1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
https://bugs.gentoo.org/417129
fix openssl build logic:
* do not probe direct filesystem paths (including hardcoding things like /usr)
* use pkg-config to locate proper openssl libraries
* turn dsa check into a header one
* turn ecdsa check into a link one
* have gost/aes actually default to --with-xxx value when cross-compiling
Patch by Mike Frysinger <vapier@chromium.org>
--- a/configure.in
+++ b/configure.in
@@ -1442,16 +1442,21 @@ case "$use_openssl" in
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
;;
- auto)
- DST_OPENSSL_INC=""
- CRYPTO=""
+ yes|auto)
+ CRYPTO=""
+ PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CRYPTO='-DOPENSSL'], [
+ if test "$use_openssl" = "yes"; then
+ AC_MSG_ERROR(openssl not found)
+ fi
+ use_openssl="no"
+ ])
+
+ DST_OPENSSL_INC=$OPENSSL_CFLAGS
+ DST_OPENSSL_LIBS=$OPENSSL_LIBS
OPENSSLGOSTLINKOBJS=""
OPENSSLGOSTLINKSRS=""
OPENSSLLINKOBJS=""
OPENSSLLINKSRCS=""
- AC_MSG_ERROR(
-[OpenSSL was not found in any of $openssldirs; use --with-openssl=/path
-If you don't want OpenSSL, use --without-openssl])
;;
*)
if test "$want_native_pkcs11" = "yes"
@@ -1588,27 +1593,39 @@ no)
;;
esac
+ CC="$saved_cc"
+ CFLAGS="$saved_cflags"
+ LIBS="$saved_libs"
+ OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
+ OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
+ ;;
+esac
+
+if test "$use_openssl" = "yes"; then
+ saved_cc="$CC"
+ saved_cflags="$CFLAGS"
+ saved_libs="$LIBS"
+ CFLAGS="$CFLAGS $DST_OPENSSL_INC"
+ LIBS="$LIBS $DST_OPENSSL_LIBS"
+
- AC_MSG_CHECKING(for OpenSSL DSA support)
- if test -f $use_openssl/include/openssl/dsa.h
- then
+ AC_CHECK_HEADERS([openssl/dsa.h])
+ if test "$ac_cv_header_openssl_dsa_h" = yes; then
AC_DEFINE(HAVE_OPENSSL_DSA)
- AC_MSG_RESULT(yes)
- else
- AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_MSG_CHECKING(for OpenSSL ECDSA support)
have_ecdsa=""
- AC_TRY_RUN([
+ AC_TRY_LINK([
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
+],[
int main() {
EC_KEY *ec256, *ec384;
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
- return (1);
+#error choke
#endif
ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
@@ -1637,24 +1654,7 @@ int main() {
[AC_MSG_RESULT(yes)
have_ecdsa="yes"],
[AC_MSG_RESULT(no)
- have_ecdsa="no"],
+ have_ecdsa="no"])
- [AC_MSG_RESULT(using --with-ecdsa)])
- case "$with_ecdsa" in
- yes)
- case "$have_ecdsa" in
- no) AC_MSG_ERROR([ecdsa not supported]) ;;
- *) have_ecdsa=yes ;;
- esac
- ;;
- no)
- have_ecdsa=no ;;
- *)
- case "$have_ecdsa" in
- yes|no) ;;
- *) AC_MSG_ERROR([need --with-ecdsa=[[yes or no]]]) ;;
- esac
- ;;
- esac
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
@@ -1702,7 +1702,8 @@ int main() {
have_gost="yes"],
[AC_MSG_RESULT(no)
have_gost="no"],
- [AC_MSG_RESULT(using --with-gost)])
+ [AC_MSG_RESULT(using --with-gost)
+ have_gost=$with_gost])
case "$with_gost" in
yes)
case "$have_gost" in
@@ -1752,7 +1753,8 @@ int main() {
[AC_MSG_RESULT(yes)
have_aes="yes"],
[AC_MSG_RESULT(no)])],
- [AC_MSG_RESULT(using --with-aes)])
+ [AC_MSG_RESULT(using --with-aes)
+ have_aes=$with_aes])
ISC_OPENSSL_INC=""
ISC_OPENSSL_LIBS=""
@@ -1765,8 +1767,7 @@ int main() {
OPENSSLLINKOBJS='${OPENSSLLINKOBJS}'
OPENSSLLINKSRCS='${OPENSSLLINKSRCS}'
- ;;
-esac
+fi
#
# This would include the system openssl path (and linker options to use
|
GitWeb