Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -166,11 +166,11 @@ CPPFLAGS = @CPPFLAGS@ LIBS = @PKG_LIBS@ @LIBS@ AR = @AR@ CFLAGS = @CFLAGS@ LDFLAGS = @LDFLAGS@ -LDFLAGS_DEFAULT = @LDFLAGS_DEFAULT@ +LDFLAGS_DEFAULT = @LDFLAGS_DEFAULT@ COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) \ $(CFLAGS_DEFAULT) $(CFLAGS_WARNING) $(SHLIB_CFLAGS) $(CFLAGS) GDB = gdb VALGRIND = valgrind @@ -324,10 +324,22 @@ # Create default DH parameters dh_params.h: @srcdir@/generic/gen_dh_params Makefile sh @srcdir@/generic/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new mv dh_params.h.new @srcdir@/generic/dh_params.h + +$(srcdir)/manifest.uuid: + printf "git-" >$(srcdir)/manifest.uuid + (cd $(srcdir); git rev-parse HEAD >>$(srcdir)/manifest.uuid || \ + (printf "svn-r" >$(srcdir)/manifest.uuid ; \ + svn info --show-item last-changed-revision >>$(srcdir)/manifest.uuid) || \ + printf "unknown" >$(srcdir)/manifest.uuid) + +tlsUuid.h: $(srcdir)/manifest.uuid + echo "#define TLS_VERSION_UUID \\" >$@ + cat $(srcdir)/manifest.uuid >>$@ + echo "" >>$@ #======================================================================== # Create the pkgIndex.tcl file. # It is usually easiest to let Tcl do this for you with pkg_mkIndex, but # you may find that you need to customize the package. If so, either @@ -387,10 +399,12 @@ $(DIST_INSTALL_DATA_RECUR) $(srcdir)/$$p/* $(DIST_DIR)/$$p/; \ fi; \ done (cd $(DIST_ROOT); $(COMPRESS);) + cd $(top_builddir) + mv $(DIST_ROOT)/$(PKG_DIR).tar.gz $(top_builddir) #======================================================================== # End of user-definable section #======================================================================== Index: acinclude.m4 ================================================================== --- acinclude.m4 +++ acinclude.m4 @@ -87,10 +87,11 @@ AC_DEFUN([TCLTLS_SSL_OPENSSL], [ AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) openssldir='' opensslpkgconfigdir='' + AC_ARG_WITH([openssl-dir], AS_HELP_STRING( [--with-openssl-dir=], [path to root directory of OpenSSL or LibreSSL installation] ), [ @@ -156,101 +157,105 @@ dnl Disable support for TLS 1.0 protocol AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) + AC_MSG_CHECKING([for disable TLS1 protocol]) + AC_MSG_RESULT('yes') fi ]) dnl Disable support for TLS 1.1 protocol AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) + AC_MSG_CHECKING([for disable TLS1.1 protocol]) + AC_MSG_RESULT('yes') fi ]) dnl Disable support for TLS 1.2 protocol AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) + AC_MSG_CHECKING([for disable TLS1.2 protocol]) + AC_MSG_RESULT('yes') fi ]) dnl Disable support for TLS 1.3 protocol AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) + AC_MSG_CHECKING([for disable TLS1.3 protocol]) + AC_MSG_RESULT('yes') fi ]) - dnl Enable support for building the same library every time - tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [ - if test "$enableval" = "yes"; then - tcltls_deterministic='true' - fi + tcltls_deterministic="$enableval" + ], [ + tcltls_deterministic='no' ]) - if test "$tcltls_deterministic" = 'true'; then + if test "$tcltls_deterministic" = 'yes'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi dnl Enable support for specifying pre-computed DH params size - AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size of the built-in, precomputed, DH params]), [ + AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size in bits of the built-in, precomputed, DH params]), [ AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])]) GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" ]) AC_SUBST(GEN_DH_PARAMS_ARGS) - + AC_MSG_CHECKING([for DH params]) + AC_MSG_RESULT([$GEN_DH_PARAMS_ARGS]) dnl Determine if we have been asked to use a fast path if possible - tcltls_ssl_fastpath='no' AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [ - if test "$enableval" = 'yes'; then - tcltls_ssl_fastpath='yes' - else - tcltls_ssl_fastpath='no' - fi + tcltls_ssl_fastpath="$enableval" + ], [ + tcltls_ssl_fastpath='no' ]) - if test "$tcltls_ssl_fastpath" = 'yes'; then AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library]) fi + AC_MSG_CHECKING([for fast path]) + AC_MSG_RESULT([$tcltls_ssl_fastpath]) dnl Enable hardening - AC_MSG_CHECKING([enable hardening]) - tcltls_enable_hardening='yes' AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [enable hardening attempts]), [ tcltls_enable_hardening="$enableval" + ], [ + tcltls_enable_hardening='yes' ]) - AC_MSG_RESULT([$tcltls_enable_hardening]) if test "$tcltls_enable_hardening" = 'yes'; then if test "$GCC" = 'yes' -o "$CC" = 'clang'; then TEA_ADD_CFLAGS([-fstack-protector-all]) TEA_ADD_CFLAGS([-fno-strict-overflow]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) fi fi - + AC_MSG_CHECKING([for enable hardening]) + AC_MSG_RESULT([$tcltls_enable_hardening]) dnl Determine if we have been asked to statically link to the SSL library - TCLEXT_TLS_STATIC_SSL='no' - AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable statically linking to the specified SSL library]), [ - if test "$enableval" = 'yes'; then - TCLEXT_TLS_STATIC_SSL='yes' - fi + AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable static linking to the SSL library]), [ + TCLEXT_TLS_STATIC_SSL="$enableval" + ], [ + TCLEXT_TLS_STATIC_SSL='no' ]) if test "${SHARED_BUILD}" != "1"; then dnl If we are doing a static build, save the linker flags for other programs to consume rm -f tcltls.${AREXT}.linkadd AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd fi - dnl If we have been asked to statically link to the SSL library, specifically tell the linker to do so + dnl If we have been asked to statically link to the SSL library, tell the linker to do so if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then dnl Don't bother doing this if we aren't actually doing the runtime linking if test "${SHARED_BUILD}" = "1"; then dnl Split the libraries into SSL and non-SSL libraries new_TCLTLS_SSL_LIBS_normal='' Index: configure ================================================================== --- configure +++ configure @@ -1433,13 +1433,12 @@ --disable-tls1_2 disable TLS1.2 protocol --disable-tls1_3 disable TLS1.3 protocol --enable-deterministic enable deterministic DH parameters --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library - --disable-hardening disable hardening attempts - --enable-static-ssl enable statically linking to the specified SSL - library + --disable-hardening enable hardening attempts + --enable-static-ssl enable static linking to the SSL library Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-tcl directory containing tcl configuration @@ -1451,12 +1450,12 @@ installation --with-openssl-pkgconfig= path to root directory of OpenSSL or LibreSSL pkgconfigdir --with-builtin-dh-params-size= - specify the size of the built-in, precomputed, DH - params + specify the size in bits of the built-in, + precomputed, DH params Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -8913,13 +8912,116 @@ # This marco includes the TCL TLS specific functions to set the # OpenSSL or LibreSSL config. #-------------------------------------------------------------------- + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$PKGCONFIG"; then + ac_cv_prog_PKGCONFIG="$PKGCONFIG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_PKGCONFIG="${ac_tool_prefix}pkg-config" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +PKGCONFIG=$ac_cv_prog_PKGCONFIG +if test -n "$PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +printf "%s\n" "$PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_PKGCONFIG"; then + ac_ct_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_PKGCONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_PKGCONFIG"; then + ac_cv_prog_ac_ct_PKGCONFIG="$ac_ct_PKGCONFIG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_PKGCONFIG="pkg-config" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_PKGCONFIG=$ac_cv_prog_ac_ct_PKGCONFIG +if test -n "$ac_ct_PKGCONFIG"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_PKGCONFIG" >&5 +printf "%s\n" "$ac_ct_PKGCONFIG" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_PKGCONFIG" = x; then + PKGCONFIG="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_ct_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_prog_PKGCONFIG" +fi + openssldir='' opensslpkgconfigdir='' + # Check whether --with-openssl-dir was given. if test ${with_openssl_dir+y} then : withval=$with_openssl_dir; @@ -9017,10 +9119,14 @@ enableval=$enable_tls1; if test "${enableval}" = "no"; then printf "%s\n" "#define NO_TLS1 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1 protocol" >&5 +printf %s "checking for disable TLS1 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5 +printf "%s\n" "'yes'" >&6; } fi fi @@ -9030,10 +9136,14 @@ enableval=$enable_tls1_1; if test "${enableval}" = "no"; then printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.1 protocol" >&5 +printf %s "checking for disable TLS1.1 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5 +printf "%s\n" "'yes'" >&6; } fi fi @@ -9043,10 +9153,14 @@ enableval=$enable_tls1_2; if test "${enableval}" = "no"; then printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.2 protocol" >&5 +printf %s "checking for disable TLS1.2 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5 +printf "%s\n" "'yes'" >&6; } fi fi @@ -9056,28 +9170,32 @@ enableval=$enable_tls1_3; if test "${enableval}" = "no"; then printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.3 protocol" >&5 +printf %s "checking for disable TLS1.3 protocol... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: 'yes'" >&5 +printf "%s\n" "'yes'" >&6; } fi fi - - tcltls_deterministic='false' - # Check whether --enable-deterministic was given. + # Check whether --enable-deterministic was given. if test ${enable_deterministic+y} then : enableval=$enable_deterministic; - if test "$enableval" = "yes"; then - tcltls_deterministic='true' - fi + tcltls_deterministic="$enableval" + +else $as_nop + + tcltls_deterministic='no' fi - if test "$tcltls_deterministic" = 'true'; then + if test "$tcltls_deterministic" = 'yes'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi @@ -9095,45 +9213,49 @@ GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for DH params" >&5 +printf %s "checking for DH params... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GEN_DH_PARAMS_ARGS" >&5 +printf "%s\n" "$GEN_DH_PARAMS_ARGS" >&6; } - - tcltls_ssl_fastpath='no' - # Check whether --enable-ssl-fastpath was given. + # Check whether --enable-ssl-fastpath was given. if test ${enable_ssl_fastpath+y} then : enableval=$enable_ssl_fastpath; - if test "$enableval" = 'yes'; then - tcltls_ssl_fastpath='yes' - else - tcltls_ssl_fastpath='no' - fi + tcltls_ssl_fastpath="$enableval" + +else $as_nop + + tcltls_ssl_fastpath='no' fi - if test "$tcltls_ssl_fastpath" = 'yes'; then printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fast path" >&5 +printf %s "checking for fast path... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_ssl_fastpath" >&5 +printf "%s\n" "$tcltls_ssl_fastpath" >&6; } - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking enable hardening" >&5 -printf %s "checking enable hardening... " >&6; } - tcltls_enable_hardening='yes' - # Check whether --enable-hardening was given. + # Check whether --enable-hardening was given. if test ${enable_hardening+y} then : enableval=$enable_hardening; tcltls_enable_hardening="$enableval" +else $as_nop + + tcltls_enable_hardening='yes' + fi - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_enable_hardening" >&5 -printf "%s\n" "$tcltls_enable_hardening" >&6; } if test "$tcltls_enable_hardening" = 'yes'; then if test "$GCC" = 'yes' -o "$CC" = 'clang'; then PKG_CFLAGS="$PKG_CFLAGS -fstack-protector-all" @@ -9145,20 +9267,24 @@ printf "%s\n" "#define _FORTIFY_SOURCE 2" >>confdefs.h fi fi + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for enable hardening" >&5 +printf %s "checking for enable hardening... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_enable_hardening" >&5 +printf "%s\n" "$tcltls_enable_hardening" >&6; } - - TCLEXT_TLS_STATIC_SSL='no' - # Check whether --enable-static-ssl was given. + # Check whether --enable-static-ssl was given. if test ${enable_static_ssl+y} then : enableval=$enable_static_ssl; - if test "$enableval" = 'yes'; then - TCLEXT_TLS_STATIC_SSL='yes' - fi + TCLEXT_TLS_STATIC_SSL="$enableval" + +else $as_nop + + TCLEXT_TLS_STATIC_SSL='no' fi if test "${SHARED_BUILD}" == 0; then @@ -9185,11 +9311,10 @@ *) new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" ;; esac done - @@ -9399,11 +9524,10 @@ # Setup a *Config.sh.in configuration file. #-------------------------------------------------------------------- #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) - #-------------------------------------------------------------------- # Specify files to substitute AC variables in. You may alternatively # have a special pkgIndex.tcl.in or other files which require # substituting the AC variables in. Include these here. Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -202,11 +202,10 @@ # Setup a *Config.sh.in configuration file. #-------------------------------------------------------------------- #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) - #-------------------------------------------------------------------- # Specify files to substitute AC variables in. You may alternatively # have a special pkgIndex.tcl.in or other files which require # substituting the AC variables in. Include these here. Index: pkgIndex.tcl.in ================================================================== --- pkgIndex.tcl.in +++ pkgIndex.tcl.in @@ -2,21 +2,23 @@ # Tcl package index file, version 1.1 # if {[package vsatisfies [package provide Tcl] 9.0-]} { package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ \ [list load [file join $dir @PKG_LIB_FILE9@] [string totitle @PACKAGE_NAME@]] -} elseif {[package vsatisfies [package present Tcl] 8.5-]} { - package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} { + set initScript [file join $dir @PACKAGE_NAME@.tcl] + if {[file exists $initScript]} { + source $initScript + } +} else { + if {![package vsatisfies [package provide Tcl] 8.5]} {return} + package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list apply {{dir} { if {[string tolower [file extension @PKG_LIB_FILE8@]] in [list ".dll" ".so"]} { load [file join $dir @PKG_LIB_FILE8@] [string totitle @PACKAGE_NAME@] } else { load {} [string totitle @PACKAGE_NAME@] } - set initScript [file join $dir @PACKAGE_NAME@.tcl] if {[file exists $initScript]} { - source $initScript + source $initScript } - }} $dir] -} elseif {[package vsatisfies [package present Tcl] 8.4]} { - package ifneeded @PACKAGE_NAME@ @PACKAGE_VERSION@ [list load [file join $dir @PKG_LIB_FILE8@] [string totitle @PACKAGE_NAME@]] + }} $dir] }