summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndres Gomez <agomez@igalia.com>2013-04-11 10:32:54 +0300
committerDavid Tardon <dtardon@redhat.com>2013-04-13 10:49:46 +0000
commit48d49759a4d43b5e5dd997b4a87555ce25ae2a04 (patch)
tree738b34263b3c6c71a9cff99b60035b46dbf4a07d
parentf3f9db6d1d1fe63a4323f43de91a13aae03b1228 (diff)
neon: honor --disable-openssl and use GNUTLS
On --disable-openssl, the bundled neon library will link against GNUTLS + gcrypt instead of OpenSSL. Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4 Reviewed-on: https://gerrit.libreoffice.org/3330 Reviewed-by: David Tardon <dtardon@redhat.com> Tested-by: David Tardon <dtardon@redhat.com>
-rw-r--r--RepositoryExternal.mk34
-rw-r--r--config_host.mk.in4
-rw-r--r--configure.ac15
-rw-r--r--m4/libgcrypt.m4123
-rw-r--r--neon/Library_neon.mk15
-rw-r--r--neon/UnpackedTarball_neon.mk1
-rw-r--r--neon/configs/config.h14
-rw-r--r--neon/neon_with_gnutls.patch29
8 files changed, 230 insertions, 5 deletions
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk
index d1fd6495e90e..6218a517a076 100644
--- a/RepositoryExternal.mk
+++ b/RepositoryExternal.mk
@@ -1262,6 +1262,40 @@ endif # SYSTEM_OPENSSL
endif # DISABLE_OPENSSL
+ifeq ($(DISABLE_OPENSSL),YES)
+
+define gb_LinkTarget__use_gnutls
+$(call gb_LinkTarget_set_include,$(1),\
+ $$(INCLUDE) \
+ $(GNUTLS_CFLAGS) \
+)
+
+$(call gb_LinkTarget_add_defs,$(1),\
+ -DDISABLE_OPENSSL \
+)
+
+$(call gb_LinkTarget_add_libs,$(1),$(GNUTLS_LIBS))
+
+endef
+
+define gb_LinkTarget__use_libgcrypt
+$(call gb_LinkTarget_set_include,$(1),\
+ $$(INCLUDE) \
+ $(LIBGCRYPT_CFLAGS) \
+)
+
+$(call gb_LinkTarget_add_libs,$(1),$(LIBGCRYPT_LIBS))
+
+endef
+
+else # !DISABLE_OPENSSL
+
+gb_LinkTarget__use_gnutls:=
+gb_LinkTarget__use_libgcrypt:=
+
+endif # DISABLE_OPENSSL
+
+
ifeq ($(SYSTEM_CDR),YES)
define gb_LinkTarget__use_cdr
diff --git a/config_host.mk.in b/config_host.mk.in
index d794d1633819..a0f4675739dc 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -182,6 +182,8 @@ export GIT_REFERENCE_SRC=@GIT_REFERENCE_SRC@
export GIT_NEEDED_SUBMODULES=@GIT_NEEDED_SUBMODULES@
export GNOMEVFS_CFLAGS=$(gb_SPACE)@GNOMEVFS_CFLAGS@
export GNOMEVFS_LIBS=$(gb_SPACE)@GNOMEVFS_LIBS@
+export GNUTLS_CFLAGS=$(gb_SPACE)@GNUTLS_CFLAGS@
+export GNUTLS_LIBS=$(gb_SPACE)@GNUTLS_LIBS@
export PARALLELISM?=@PARALLELISM@
@x_GNUCP@ export GNUCOPY=@GNUCP@
export GNUMAKE=@GNUMAKE@
@@ -289,6 +291,8 @@ export LIBEXTTEXTCAT_CFLAGS=$(gb_SPACE)@LIBEXTTEXTCAT_CFLAGS@
export LIBEXTTEXTCAT_LIBS=$(gb_SPACE)@LIBEXTTEXTCAT_LIBS@
export LIBFONTS_JAR=@LIBFONTS_JAR@
export LIBFORMULA_JAR=@LIBFORMULA_JAR@
+export LIBGCRYPT_CFLAGS=@LIBGCRYPT_CFLAGS@
+export LIBGCRYPT_LIBS=@LIBGCRYPT_LIBS@
export LIBLANGTAG_CFLAGS=$(gb_SPACE)@LIBLANGTAG_CFLAGS@
export LIBLANGTAG_LIBS=$(gb_SPACE)@LIBLANGTAG_LIBS@
export LIBLAYOUT_JAR=@LIBLAYOUT_JAR@
diff --git a/configure.ac b/configure.ac
index 75e149f923fd..da58c8969fe5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8580,6 +8580,21 @@ fi
AC_SUBST([DISABLE_OPENSSL])
dnl ===================================================================
+dnl Check for building gnutls
+dnl ===================================================================
+AC_MSG_CHECKING([whether to use gnutls])
+if test "$enable_neon" != "no" && test "$enable_openssl" = "no"; then
+ AC_MSG_RESULT([yes])
+ AM_PATH_LIBGCRYPT()
+ PKG_CHECK_MODULES(GNUTLS, [gnutls],,
+ AC_MSG_ERROR([Disabling OpenSSL was requested, but GNUTLS is not
+ available in the system to use as replacement.]))
+fi
+
+AC_SUBST([LIBGCRYPT_CFLAGS])
+AC_SUBST([LIBGCRYPT_LIBS])
+
+dnl ===================================================================
dnl Check for system redland
dnl ===================================================================
dnl versions before 1.0.8 write RDF/XML that is useless for ODF (@xml:base)
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
new file mode 100644
index 000000000000..831dc0c6f439
--- /dev/null
+++ b/m4/libgcrypt.m4
@@ -0,0 +1,123 @@
+dnl Autoconf macros for libgcrypt
+dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+AC_DEFUN([AM_PATH_LIBGCRYPT],
+[ AC_ARG_WITH(libgcrypt-prefix,
+ AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
+ [prefix where LIBGCRYPT is installed (optional)]),
+ libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
+ if test x$libgcrypt_config_prefix != x ; then
+ if test x${LIBGCRYPT_CONFIG+set} != xset ; then
+ LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ fi
+ fi
+
+ AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ tmp=ifelse([$1], ,1:1.2.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_libgcrypt_api=0
+ min_libgcrypt_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
+ ok=no
+ if test "$LIBGCRYPT_CONFIG" != "no" ; then
+ req_major=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_libgcrypt_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
+ major=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $libgcrypt_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($libgcrypt_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # If we have a recent libgcrypt, we should also check that the
+ # API is compatible
+ if test "$req_libgcrypt_api" -gt 0 ; then
+ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([LIBGCRYPT API version])
+ if test "$req_libgcrypt_api" -eq "$tmp" ; then
+ AC_MSG_RESULT([okay])
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
+ LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
+ ifelse([$2], , :, [$2])
+ if test x"$host" != x ; then
+ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
+ if test x"$libgcrypt_config_host" != xnone ; then
+ if test x"$libgcrypt_config_host" != x"$host" ; then
+ AC_MSG_WARN([[
+***
+*** The config script $LIBGCRYPT_CONFIG was
+*** built for $libgcrypt_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-libgcrypt-prefix
+*** to specify a matching config script.
+***]])
+ fi
+ fi
+ fi
+ else
+ LIBGCRYPT_CFLAGS=""
+ LIBGCRYPT_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(LIBGCRYPT_CFLAGS)
+ AC_SUBST(LIBGCRYPT_LIBS)
+])
diff --git a/neon/Library_neon.mk b/neon/Library_neon.mk
index bc5fe25af1b2..2dad2ed8f30a 100644
--- a/neon/Library_neon.mk
+++ b/neon/Library_neon.mk
@@ -12,7 +12,9 @@ $(eval $(call gb_Library_Library,neon))
$(eval $(call gb_Library_use_unpacked,neon,neon))
$(eval $(call gb_Library_use_externals,neon,\
+ gnutls \
libxml2 \
+ libgcrypt \
openssl \
openssl_headers \
zlib \
@@ -56,8 +58,19 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_utils \
UnpackedTarball/neon/src/ne_xml \
UnpackedTarball/neon/src/ne_xmlreq \
+))
+
+
+ifneq ($(DISABLE_OPENSSL),YES)
+$(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_openssl \
))
+else
+$(eval $(call gb_Library_add_generated_cobjects,neon,\
+ UnpackedTarball/neon/src/ne_gnutls \
+))
+endif
+
ifeq ($(OS),WNT)
$(eval $(call gb_Library_use_system_win32_libs,neon,\
@@ -76,9 +89,11 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\
))
else
+ifneq ($(DISABLE_OPENSSL),YES)
$(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_ntlm \
))
+endif
endif
diff --git a/neon/UnpackedTarball_neon.mk b/neon/UnpackedTarball_neon.mk
index a099718ec50a..a6cb87b54e19 100644
--- a/neon/UnpackedTarball_neon.mk
+++ b/neon/UnpackedTarball_neon.mk
@@ -20,6 +20,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,neon,0))
$(eval $(call gb_UnpackedTarball_add_patches,neon,\
neon/neon.patch \
neon/neon_ne_set_request_flag.patch \
+ neon/neon_with_gnutls.patch \
))
# vim: set noet sw=4 ts=4:
diff --git a/neon/configs/config.h b/neon/configs/config.h
index db68aa289ac8..b0fdf22559e3 100644
--- a/neon/configs/config.h
+++ b/neon/configs/config.h
@@ -79,23 +79,25 @@
#define HAVE_GETSOCKOPT 1
#endif
+#ifdef DISABLE_OPENSSL
/* Define if GnuTLS support is enabled */
-/* #undef HAVE_GNUTLS */
+#define HAVE_GNUTLS
/* Define to 1 if you have the `gnutls_certificate_get_x509_cas' function. */
/* #undef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS */
/* Define to 1 if you have the `gnutls_certificate_verify_peers2' function. */
-/* #undef HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 */
+#define HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2
/* Define to 1 if you have the `gnutls_session_get_data2' function. */
-/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */
+#define HAVE_GNUTLS_SESSION_GET_DATA2
/* Define to 1 if you have the `gnutls_sign_callback_set' function. */
-/* #undef HAVE_GNUTLS_SIGN_CALLBACK_SET */
+#define HAVE_GNUTLS_SIGN_CALLBACK_SET
/* Define to 1 if you have the `gnutls_x509_dn_get_rdn_ava' function. */
-/* #undef HAVE_GNUTLS_X509_DN_GET_RDN_AVA */
+#define HAVE_GNUTLS_X509_DN_GET_RDN_AVA
+#endif /* DISABLE_OPENSSL */
/* Define if GSSAPI support is enabled */
/* #undef HAVE_GSSAPI */
@@ -179,6 +181,7 @@
#define HAVE_NETINET_TCP_H 1
#endif
+#ifndef DISABLE_OPENSSL
/* Define if NTLM is supported */
#ifndef WIN32
#define HAVE_NTLM 1
@@ -192,6 +195,7 @@
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#define HAVE_OPENSSL_SSL_H 1
+#endif /* !DISABLE_OPENSSL */
/* Define if pakchois library supported */
/* #undef HAVE_PAKCHOIS */
diff --git a/neon/neon_with_gnutls.patch b/neon/neon_with_gnutls.patch
new file mode 100644
index 000000000000..ed8b7faadebf
--- /dev/null
+++ b/neon/neon_with_gnutls.patch
@@ -0,0 +1,29 @@
+--- src/ne_gnutls.c 2009-12-02 23:40:41.000000000 +0200
++++ src/ne_gnutls.c 2013-03-29 13:41:00.429857276 +0200
+@@ -48,6 +48,26 @@
+ #include <iconv.h>
+ #endif
+
++
++/* GnuTLS removed these symbols from 2.99.0.
++ *
++ * This is a dodgy solution to avoid further patching of neon
++ * sources */
++#if LIBGNUTLS_VERSION_NUMBER >= 0x026300
++# define gnutls_pkcs12 gnutls_pkcs12_t
++# define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
++# define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
++# define gnutls_certificate_verify_peers(_ssl) ({ \
++ int __status_ ## __LINE__ = 0; \
++ gnutls_certificate_verify_peers2((_ssl), &__status_ ## __LINE__) == 0 \
++ ? __status_ ## __LINE__ : -1; \
++ })
++#elif LIBGNUTLS_VERSION_NUMBER >= 0x020303
++/* GnuTLS had these symbols since 2.3.3. */
++# define HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#endif /* LIBGNUTLS_VERSION_NUMBER */
++
++
+ #include "ne_ssl.h"
+ #include "ne_string.h"
+ #include "ne_session.h"