Index: acinclude.m4 ================================================================== --- acinclude.m4 +++ acinclude.m4 @@ -11,38 +11,38 @@ AC_DEFUN([TCLTLS_SSL_OPENSSL], [ AC_CHECK_TOOL([PKG_CONFIG], [pkg-config]) dnl Disable support for TLS 1.0 protocol AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) AC_MSG_CHECKING([for disable TLS1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.1 protocol AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) AC_MSG_CHECKING([for disable TLS1.1 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.2 protocol AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) AC_MSG_CHECKING([for disable TLS1.2 protocol]) AC_MSG_RESULT([yes]) fi ]) dnl Disable support for TLS 1.3 protocol AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) AC_MSG_CHECKING([for disable TLS1.3 protocol]) AC_MSG_RESULT([yes]) fi ]) @@ -53,11 +53,11 @@ [enable using the underlying file descriptor for talking directly to the SSL library]), [ tcltls_ssl_fastpath="$enableval" ], [ tcltls_ssl_fastpath='no' ]) - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Enable SSL library direct use of the underlying file descriptor]) fi AC_MSG_CHECKING([for fast path]) AC_MSG_RESULT([$tcltls_ssl_fastpath]) @@ -66,12 +66,12 @@ AC_ARG_ENABLE([hardening], AS_HELP_STRING([--enable-hardening], [enable hardening attempts]), [ tcltls_enable_hardening="$enableval" ], [ tcltls_enable_hardening='yes' ]) - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then TEA_ADD_CFLAGS([-fstack-protector-all]) TEA_ADD_CFLAGS([-fno-strict-overflow]) AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) fi fi @@ -107,11 +107,11 @@ AS_HELP_STRING([--with-openssl-includedir=], [path to include directory of OpenSSL or LibreSSL installation] ), [ opensslincludedir="$withval" ], [ - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi ] @@ -118,11 +118,11 @@ ) AC_MSG_CHECKING([for OpenSSL include directory]) AC_MSG_RESULT($opensslincludedir) dnl Set SSL include vars - if test ! -z "$opensslincludedir"; then + if test -n "$opensslincludedir"; then if test -f "$opensslincludedir/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" AC_MSG_CHECKING([for ssl.h]) AC_MSG_RESULT([yes]) @@ -138,11 +138,11 @@ AS_HELP_STRING([--with-openssl-libdir=], [path to lib directory of OpenSSL or LibreSSL installation] ), [ openssllibdir="$withval" ], [ - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then if test "$do64bit" == 'yes'; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi @@ -153,20 +153,14 @@ ) AC_MSG_CHECKING([for OpenSSL lib directory]) AC_MSG_RESULT($openssllibdir) dnl Set SSL lib vars - if test ! -z "$openssllibdir"; then + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + SSL_LIBS_PATH="-L$openssllibdir" else AC_MSG_ERROR([Unable to locate libssl${SHLIB_SUFFIX}]) fi fi @@ -185,18 +179,11 @@ ] ) AC_MSG_CHECKING([for OpenSSL pkgconfig]) AC_MSG_RESULT($opensslpkgconfigdir) - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - - dnl Use pkg-config to find the libraries + dnl Use pkg-config to find the library names if test -n "${PKG_CONFIG}"; then dnl Temporarily update PKG_CONFIG_PATH PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then @@ -204,12 +191,21 @@ fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "${SHARED_BUILD}" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi if test -z "$TCLTLS_SSL_INCLUDES"; then @@ -216,24 +212,29 @@ TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration]) fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" fi - dnl Fallback settings for OpenSSL includes and libs - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi + fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + # Linux and Solaris + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + # HPUX: -Wl,-a,archive ... -Wl,-a,shared_archive + fi fi dnl Include config variables in --help list and make available to be substituted via AC_SUBST. AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for OpenSSL or LibreSSL]) AC_ARG_VAR([TCLTLS_SSL_INCLUDES], [C compiler include paths for OpenSSL or LibreSSL]) AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for OpenSSL or LibreSSL]) ]) Index: configure ================================================================== --- configure +++ configure @@ -5579,10 +5579,11 @@ done #-------------------------------------------------------------------- +# # You can add more files to clean if your extension creates any extra # files by extending CLEANFILES. # Add pkgIndex.tcl if it is generated in the Makefile instead of ./configure # and change Makefile.in to move it from CONFIG_CLEAN_FILES to BINARIES var. # @@ -9284,11 +9285,11 @@ # Check whether --enable-tls1 was given. if test ${enable_tls1+y} then : enableval=$enable_tls1; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1 protocol" >&5 printf %s "checking for disable TLS1 protocol... " >&6; } @@ -9301,11 +9302,11 @@ # Check whether --enable-tls1_1 was given. if test ${enable_tls1_1+y} then : enableval=$enable_tls1_1; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.1 protocol" >&5 printf %s "checking for disable TLS1.1 protocol... " >&6; } @@ -9318,11 +9319,11 @@ # Check whether --enable-tls1_2 was given. if test ${enable_tls1_2+y} then : enableval=$enable_tls1_2; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.2 protocol" >&5 printf %s "checking for disable TLS1.2 protocol... " >&6; } @@ -9335,11 +9336,11 @@ # Check whether --enable-tls1_3 was given. if test ${enable_tls1_3+y} then : enableval=$enable_tls1_3; - if test "${enableval}" = "no"; then + if test "${enableval}" == "no"; then printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for disable TLS1.3 protocol" >&5 printf %s "checking for disable TLS1.3 protocol... " >&6; } @@ -9362,11 +9363,11 @@ tcltls_ssl_fastpath='no' ;; esac fi - if test "$tcltls_ssl_fastpath" = 'yes'; then + if test "$tcltls_ssl_fastpath" == 'yes'; then printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h fi { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fast path" >&5 @@ -9386,12 +9387,12 @@ tcltls_enable_hardening='yes' ;; esac fi - if test "$tcltls_enable_hardening" = 'yes'; then - if test "$GCC" = 'yes' -o "$CC" = 'clang'; then + if test "$tcltls_enable_hardening" == 'yes'; then + if test "$GCC" == 'yes' -o "$CC" = 'clang'; then PKG_CFLAGS="$PKG_CFLAGS -fstack-protector-all" @@ -9455,11 +9456,11 @@ withval=$with_openssl_includedir; opensslincludedir="$withval" else case e in #( e) - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then opensslincludedir="${openssldir}/include" else opensslincludedir='' fi @@ -9470,11 +9471,11 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL include directory" >&5 printf %s "checking for OpenSSL include directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslincludedir" >&5 printf "%s\n" "$opensslincludedir" >&6; } - if test ! -z "$opensslincludedir"; then + if test -n "$opensslincludedir"; then if test -f "$opensslincludedir/openssl/ssl.h"; then TCLTLS_SSL_CFLAGS="-I$opensslincludedir" TCLTLS_SSL_INCLUDES="-I$opensslincludedir" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ssl.h" >&5 printf %s "checking for ssl.h... " >&6; } @@ -9496,11 +9497,11 @@ withval=$with_openssl_libdir; openssllibdir="$withval" else case e in #( e) - if test ! -z "$openssldir"; then + if test -n "$openssldir"; then if test "$do64bit" == 'yes'; then openssllibdir="$openssldir/lib64" else openssllibdir="$openssldir/lib" fi @@ -9515,20 +9516,14 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL lib directory" >&5 printf %s "checking for OpenSSL lib directory... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $openssllibdir" >&5 printf "%s\n" "$openssllibdir" >&6; } - if test ! -z "$openssllibdir"; then + SSL_LIBS_PATH='' + if test -n "$openssllibdir"; then if test -f "$openssllibdir/libssl${SHLIB_SUFFIX}"; then - if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then - TCLTLS_SSL_LIBS="-L$openssllibdir -lcrypto -lssl" - #else - # Linux and Solaris - #TCLTLS_SSL_LIBS="-Wl,-Bstatic `$PKG_CONFIG --static --libs crypto ssl` -Wl,-Bdynamic" - # HPUX - # -Wl,-a,archive ... -Wl,-a,shared_archive - fi + SSL_LIBS_PATH="-L$openssllibdir" else as_fn_error $? "Unable to locate libssl${SHLIB_SUFFIX}" "$LINENO" 5 fi fi @@ -9554,17 +9549,10 @@ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OpenSSL pkgconfig" >&5 printf %s "checking for OpenSSL pkgconfig... " >&6; } { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $opensslpkgconfigdir" >&5 printf "%s\n" "$opensslpkgconfigdir" >&6; } - - # Use Package Config tool to get config - pkgConfigExtraArgs='' - if test "${SHARED_BUILD}" == 0 -o "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then - pkgConfigExtraArgs='--static' - fi - if test -n "${PKG_CONFIG}"; then PKG_CONFIG_PATH_SAVE="${PKG_CONFIG_PATH}" if test -n "${opensslpkgconfigdir}"; then if ! test -f "${opensslpkgconfigdir}/openssl.pc"; then as_fn_error $? "Unable to locate ${opensslpkgconfigdir}/openssl.pc" "$LINENO" 5 @@ -9571,12 +9559,21 @@ fi PKG_CONFIG_PATH="${opensslpkgconfigdir}:${PKG_CONFIG_PATH}" export PKG_CONFIG_PATH fi + + pkgConfigExtraArgs='' + if test "${SHARED_BUILD}" == "0" -o "$TCLEXT_TLS_STATIC_SSL" == 'yes'; then + pkgConfigExtraArgs='--static' + fi + if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="`"${PKG_CONFIG}" openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH `${PKG_CONFIG} openssl --libs $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 + if test "${TCLEXT_TLS_STATIC_SSL}" == 'yes'; then + TCLTLS_SSL_LIBS="-Wl,-Bstatic $TCLTLS_SSL_LIBS -Wl,-Bdynamic" + fi fi if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="`"${PKG_CONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi if test -z "$TCLTLS_SSL_INCLUDES"; then @@ -9583,21 +9580,24 @@ TCLTLS_SSL_INCLUDES="`"${PKG_CONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5 fi PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" fi - - if test -z "$TCLTLS_SSL_LIBS"; then - TCLTLS_SSL_LIBS="-lcrypto -lssl" - fi - if test -z "$TCLTLS_SSL_CFLAGS"; then + if test -z "$TCLTLS_SSL_CFLAGS"; then TCLTLS_SSL_CFLAGS="" fi if test -z "$TCLTLS_SSL_INCLUDES"; then if test -f /usr/include/openssl/ssl.h; then TCLTLS_SSL_INCLUDES="-I/usr/include" fi + fi + if test -z "$TCLTLS_SSL_LIBS"; then + if test "${TCLEXT_TLS_STATIC_SSL}" == 'no'; then + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -lssl -lcrypto" + else + TCLTLS_SSL_LIBS="$SSL_LIBS_PATH -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic" + fi fi