From c7170e20d0a18ec8a514b4daa53bcdbb4dcb3a05 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 24 Aug 2017 22:26:48 +0200 Subject: configure: allow setting the default SSL backend Previously, we used as default SSL backend whatever was first in the `available_backends` array. However, some users may want to override that default without patching the source code. Now they can: with the --with-default-ssl-backend= option of the ./configure script. Signed-off-by: Johannes Schindelin --- configure.ac | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/vtls/vtls.c | 4 ++++ 2 files changed, 58 insertions(+) diff --git a/configure.ac b/configure.ac index 5c0747653..e6c72f358 100755 --- a/configure.ac +++ b/configure.ac @@ -1334,6 +1334,34 @@ else CPPFLAGS="$save_CPPFLAGS" fi +dnl ------------------------------------------------------------- +dnl parse --with-default-ssl-backend so it can be validated below +dnl ------------------------------------------------------------- + +DEFAULT_SSL_BACKEND=no +VALID_DEFAULT_SSL_BACKEND= +AC_ARG_WITH(default-ssl-backend, +AC_HELP_STRING([--with-default-ssl-backend=NAME],[Use NAME as default SSL backend]) +AC_HELP_STRING([--without-default-ssl-backend],[Use implicit default SSL backend]), + [DEFAULT_SSL_BACKEND=$withval]) +case "$DEFAULT_SSL_BACKEND" in + no) + dnl --without-default-ssl-backend option used + ;; + default|yes) + dnl --with-default-ssl-backend option used without name + AC_MSG_ERROR([The name of the default SSL backend is required.]) + ;; + *) + dnl --with-default-ssl-backend option used with name + AC_SUBST(DEFAULT_SSL_BACKEND) + dnl needs to be validated below + VALID_DEFAULT_SSL_BACKEND=no + ;; +esac + +dnl ********************************************************************** + dnl ------------------------------------------------- dnl check winssl option before other SSL libraries dnl ------------------------------------------------- @@ -1353,6 +1381,7 @@ if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) AC_SUBST(USE_SCHANNEL, [1]) ssl_msg="Windows-native" + test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes WINSSL_ENABLED=1 # --with-winssl implies --enable-sspi AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) @@ -1381,6 +1410,7 @@ if test -z "$ssl_backends" -o "x$OPT_DARWINSSL" != xno; then AC_DEFINE(USE_DARWINSSL, 1, [to enable Apple OS native SSL/TLS support]) AC_SUBST(USE_DARWINSSL, [1]) ssl_msg="$ssh_backends, Apple OS-native" + test darwinssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes DARWINSSL_ENABLED=1 LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" else @@ -1589,6 +1619,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ openssl/pem.h openssl/ssl.h openssl/err.h, ssl_msg="OpenSSL" + test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes OPENSSL_ENABLED=1 AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) @@ -1827,6 +1858,7 @@ if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then GNUTLS_ENABLED=1 USE_GNUTLS="yes" ssl_msg="GnuTLS" + test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ LIBS="$CLEANLIBS" @@ -1932,6 +1964,7 @@ if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then POLARSSL_ENABLED=1 USE_POLARSSL="yes" ssl_msg="PolarSSL" + test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ]) fi @@ -1958,6 +1991,7 @@ if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then POLARSSL_ENABLED=1 USE_POLARSSL="yes" ssl_msg="PolarSSL" + test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ CPPFLAGS=$_cppflags @@ -2021,6 +2055,7 @@ if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then MBEDTLS_ENABLED=1 USE_MBEDTLS="yes" ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [], -lmbedx509 -lmbedcrypto) fi @@ -2047,6 +2082,7 @@ if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then MBEDTLS_ENABLED=1 USE_MBEDTLS="yes" ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ CPPFLAGS=$_cppflags @@ -2115,6 +2151,7 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then CYASSL_ENABLED=1 USE_CYASSL="yes" ssl_msg="CyaSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ]) fi @@ -2141,6 +2178,7 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then CYASSL_ENABLED=1 USE_CYASSL="yes" ssl_msg="CyaSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ CPPFLAGS=$_cppflags @@ -2186,6 +2224,7 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then CYASSL_ENABLED=1 USE_CYASSL="yes" ssl_msg="WolfSSL" + test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ AC_MSG_RESULT(no) @@ -2331,6 +2370,7 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then USE_NSS="yes" NSS_ENABLED=1 ssl_msg="NSS" + test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], [ LDFLAGS="$CLEANLDFLAGS" @@ -2405,6 +2445,7 @@ if test -z "$ssl_backends" -o "x$OPT_AXTLS" != xno; then AXTLS_ENABLED=1 USE_AXTLS="yes" ssl_msg="axTLS" + test axtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes if test "x$cross_compiling" != "xyes"; then LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$LIB_AXTLS" @@ -2444,6 +2485,19 @@ if test -n "$ssl_backends"; then curl_ssl_msg="enabled ($ssl_backends)" fi +if test no = "$VALID_DEFAULT_SSL_BACKEND" +then + if test -n "$SSL_ENABLED" + then + AC_MSG_ERROR([Default SSL backend $DEFAULT_SSL_BACKEND not enabled!]) + else + AC_MSG_ERROR([Default SSL backend requires SSL!]) + fi +elif test yes = "$VALID_DEFAULT_SSL_BACKEND" +then + AC_DEFINE_UNQUOTED([CURL_DEFAULT_SSL_BACKEND], ["$DEFAULT_SSL_BACKEND"], [Default SSL backend]) +fi + dnl ********************************************************************** dnl Check for the CA bundle dnl ********************************************************************** diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 85665b7df..73ed7a31b 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -1246,6 +1246,10 @@ static int multissl_init(const struct Curl_ssl *backend) return 1; env = getenv("CURL_SSL_BACKEND"); +#ifdef CURL_DEFAULT_SSL_BACKEND + if(!env) + env = CURL_DEFAULT_SSL_BACKEND; +#endif if(env) for(i = 0; available_backends[i]; i++) if(!strcmp(env, available_backends[i]->info.name)) { -- cgit v1.2.3