diff options
author | Andres Gomez <agomez@igalia.com> | 2013-04-11 10:32:54 +0300 |
---|---|---|
committer | David Tardon <dtardon@redhat.com> | 2013-04-13 10:49:46 +0000 |
commit | 48d49759a4d43b5e5dd997b4a87555ce25ae2a04 (patch) | |
tree | 738b34263b3c6c71a9cff99b60035b46dbf4a07d | |
parent | f3f9db6d1d1fe63a4323f43de91a13aae03b1228 (diff) |
neon: honor --disable-openssl and use GNUTLS
On --disable-openssl, the bundled neon library
will link against GNUTLS + gcrypt instead of
OpenSSL.
Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4
Reviewed-on: https://gerrit.libreoffice.org/3330
Reviewed-by: David Tardon <dtardon@redhat.com>
Tested-by: David Tardon <dtardon@redhat.com>
-rw-r--r-- | RepositoryExternal.mk | 34 | ||||
-rw-r--r-- | config_host.mk.in | 4 | ||||
-rw-r--r-- | configure.ac | 15 | ||||
-rw-r--r-- | m4/libgcrypt.m4 | 123 | ||||
-rw-r--r-- | neon/Library_neon.mk | 15 | ||||
-rw-r--r-- | neon/UnpackedTarball_neon.mk | 1 | ||||
-rw-r--r-- | neon/configs/config.h | 14 | ||||
-rw-r--r-- | neon/neon_with_gnutls.patch | 29 |
8 files changed, 230 insertions, 5 deletions
diff --git a/RepositoryExternal.mk b/RepositoryExternal.mk index d1fd6495e90e..6218a517a076 100644 --- a/RepositoryExternal.mk +++ b/RepositoryExternal.mk @@ -1262,6 +1262,40 @@ endif # SYSTEM_OPENSSL endif # DISABLE_OPENSSL +ifeq ($(DISABLE_OPENSSL),YES) + +define gb_LinkTarget__use_gnutls +$(call gb_LinkTarget_set_include,$(1),\ + $$(INCLUDE) \ + $(GNUTLS_CFLAGS) \ +) + +$(call gb_LinkTarget_add_defs,$(1),\ + -DDISABLE_OPENSSL \ +) + +$(call gb_LinkTarget_add_libs,$(1),$(GNUTLS_LIBS)) + +endef + +define gb_LinkTarget__use_libgcrypt +$(call gb_LinkTarget_set_include,$(1),\ + $$(INCLUDE) \ + $(LIBGCRYPT_CFLAGS) \ +) + +$(call gb_LinkTarget_add_libs,$(1),$(LIBGCRYPT_LIBS)) + +endef + +else # !DISABLE_OPENSSL + +gb_LinkTarget__use_gnutls:= +gb_LinkTarget__use_libgcrypt:= + +endif # DISABLE_OPENSSL + + ifeq ($(SYSTEM_CDR),YES) define gb_LinkTarget__use_cdr diff --git a/config_host.mk.in b/config_host.mk.in index d794d1633819..a0f4675739dc 100644 --- a/config_host.mk.in +++ b/config_host.mk.in @@ -182,6 +182,8 @@ export GIT_REFERENCE_SRC=@GIT_REFERENCE_SRC@ export GIT_NEEDED_SUBMODULES=@GIT_NEEDED_SUBMODULES@ export GNOMEVFS_CFLAGS=$(gb_SPACE)@GNOMEVFS_CFLAGS@ export GNOMEVFS_LIBS=$(gb_SPACE)@GNOMEVFS_LIBS@ +export GNUTLS_CFLAGS=$(gb_SPACE)@GNUTLS_CFLAGS@ +export GNUTLS_LIBS=$(gb_SPACE)@GNUTLS_LIBS@ export PARALLELISM?=@PARALLELISM@ @x_GNUCP@ export GNUCOPY=@GNUCP@ export GNUMAKE=@GNUMAKE@ @@ -289,6 +291,8 @@ export LIBEXTTEXTCAT_CFLAGS=$(gb_SPACE)@LIBEXTTEXTCAT_CFLAGS@ export LIBEXTTEXTCAT_LIBS=$(gb_SPACE)@LIBEXTTEXTCAT_LIBS@ export LIBFONTS_JAR=@LIBFONTS_JAR@ export LIBFORMULA_JAR=@LIBFORMULA_JAR@ +export LIBGCRYPT_CFLAGS=@LIBGCRYPT_CFLAGS@ +export LIBGCRYPT_LIBS=@LIBGCRYPT_LIBS@ export LIBLANGTAG_CFLAGS=$(gb_SPACE)@LIBLANGTAG_CFLAGS@ export LIBLANGTAG_LIBS=$(gb_SPACE)@LIBLANGTAG_LIBS@ export LIBLAYOUT_JAR=@LIBLAYOUT_JAR@ diff --git a/configure.ac b/configure.ac index 75e149f923fd..da58c8969fe5 100644 --- a/configure.ac +++ b/configure.ac @@ -8580,6 +8580,21 @@ fi AC_SUBST([DISABLE_OPENSSL]) dnl =================================================================== +dnl Check for building gnutls +dnl =================================================================== +AC_MSG_CHECKING([whether to use gnutls]) +if test "$enable_neon" != "no" && test "$enable_openssl" = "no"; then + AC_MSG_RESULT([yes]) + AM_PATH_LIBGCRYPT() + PKG_CHECK_MODULES(GNUTLS, [gnutls],, + AC_MSG_ERROR([Disabling OpenSSL was requested, but GNUTLS is not + available in the system to use as replacement.])) +fi + +AC_SUBST([LIBGCRYPT_CFLAGS]) +AC_SUBST([LIBGCRYPT_LIBS]) + +dnl =================================================================== dnl Check for system redland dnl =================================================================== dnl versions before 1.0.8 write RDF/XML that is useless for ODF (@xml:base) diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4 new file mode 100644 index 000000000000..831dc0c6f439 --- /dev/null +++ b/m4/libgcrypt.m4 @@ -0,0 +1,123 @@ +dnl Autoconf macros for libgcrypt +dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc. +dnl +dnl This file is free software; as a special exception the author gives +dnl unlimited permission to copy and/or distribute it, with or without +dnl modifications, as long as this notice is preserved. +dnl +dnl This file is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the +dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + +dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, +dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) +dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. +dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed +dnl with the API version to also check the API compatibility. Example: +dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed +dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using +dnl this features allows to prevent build against newer versions of libgcrypt +dnl with a changed API. +dnl +AC_DEFUN([AM_PATH_LIBGCRYPT], +[ AC_ARG_WITH(libgcrypt-prefix, + AC_HELP_STRING([--with-libgcrypt-prefix=PFX], + [prefix where LIBGCRYPT is installed (optional)]), + libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") + if test x$libgcrypt_config_prefix != x ; then + if test x${LIBGCRYPT_CONFIG+set} != xset ; then + LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config + fi + fi + + AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) + tmp=ifelse([$1], ,1:1.2.0,$1) + if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then + req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` + min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` + else + req_libgcrypt_api=0 + min_libgcrypt_version="$tmp" + fi + + AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) + ok=no + if test "$LIBGCRYPT_CONFIG" != "no" ; then + req_major=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` + req_minor=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` + req_micro=`echo $min_libgcrypt_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` + libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` + major=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` + minor=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` + micro=`echo $libgcrypt_config_version | \ + sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` + if test "$major" -gt "$req_major"; then + ok=yes + else + if test "$major" -eq "$req_major"; then + if test "$minor" -gt "$req_minor"; then + ok=yes + else + if test "$minor" -eq "$req_minor"; then + if test "$micro" -ge "$req_micro"; then + ok=yes + fi + fi + fi + fi + fi + fi + if test $ok = yes; then + AC_MSG_RESULT([yes ($libgcrypt_config_version)]) + else + AC_MSG_RESULT(no) + fi + if test $ok = yes; then + # If we have a recent libgcrypt, we should also check that the + # API is compatible + if test "$req_libgcrypt_api" -gt 0 ; then + tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` + if test "$tmp" -gt 0 ; then + AC_MSG_CHECKING([LIBGCRYPT API version]) + if test "$req_libgcrypt_api" -eq "$tmp" ; then + AC_MSG_RESULT([okay]) + else + ok=no + AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp]) + fi + fi + fi + fi + if test $ok = yes; then + LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` + LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` + ifelse([$2], , :, [$2]) + if test x"$host" != x ; then + libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` + if test x"$libgcrypt_config_host" != xnone ; then + if test x"$libgcrypt_config_host" != x"$host" ; then + AC_MSG_WARN([[ +*** +*** The config script $LIBGCRYPT_CONFIG was +*** built for $libgcrypt_config_host and thus may not match the +*** used host $host. +*** You may want to use the configure option --with-libgcrypt-prefix +*** to specify a matching config script. +***]]) + fi + fi + fi + else + LIBGCRYPT_CFLAGS="" + LIBGCRYPT_LIBS="" + ifelse([$3], , :, [$3]) + fi + AC_SUBST(LIBGCRYPT_CFLAGS) + AC_SUBST(LIBGCRYPT_LIBS) +]) diff --git a/neon/Library_neon.mk b/neon/Library_neon.mk index bc5fe25af1b2..2dad2ed8f30a 100644 --- a/neon/Library_neon.mk +++ b/neon/Library_neon.mk @@ -12,7 +12,9 @@ $(eval $(call gb_Library_Library,neon)) $(eval $(call gb_Library_use_unpacked,neon,neon)) $(eval $(call gb_Library_use_externals,neon,\ + gnutls \ libxml2 \ + libgcrypt \ openssl \ openssl_headers \ zlib \ @@ -56,8 +58,19 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\ UnpackedTarball/neon/src/ne_utils \ UnpackedTarball/neon/src/ne_xml \ UnpackedTarball/neon/src/ne_xmlreq \ +)) + + +ifneq ($(DISABLE_OPENSSL),YES) +$(eval $(call gb_Library_add_generated_cobjects,neon,\ UnpackedTarball/neon/src/ne_openssl \ )) +else +$(eval $(call gb_Library_add_generated_cobjects,neon,\ + UnpackedTarball/neon/src/ne_gnutls \ +)) +endif + ifeq ($(OS),WNT) $(eval $(call gb_Library_use_system_win32_libs,neon,\ @@ -76,9 +89,11 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\ )) else +ifneq ($(DISABLE_OPENSSL),YES) $(eval $(call gb_Library_add_generated_cobjects,neon,\ UnpackedTarball/neon/src/ne_ntlm \ )) +endif endif diff --git a/neon/UnpackedTarball_neon.mk b/neon/UnpackedTarball_neon.mk index a099718ec50a..a6cb87b54e19 100644 --- a/neon/UnpackedTarball_neon.mk +++ b/neon/UnpackedTarball_neon.mk @@ -20,6 +20,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,neon,0)) $(eval $(call gb_UnpackedTarball_add_patches,neon,\ neon/neon.patch \ neon/neon_ne_set_request_flag.patch \ + neon/neon_with_gnutls.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/neon/configs/config.h b/neon/configs/config.h index db68aa289ac8..b0fdf22559e3 100644 --- a/neon/configs/config.h +++ b/neon/configs/config.h @@ -79,23 +79,25 @@ #define HAVE_GETSOCKOPT 1 #endif +#ifdef DISABLE_OPENSSL /* Define if GnuTLS support is enabled */ -/* #undef HAVE_GNUTLS */ +#define HAVE_GNUTLS /* Define to 1 if you have the `gnutls_certificate_get_x509_cas' function. */ /* #undef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS */ /* Define to 1 if you have the `gnutls_certificate_verify_peers2' function. */ -/* #undef HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 */ +#define HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 /* Define to 1 if you have the `gnutls_session_get_data2' function. */ -/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */ +#define HAVE_GNUTLS_SESSION_GET_DATA2 /* Define to 1 if you have the `gnutls_sign_callback_set' function. */ -/* #undef HAVE_GNUTLS_SIGN_CALLBACK_SET */ +#define HAVE_GNUTLS_SIGN_CALLBACK_SET /* Define to 1 if you have the `gnutls_x509_dn_get_rdn_ava' function. */ -/* #undef HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ +#define HAVE_GNUTLS_X509_DN_GET_RDN_AVA +#endif /* DISABLE_OPENSSL */ /* Define if GSSAPI support is enabled */ /* #undef HAVE_GSSAPI */ @@ -179,6 +181,7 @@ #define HAVE_NETINET_TCP_H 1 #endif +#ifndef DISABLE_OPENSSL /* Define if NTLM is supported */ #ifndef WIN32 #define HAVE_NTLM 1 @@ -192,6 +195,7 @@ /* Define to 1 if you have the <openssl/ssl.h> header file. */ #define HAVE_OPENSSL_SSL_H 1 +#endif /* !DISABLE_OPENSSL */ /* Define if pakchois library supported */ /* #undef HAVE_PAKCHOIS */ diff --git a/neon/neon_with_gnutls.patch b/neon/neon_with_gnutls.patch new file mode 100644 index 000000000000..ed8b7faadebf --- /dev/null +++ b/neon/neon_with_gnutls.patch @@ -0,0 +1,29 @@ +--- src/ne_gnutls.c 2009-12-02 23:40:41.000000000 +0200 ++++ src/ne_gnutls.c 2013-03-29 13:41:00.429857276 +0200 +@@ -48,6 +48,26 @@ + #include <iconv.h> + #endif + ++ ++/* GnuTLS removed these symbols from 2.99.0. ++ * ++ * This is a dodgy solution to avoid further patching of neon ++ * sources */ ++#if LIBGNUTLS_VERSION_NUMBER >= 0x026300 ++# define gnutls_pkcs12 gnutls_pkcs12_t ++# define gnutls_pkcs12_bag gnutls_pkcs12_bag_t ++# define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t ++# define gnutls_certificate_verify_peers(_ssl) ({ \ ++ int __status_ ## __LINE__ = 0; \ ++ gnutls_certificate_verify_peers2((_ssl), &__status_ ## __LINE__) == 0 \ ++ ? __status_ ## __LINE__ : -1; \ ++ }) ++#elif LIBGNUTLS_VERSION_NUMBER >= 0x020303 ++/* GnuTLS had these symbols since 2.3.3. */ ++# define HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#endif /* LIBGNUTLS_VERSION_NUMBER */ ++ ++ + #include "ne_ssl.h" + #include "ne_string.h" + #include "ne_session.h" |