to whom the Software is 16# furnished to do so, under the terms of the COPYING file. 17# 18# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY 19# KIND, either express or implied. 20# 21#*************************************************************************** 22 23# File version for 'aclocal' use. Keep it a single number. 24# serial 5 25 26 27dnl CURL_CHECK_OPENSSL_API_HEADERS 28dnl ------------------------------------------------- 29dnl Find out OpenSSL headers API version, as reported 30dnl by OPENSSL_VERSION_NUMBER. No runtime checks 31dnl allowed here for cross-compilation support. 32dnl HAVE_OPENSSL_API_HEADERS is defined as appropriate 33dnl only for systems which actually run the configure 34dnl script. Config files generated manually or in any 35dnl other way shall not define this. 36 37AC_DEFUN([CURL_CHECK_OPENSSL_API_HEADERS], [ 38 # 39 tst_api="unknown" 40 # 41 AC_MSG_CHECKING([for OpenSSL headers version]) 42 CURL_CHECK_DEF([OPENSSL_VERSION_NUMBER], [ 43# ifdef USE_OPENSSL 44# include <openssl/crypto.h> 45# else 46# include <crypto.h> 47# endif 48 ], [silent]) 49 CURL_CHECK_DEF([OPENSSL_VERSION_STR], [ 50# include <openssl/crypto.h> 51 ], [silent]) 52 if test "$curl_cv_have_def_OPENSSL_VERSION_NUMBER" = "yes"; then 53 tst_verlen=`expr "$curl_cv_def_OPENSSL_VERSION_NUMBER" : '.*'` 54 case "x$tst_verlen" in 55 x6) 56 tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3` 57 tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 4` 58 tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5` 59 tst_api=0x$tst_vermaj$tst_vermin$tst_verfix 60 ;; 61 x11|x10) 62 tst_vermaj=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 3` 63 tst_vermin=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 5` 64 tst_verfix=`echo $curl_cv_def_OPENSSL_VERSION_NUMBER | cut -c 7` 65 tst_api=0x$tst_vermaj$tst_vermin$tst_verfix 66 ;; 67 *) 68 if test "$curl_cv_have_def_OPENSSL_VERSION_STR" = "yes"; then 69 ver=`echo $curl_cv_def_OPENSSL_VERSION_STR | sed 's/"//g'`; 70 tst_vermaj=`echo $ver | cut -d. -f1` 71 tst_vermin=`echo $ver | cut -d. -f2` 72 tst_verfix=`echo $ver | cut -d. -f3` 73 tst_show="$ver" 74 tst_api=0x$tst_vermaj$tst_vermin$tst_verfix 75 else 76 tst_api="unknown" 77 fi 78 ;; 79 esac 80 case $tst_api in 81 0x111) tst_show="1.1.1" ;; 82 0x110) tst_show="1.1.0" ;; 83 0x102) tst_show="1.0.2" ;; 84 0x101) tst_show="1.0.1" ;; 85 0x100) tst_show="1.0.0" ;; 86 0x099) tst_show="0.9.9" ;; 87 0x098) tst_show="0.9.8" ;; 88 0x097) tst_show="0.9.7" ;; 89 0x096) tst_show="0.9.6" ;; 90 0x095) tst_show="0.9.5" ;; 91 0x094) tst_show="0.9.4" ;; 92 0x093) tst_show="0.9.3" ;; 93 0x092) tst_show="0.9.2" ;; 94 0x091) tst_show="0.9.1" ;; 95 *) 96 if test -z "$tst_show"; then 97 tst_show="unknown" 98 fi 99 ;; 100 esac 101 tst_show="$tst_show - $tst_api" 102 else 103 tst_show="unknown" 104 fi 105 AC_MSG_RESULT([$tst_show]) 106 # 107dnl if test "$tst_api" != "unknown"; then 108dnl AC_DEFINE_UNQUOTED(HAVE_OPENSSL_API_HEADERS, $tst_api, 109dnl [OpenSSL headers configure time API. Defined only by configure script. 110dnl No matter what, do not ever define this manually or by any other means.]) 111dnl fi 112 curl_openssl_api_headers=$tst_api 113]) 114 115 116dnl CURL_CHECK_OPENSSL_API_LIBRARY 117dnl ------------------------------------------------- 118dnl Find out OpenSSL library API version, performing 119dnl only link tests in order to avoid getting fooled 120dnl by mismatched OpenSSL headers. No runtime checks 121dnl allowed here for cross-compilation support. 122dnl HAVE_OPENSSL_API_LIBRARY is defined as appropriate 123dnl only for systems which actually run the configure 124dnl script. Config files generated manually or in any 125dnl other way shall not define this. 126dnl 127dnl Most probably we should not bother attempting to 128dnl detect OpenSSL library development API versions 129dnl 0.9.9 and 1.1.0. For our intended use, detecting 130dnl released versions should be good enough. 131dnl 132dnl Given that currently we are not using the result 133dnl of this check, except for informative purposes, 134dnl lets try to figure out everything. 135 136AC_DEFUN([CURL_CHECK_OPENSSL_API_LIBRARY], [ 137 # 138 tst_api="unknown" 139 # 140 AC_MSG_CHECKING([for OpenSSL library version]) 141 if test "$tst_api" = "unknown"; then 142 AC_LINK_IFELSE([ 143 AC_LANG_FUNC_LINK_TRY([SSL_CTX_load_verify_dir]) 144 ],[ 145 tst_api="0x300" 146 ]) 147 fi 148 if test "$tst_api" = "unknown"; then 149 AC_LINK_IFELSE([ 150 AC_LANG_FUNC_LINK_TRY([ERR_clear_last_mark]) 151 ],[ 152 tst_api="0x111" 153 ]) 154 fi 155 if test "$tst_api" = "unknown"; then 156 case $host in 157 *-*-vms*) 158 AC_LINK_IFELSE([ 159 AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_not_resumbl_sess_cb]) 160 ],[ 161 tst_api="0x110" 162 ]) 163 ;; 164 *) 165 AC_LINK_IFELSE([ 166 AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_not_resumable_session_callback]) 167 ],[ 168 tst_api="0x110" 169 ]) 170 ;; 171 esac 172 fi 173 if test "$tst_api" = "unknown"; then 174 AC_LINK_IFELSE([ 175 AC_LANG_FUNC_LINK_TRY([SSL_CONF_CTX_new]) 176 ],[ 177 tst_api="0x102" 178 ]) 179 fi 180 if test "$tst_api" = "unknown"; then 181 AC_LINK_IFELSE([ 182 AC_LANG_FUNC_LINK_TRY([SSL_renegotiate_abbreviated]) 183 ],[ 184 tst_api="0x101" 185 ]) 186 fi 187 if test "$tst_api" = "unknown"; then 188 AC_LINK_IFELSE([ 189 AC_LANG_FUNC_LINK_TRY([OBJ_add_sigid]) 190 ],[ 191 tst_api="0x100" 192 ]) 193 fi 194 if test "$tst_api" = "unknown"; then 195 AC_LINK_IFELSE([ 196 AC_LANG_FUNC_LINK_TRY([ERR_set_mark]) 197 ],[ 198 tst_api="0x098" 199 ]) 200 fi 201 if test "$tst_api" = "unknown"; then 202 AC_LINK_IFELSE([ 203 AC_LANG_FUNC_LINK_TRY([ERR_peek_last_error]) 204 ],[ 205 tst_api="0x097" 206 ]) 207 fi 208 if test "$tst_api" = "unknown"; then 209 AC_LINK_IFELSE([ 210 AC_LANG_FUNC_LINK_TRY([c2i_ASN1_OBJECT]) 211 ],[ 212 tst_api="0x096" 213 ]) 214 fi 215 if test "$tst_api" = "unknown"; then 216 AC_LINK_IFELSE([ 217 AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_purpose]) 218 ],[ 219 tst_api="0x095" 220 ]) 221 fi 222 if test "$tst_api" = "unknown"; then 223 AC_LINK_IFELSE([ 224 AC_LANG_FUNC_LINK_TRY([OBJ_obj2txt]) 225 ],[ 226 tst_api="0x094" 227 ]) 228 fi 229 if test "$tst_api" = "unknown"; then 230 AC_LINK_IFELSE([ 231 AC_LANG_FUNC_LINK_TRY([SSL_get_verify_depth]) 232 ],[ 233 tst_api="0x093" 234 ]) 235 fi 236 if test "$tst_api" = "unknown"; then 237 AC_LINK_IFELSE([ 238 AC_LANG_FUNC_LINK_TRY([SSL_library_init]) 239 ],[ 240 tst_api="0x092" 241 ]) 242 fi 243 if test "$tst_api" = "unknown"; then 244 AC_LINK_IFELSE([ 245 AC_LANG_FUNC_LINK_TRY([SSL_CTX_set_cipher_list]) 246 ],[ 247 tst_api="0x091" 248 ]) 249 fi 250 case $tst_api in 251 0x300) tst_show="3.0.0" ;; 252 0x111) tst_show="1.1.1" ;; 253 0x110) tst_show="1.1.0" ;; 254 0x102) tst_show="1.0.2" ;; 255 0x101) tst_show="1.0.1" ;; 256 0x100) tst_show="1.0.0" ;; 257 0x099) tst_show="0.9.9" ;; 258 0x098) tst_show="0.9.8" ;; 259 0x097) tst_show="0.9.7" ;; 260 0x096) tst_show="0.9.6" ;; 261 0x095) tst_show="0.9.5" ;; 262 0x094) tst_show="0.9.4" ;; 263 0x093) tst_show="0.9.3" ;; 264 0x092) tst_show="0.9.2" ;; 265 0x091) tst_show="0.9.1" ;; 266 *) tst_show="unknown" ;; 267 esac 268 AC_MSG_RESULT([$tst_show]) 269 # 270dnl if test "$tst_api" != "unknown"; then 271dnl AC_DEFINE_UNQUOTED(HAVE_OPENSSL_API_LIBRARY, $tst_api, 272dnl [OpenSSL library link time API. Defined only by configure script. 273dnl No matter what, do not ever define this manually or by any other means.]) 274dnl fi 275 curl_openssl_api_library=$tst_api 276]) 277 278 279dnl CURL_CHECK_OPENSSL_API 280dnl ------------------------------------------------- 281 282AC_DEFUN([CURL_CHECK_OPENSSL_API], [ 283 # 284 CURL_CHECK_OPENSSL_API_HEADERS 285 CURL_CHECK_OPENSSL_API_LIBRARY 286 # 287 tst_match="yes" 288 # 289 AC_MSG_CHECKING([for OpenSSL headers and library versions matching]) 290 if test "$curl_openssl_api_headers" = "unknown" || 291 test "$curl_openssl_api_library" = "unknown"; then 292 tst_match="fail" 293 tst_warns="Can not compare OpenSSL headers and library versions." 294 elif test "$curl_openssl_api_headers" != "$curl_openssl_api_library"; then 295 tst_match="no" 296 tst_warns="OpenSSL headers and library versions do not match." 297 fi 298 AC_MSG_RESULT([$tst_match]) 299 if test "$tst_match" != "yes"; then 300 AC_MSG_WARN([$tst_warns]) 301 fi 302]) 303 304dnl ********************************************************************** 305dnl Check for OpenSSL libraries and headers 306dnl ********************************************************************** 307 308AC_DEFUN([CURL_WITH_OPENSSL], [ 309if test "x$OPT_OPENSSL" != xno; then 310 ssl_msg= 311 312 dnl backup the pre-ssl variables 313 CLEANLDFLAGS="$LDFLAGS" 314 CLEANCPPFLAGS="$CPPFLAGS" 315 CLEANLIBS="$LIBS" 316 317 dnl This is for Msys/Mingw 318 case $host in 319 *-*-msys* | *-*-mingw*) 320 AC_MSG_CHECKING([for gdi32]) 321 my_ac_save_LIBS=$LIBS 322 LIBS="-lgdi32 $LIBS" 323 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ 324 #include <windef.h> 325 #include <wingdi.h> 326 ]], 327 [[ 328 GdiFlush(); 329 ]])], 330 [ dnl worked! 331 AC_MSG_RESULT([yes])], 332 [ dnl failed, restore LIBS 333 LIBS=$my_ac_save_LIBS 334 AC_MSG_RESULT(no)] 335 ) 336 ;; 337 esac 338 339 case "$OPT_OPENSSL" in 340 yes) 341 dnl --with-openssl (without path) used 342 PKGTEST="yes" 343 PREFIX_OPENSSL= 344 ;; 345 *) 346 dnl check the given --with-openssl spot 347 PKGTEST="no" 348 PREFIX_OPENSSL=$OPT_OPENSSL 349 350 dnl Try pkg-config even when cross-compiling. Since we 351 dnl specify PKG_CONFIG_LIBDIR we're only looking where 352 dnl the user told us to look 353 OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig" 354 if test -f "$OPENSSL_PCDIR/openssl.pc"; then 355 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) 356 PKGTEST="yes" 357 fi 358 359 if test "$PKGTEST" != "yes"; then 360 # try lib64 instead 361 OPENSSL_PCDIR="$OPT_OPENSSL/lib64/pkgconfig" 362 if test -f "$OPENSSL_PCDIR/openssl.pc"; then 363 AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) 364 PKGTEST="yes" 365 fi 366 fi 367 368 if test "$PKGTEST" != "yes"; then 369 if test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then 370 AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-openssl prefix!]) 371 fi 372 fi 373 374 dnl in case pkg-config comes up empty, use what we got 375 dnl via --with-openssl 376 LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" 377 if test "$PREFIX_OPENSSL" != "/usr" ; then 378 SSL_LDFLAGS="-L$LIB_OPENSSL" 379 SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" 380 fi 381 SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl" 382 ;; 383 esac 384 385 if test "$PKGTEST" = "yes"; then 386 387 CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) 388 389 if test "$PKGCONFIG" != "no" ; then 390 SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 391 $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` 392 393 SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 394 $PKGCONFIG --libs-only-L openssl 2>/dev/null` 395 396 SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl 397 $PKGCONFIG --cflags-only-I openssl 2>/dev/null` 398 399 AC_SUBST(SSL_LIBS) 400 AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) 401 AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) 402 AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) 403 404 LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/^-L//'` 405 406 dnl use the values pkg-config reported. This is here 407 dnl instead of below with CPPFLAGS and LDFLAGS because we only 408 dnl learn about this via pkg-config. If we only have 409 dnl the argument to --with-openssl we don't know what 410 dnl additional libs may be necessary. Hope that we 411 dnl don't need any. 412 LIBS="$SSL_LIBS $LIBS" 413 fi 414 fi 415 416 dnl finally, set flags to use SSL 417 CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" 418 LDFLAGS="$LDFLAGS $SSL_LDFLAGS" 419 420 AC_CHECK_LIB(crypto, HMAC_Update,[ 421 HAVECRYPTO="yes" 422 LIBS="-lcrypto $LIBS" 423 ],[ 424 if test -n "$LIB_OPENSSL" ; then 425 LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" 426 fi 427 if test "$PKGCONFIG" = "no" -a -n "$PREFIX_OPENSSL" ; then 428 # only set this if pkg-config wasn't used 429 CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" 430 fi 431 # Linking previously failed, try extra paths from --with-openssl or 432 # pkg-config. Use a different function name to avoid reusing the earlier 433 # cached result. 434 AC_CHECK_LIB(crypto, HMAC_Init_ex,[ 435 HAVECRYPTO="yes" 436 LIBS="-lcrypto $LIBS"], [ 437 438 dnl still no, but what about with -ldl? 439 AC_MSG_CHECKING([OpenSSL linking with -ldl]) 440 LIBS="-lcrypto $CLEANLIBS -ldl" 441 AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ 442 #include <openssl/err.h> 443 ]], [[ 444 ERR_clear_error(); 445 ]]) ], 446 [ 447 AC_MSG_RESULT(yes) 448 HAVECRYPTO="yes" 449 ], 450 [ 451 AC_MSG_RESULT(no) 452 dnl ok, so what about both -ldl and -lpthread? 453 dnl This may be necessary for static libraries. 454 455 AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) 456 LIBS="-lcrypto $CLEANLIBS -ldl -lpthread" 457 AC_LINK_IFELSE([ 458 AC_LANG_PROGRAM([[ 459 #include <openssl/err.h> 460 ]], [[ 461 ERR_clear_error(); 462 ]])], 463 [ 464 AC_MSG_RESULT(yes) 465 HAVECRYPTO="yes" 466 ], 467 [ 468 AC_MSG_RESULT(no) 469 LDFLAGS="$CLEANLDFLAGS" 470 CPPFLAGS="$CLEANCPPFLAGS" 471 LIBS="$CLEANLIBS" 472 473 ]) 474 475 ]) 476 477 ]) 478 ]) 479 480 if test X"$HAVECRYPTO" = X"yes"; then 481 dnl This is only reasonable to do if crypto actually is there: check for 482 dnl SSL libs NOTE: it is important to do this AFTER the crypto lib 483 484 AC_CHECK_LIB(ssl, SSL_connect) 485 486 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then 487 dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff 488 AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); 489 OLIBS=$LIBS 490 LIBS="-lRSAglue -lrsaref $LIBS" 491 AC_CHECK_LIB(ssl, SSL_connect) 492 if test "$ac_cv_lib_ssl_SSL_connect" != yes; then 493 dnl still no SSL_connect 494 AC_MSG_RESULT(no) 495 LIBS=$OLIBS 496 else 497 AC_MSG_RESULT(yes) 498 fi 499 500 else 501 502 dnl Have the libraries--check for OpenSSL headers 503 AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ 504 openssl/pem.h openssl/ssl.h openssl/err.h, 505 ssl_msg="OpenSSL" 506 test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes 507 OPENSSL_ENABLED=1 508 AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) 509 510 if test $ac_cv_header_openssl_x509_h = no; then 511 dnl we don't use the "action" part of the AC_CHECK_HEADERS macro 512 dnl since 'err.h' might in fact find a krb4 header with the same 513 dnl name 514 AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h) 515 516 if test $ac_cv_header_x509_h = yes && 517 test $ac_cv_header_crypto_h = yes && 518 test $ac_cv_header_ssl_h = yes; then 519 dnl three matches 520 ssl_msg="OpenSSL" 521 OPENSSL_ENABLED=1 522 fi 523 fi 524 fi 525 526 if test X"$OPENSSL_ENABLED" != X"1"; then 527 LIBS="$CLEANLIBS" 528 fi 529 530 if test X"$OPT_OPENSSL" != Xoff && 531 test "$OPENSSL_ENABLED" != "1"; then 532 AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) 533 fi 534 fi 535 536 if test X"$OPENSSL_ENABLED" = X"1"; then 537 dnl These can only exist if OpenSSL exists 538 dnl OpenSSL_version is introduced in 3.0.0 539 540 AC_CHECK_FUNCS( RAND_egd \ 541 SSLv2_client_method \ 542 OpenSSL_version ) 543 544 AC_MSG_CHECKING([for BoringSSL]) 545 AC_COMPILE_IFELSE([ 546 AC_LANG_PROGRAM([[ 547 #include <openssl/base.h> 548 ]],[[ 549 #ifndef OPENSSL_IS_BORINGSSL 550 #error not boringssl 551 #endif 552 ]]) 553 ],[ 554 AC_MSG_RESULT([yes]) 555 AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, 556 [Define to 1 if using BoringSSL.]) 557 ssl_msg="BoringSSL" 558 ],[ 559 AC_MSG_RESULT([no]) 560 ]) 561 562 AC_MSG_CHECKING([for libressl]) 563 AC_COMPILE_IFELSE([ 564 AC_LANG_PROGRAM([[ 565#include <openssl/opensslv.h> 566 ]],[[ 567 int dummy = LIBRESSL_VERSION_NUMBER; 568 ]]) 569 ],[ 570 AC_MSG_RESULT([yes]) 571 AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, 572 [Define to 1 if using libressl.]) 573 ssl_msg="libressl" 574 ],[ 575 AC_MSG_RESULT([no]) 576 ]) 577 578 AC_MSG_CHECKING([for OpenSSL >= v3]) 579 AC_COMPILE_IFELSE([ 580 AC_LANG_PROGRAM([[ 581#include <openssl/opensslv.h> 582 ]],[[ 583 #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) 584 return 0; 585 #else 586 #error older than 3 587 #endif 588 ]]) 589 ],[ 590 AC_MSG_RESULT([yes]) 591 AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, 592 [Define to 1 if using OpenSSL 3 or later.]) 593 dnl OpenSSLv3 marks the DES functions deprecated but we have no 594 dnl replacements (yet) so tell the compiler to not warn for them 595 dnl 596 dnl Ask OpenSSL to suppress the warnings. 597 CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED" 598 ssl_msg="OpenSSL v3+" 599 ],[ 600 AC_MSG_RESULT([no]) 601 ]) 602 fi 603 604 if test "$OPENSSL_ENABLED" = "1"; then 605 if test -n "$LIB_OPENSSL"; then 606 dnl when the ssl shared libs were found in a path that the run-time 607 dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH 608 dnl to prevent further configure tests to fail due to this 609 if test "x$cross_compiling" != "xyes"; then 610 CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" 611 export CURL_LIBRARY_PATH 612 AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) 613 fi 614 fi 615 CURL_CHECK_OPENSSL_API 616 check_for_ca_bundle=1 617 fi 618 619 test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" 620fi 621 622if test X"$OPT_OPENSSL" != Xno && 623 test "$OPENSSL_ENABLED" != "1"; then 624 AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL]) 625 AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) 626 AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) 627fi 628 629dnl ********************************************************************** 630dnl Check for the random seed preferences 631dnl ********************************************************************** 632 633if test X"$OPENSSL_ENABLED" = X"1"; then 634 AC_ARG_WITH(egd-socket, 635 AS_HELP_STRING([--with-egd-socket=FILE], 636 [Entropy Gathering Daemon socket pathname]), 637 [ EGD_SOCKET="$withval" ] 638 ) 639 if test -n "$EGD_SOCKET" ; then 640 AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", 641 [your Entropy Gathering Daemon socket pathname] ) 642 fi 643 644 dnl Check for user-specified random device 645 AC_ARG_WITH(random, 646 AS_HELP_STRING([--with-random=FILE], 647 [read randomness from FILE (default=/dev/urandom)]), 648 [ RANDOM_FILE="$withval" ], 649 [ 650 if test x$cross_compiling != xyes; then 651 dnl Check for random device 652 AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) 653 else 654 AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling]) 655 fi 656 ] 657 ) 658 if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then 659 AC_SUBST(RANDOM_FILE) 660 AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", 661 [a suitable file to read random data from]) 662 fi 663fi 664 665dnl --- 666dnl We require OpenSSL with SRP support. 667dnl --- 668if test "$OPENSSL_ENABLED" = "1"; then 669 AC_CHECK_LIB(crypto, SRP_Calc_client_key, 670 [ 671 AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) 672 AC_SUBST(HAVE_OPENSSL_SRP, [1]) 673 ]) 674fi 675 676dnl --- 677dnl Whether the OpenSSL configuration will be loaded automatically 678dnl --- 679if test X"$OPENSSL_ENABLED" = X"1"; then 680AC_ARG_ENABLE(openssl-auto-load-config, 681AS_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) 682AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), 683[ if test X"$enableval" = X"no"; then 684 AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) 685 AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) 686 fi 687]) 688fi 689 690]) 691