ADDED aclocal/tcltls_mbedtls.m4 Index: aclocal/tcltls_mbedtls.m4 ================================================================== --- /dev/null +++ aclocal/tcltls_mbedtls.m4 @@ -0,0 +1,105 @@ +AC_DEFUN([TCLTLS_SSL_MBEDTLS], [ + mbedtlsdir='' + AC_ARG_WITH([mbedtls-dir], + AS_HELP_STRING( + [--with-mbedtls-dir=], + [path to root directory of MbedTLS installation] + ), [ + mbedtlsdir="$withval" + ] + ) + + if test -n "$mbedtlsdir"; then + if test -e "$mbedtlsdir/libmbedtls.a" -o -e "$mbedtlsdir/libmbedtls.${AREXT}"; then + TCLTLS_SSL_LIBS="-L$mbedtlsdir -lmbedtls -lmbedcrypto" + mbedtlsdir="`AS_DIRNAME(["$mbedtlsdir"])`" + else + TCLTLS_SSL_LIBS="-L$mbedtlsdir/library -lmbedtls -lmbedcrypto" + fi + TCLTLS_SSL_CFLAGS="-I$mbedtlsdir/include -I${mbedtlsdir}/include/mbedtls" + TCLTLS_SSL_CPPFLAGS="-I$mbedtlsdir/include -I${mbedtlsdir}/include/mbedtls" + fi + + AC_ARG_VAR([TCLTLS_SSL_LIBS], [libraries to pass to the linker for MbedTLS]) + AC_ARG_VAR([TCLTLS_SSL_CFLAGS], [C compiler flags for MbedTLS]) + AC_ARG_VAR([TCLTLS_SSL_CPPFLAGS], [C preprocessor flags for MbedTLS]) + + if test "$TCLEXT_BUILD" = "static"; then + dnl If we are doing a static build, save the linker flags for other programs to consume + rm -f tcltls.${AREXT}.linkadd + AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd + fi + + dnl If we have been asked to statically link to the SSL library, specifically tell the linker to do so + if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then + dnl Don't bother doing this if we aren't actually doing the runtime linking + if test "$TCLEXT_BUILD" != "static"; then + dnl Split the libraries into SSL and non-SSL libraries + new_TCLTLS_SSL_LIBS_normal='' + new_TCLTLS_SSL_LIBS_static='' + for arg in $TCLTLS_SSL_LIBS; do + case "${arg}" in + -L*) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" + ;; + -ldl|-lrt|-lc|-lpthread|-lm|-lcrypt|-lidn|-lresolv|-lgcc|-lgcc_s) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + ;; + -l*) + new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" + ;; + *) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + ;; + esac + done + SHOBJ_DO_STATIC_LINK_LIB([MbedTLS], [$new_TCLTLS_SSL_LIBS_static], [new_TCLTLS_SSL_LIBS_static]) + TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" + fi + fi + + dnl Save compile-altering variables we are changing + SAVE_LIBS="${LIBS}" + SAVE_CFLAGS="${CFLAGS}" + SAVE_CPPFLAGS="${CPPFLAGS}" + + dnl Update compile-altering variables to include the MbedTLS libraries + LIBS="${TCLTLS_SSL_LIBS} ${SAVE_LIBS} ${TCLTLS_SSL_LIBS}" + CFLAGS="${TCLTLS_SSL_CFLAGS} ${SAVE_CFLAGS} ${TCLTLS_SSL_CFLAGS}" + CPPFLAGS="${TCLTLS_SSL_CPPFLAGS} ${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}" + + dnl Verify that basic functionality is there + AC_LANG_PUSH(C) + AC_MSG_CHECKING([if a basic MbedTLS program works]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ +#define MBEDTLS_CONFIG_FILE +#include MBEDTLS_CONFIG_FILE + ], [ + mbedtls_ssl_context *ctx; + mbedtls_ssl_init(ctx); + mbedtls_ssl_setup(ctx, (void *) 0); + mbedtls_ssl_free(ctx); + ])], [ + AC_MSG_RESULT([yes]) + ], [ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([Unable to compile a basic program using MbedTLS]) + ]) + AC_LANG_POP([C]) + +dnl +dnl AC_CHECK_FUNCS([TLS_method]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2]) +dnl TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_3], [], [tlsv1.3], [NO_TLS1_3], [SSL_OP_NO_TLSv1_3]) +dnl + + dnl Restore compile-altering variables + LIBS="${SAVE_LIBS}" + CFLAGS="${SAVE_CFLAGS}" + CPPFLAGS="${SAVE_CPPFLAGS}" +]) Index: autogen.sh ================================================================== --- autogen.sh +++ autogen.sh @@ -16,10 +16,11 @@ 'http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_check_compile_flag.m4' ) localFiles=( aclocal/tcltls_openssl.m4 + aclocal/tcltls_mbedtls.m4 ) failed='0' for command in "${commands[@]}"; do if [ ! -f "$(which "${command}" 2>/dev/null)" ]; then Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -28,11 +28,11 @@ fi AC_SUBST(EXTENSION_TARGET) AC_SUBST(TCLEXT_BUILD) dnl Determine what SSL library to link with -AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl=], [name of ssl library to build against (openssl, libressl, nss, auto)]), [ +AC_ARG_WITH([ssl], AS_HELP_STRING([--with-ssl=], [name of ssl library to build against (openssl, libressl, mbedtls, auto)]), [ if test "$withval" = "no"; then AC_MSG_ERROR([You may not specify --without-ssl]) fi if test "$withval" = "yes"; then @@ -218,14 +218,12 @@ AS_CASE([$tcltls_ssl_lib], [openssl], [ TCLTLS_SSL_OPENSSL ], - [nss], [ - TCLTLS_SSL_LIBS="" - TCLTLS_SSL_CFLAGS="" - TCLTLS_SSL_CPPFLAGS="" + [mbedtls], [ + TCLTLS_SSL_MBEDTLS ], [ AC_MSG_ERROR([Unsupported SSL library: $tcltls_ssl_lib]) ] )