tcltls_openssl.m4 at [79ea996cac]

File aclocal/tcltls_openssl.m4 artifact 488956d001 part of check-in 79ea996cac


AC_DEFUN([TCLTLS_SSL_OPENSSL], [
	openssldir=''
	AC_ARG_WITH([ssl-dir],
		AS_HELP_STRING(
			[--with-ssl-dir=<dir>],
			[deprecated, use --with-openssl-dir -- currently has the same meaning]
		), [
			openssldir="$withval"
		]
	)
	AC_ARG_WITH([openssl-dir],
		AS_HELP_STRING(
			[--with-openssl-dir=<dir>],
			[path to root directory of OpenSSL or LibreSSL installation]
		), [
			openssldir="$withval"
		]
	)

	if test -n "$openssldir"; then
		if test -e "$openssldir/libssl.$SHOBJEXT"; then
			TCLTLS_SSL_LIBS="-L$openssldir -lssl -lcrypto"
			openssldir="`AS_DIRNAME(["$openssldir"])`"
		else
			TCLTLS_SSL_LIBS="-L$openssldir/lib -lssl -lcrypto"
		fi
		TCLTLS_SSL_CFLAGS="-I$openssldir/include"
		TCLTLS_SSL_CPPFLAGS="-I$openssldir/include"
	fi

	dnl Use pkg-config to find the libraries
	AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL])
	AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL])
	AC_ARG_VAR([TCLTLS_SSL_CPPFLAGS], [C preprocessor flags for OpenSSL or LibreSSL])
	if test -z "$TCLTLS_SSL_LIBS"; then
		TCLTLS_SSL_LIBS="`"${PKGCONFIG}" openssl --libs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CFLAGS"; then
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi

	dnl Save compile-altering variables we are changing
	SAVE_LIBS="${LIBS}"
	SAVE_CFLAGS="${CFLAGS}"
	SAVE_CPPFLAGS="${CPPFLAGS}"

	dnl Update compile-altering variables to include the OpenSSL libraries
	LIBS="${SAVE_LIBS} ${TCLTLS_SSL_LIBS}"
	CFLAGS="${SAVE_CFLAGS} ${TCLTLS_SSL_CFLAGS}"
	CPPFLAGS="${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}"

	dnl Verify that basic functionality is there
	AC_LANG_PUSH(C)
	AC_MSG_CHECKING([if a basic OpenSSL program works])
	AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
# include <openssl/conf.h>
#endif
		], [
  (void)SSL_library_init();
  SSL_load_error_strings();
  OPENSSL_config(NULL);
		])], [
		AC_MSG_RESULT([yes])
	], [
		AC_MSG_RESULT([no])
		AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
	])
	AC_LANG_POP([C])

	dnl Determine if SSLv2 is supported
	if test "$tcltls_ssl_ssl2" = "true"; then
		AC_CHECK_FUNC(SSLv2_method,, [
			tcltls_ssl_ssl2='false'
		])
	fi

	if test "$tcltls_ssl_ssl2" = "false"; then
		AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])
	fi

	dnl Determine if SSLv3 is supported
	if test "$tcltls_ssl_ssl3" = "true"; then
		AC_CHECK_FUNC(SSLv3_method,, [
			tcltls_ssl_ssl3='false'
		])
	fi

	if test "$tcltls_ssl_ssl3" = "false"; then
		AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])
	fi

	dnl Determine if TLSv1.0 is supported
	if test "$tcltls_ssl_tls1_0" = "true"; then
		AC_CHECK_FUNC(TLSv1_method,, [
			tcltls_ssl_tls1_0='false'
		])
	fi

	if test "$tcltls_ssl_tls1_0" = "false"; then
		AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])
	fi

	dnl Determine if TLSv1.1 is supported
	if test "$tcltls_ssl_tls1_1" = "true"; then
		AC_CHECK_FUNC(TLSv1_1_method,, [
			tcltls_ssl_tls1_1='false'
		])
	fi

	if test "$tcltls_ssl_tls1_1" = "false"; then
		AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])
	fi

	dnl Determine if TLSv1.2 is supported
	if test "$tcltls_ssl_tls1_2" = "true"; then
		AC_CHECK_FUNC(TLSv1_2_method,, [
			tcltls_ssl_tls1_2='false'
		])
	fi

	if test "$tcltls_ssl_tls1_2" = "false"; then
		AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])
	fi

	AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
		AC_CHECK_FUNC(SSL_set_tlsext_host_name, [
			tcltls_cv_func_tlsext_hostname='yes'
		], [
			tcltls_cv_func_tlsext_hostname='no'
		])
	])

	if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then
		AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI])
	fi

	dnl Restore compile-altering variables
	LIBS="${SAVE_LIBS}"
	CFLAGS="${SAVE_CFLAGS}"
	CPPFLAGS="${SAVE_CPPFLAGS}"
])