Kaydet (Commit) 48d49759 authored tarafından Andres Gomez's avatar Andres Gomez Kaydeden (comit) David Tardon

neon: honor --disable-openssl and use GNUTLS

On --disable-openssl, the bundled neon library
will link against GNUTLS + gcrypt instead of
OpenSSL.

Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4
Reviewed-on: https://gerrit.libreoffice.org/3330Reviewed-by: 's avatarDavid Tardon <dtardon@redhat.com>
Tested-by: 's avatarDavid Tardon <dtardon@redhat.com>
üst f3f9db6d
......@@ -1262,6 +1262,40 @@ endif # SYSTEM_OPENSSL
endif # DISABLE_OPENSSL
ifeq ($(DISABLE_OPENSSL),YES)
define gb_LinkTarget__use_gnutls
$(call gb_LinkTarget_set_include,$(1),\
$$(INCLUDE) \
$(GNUTLS_CFLAGS) \
)
$(call gb_LinkTarget_add_defs,$(1),\
-DDISABLE_OPENSSL \
)
$(call gb_LinkTarget_add_libs,$(1),$(GNUTLS_LIBS))
endef
define gb_LinkTarget__use_libgcrypt
$(call gb_LinkTarget_set_include,$(1),\
$$(INCLUDE) \
$(LIBGCRYPT_CFLAGS) \
)
$(call gb_LinkTarget_add_libs,$(1),$(LIBGCRYPT_LIBS))
endef
else # !DISABLE_OPENSSL
gb_LinkTarget__use_gnutls:=
gb_LinkTarget__use_libgcrypt:=
endif # DISABLE_OPENSSL
ifeq ($(SYSTEM_CDR),YES)
define gb_LinkTarget__use_cdr
......
......@@ -182,6 +182,8 @@ export GIT_REFERENCE_SRC=@GIT_REFERENCE_SRC@
export GIT_NEEDED_SUBMODULES=@GIT_NEEDED_SUBMODULES@
export GNOMEVFS_CFLAGS=$(gb_SPACE)@GNOMEVFS_CFLAGS@
export GNOMEVFS_LIBS=$(gb_SPACE)@GNOMEVFS_LIBS@
export GNUTLS_CFLAGS=$(gb_SPACE)@GNUTLS_CFLAGS@
export GNUTLS_LIBS=$(gb_SPACE)@GNUTLS_LIBS@
export PARALLELISM?=@PARALLELISM@
@x_GNUCP@ export GNUCOPY=@GNUCP@
export GNUMAKE=@GNUMAKE@
......@@ -289,6 +291,8 @@ export LIBEXTTEXTCAT_CFLAGS=$(gb_SPACE)@LIBEXTTEXTCAT_CFLAGS@
export LIBEXTTEXTCAT_LIBS=$(gb_SPACE)@LIBEXTTEXTCAT_LIBS@
export LIBFONTS_JAR=@LIBFONTS_JAR@
export LIBFORMULA_JAR=@LIBFORMULA_JAR@
export LIBGCRYPT_CFLAGS=@LIBGCRYPT_CFLAGS@
export LIBGCRYPT_LIBS=@LIBGCRYPT_LIBS@
export LIBLANGTAG_CFLAGS=$(gb_SPACE)@LIBLANGTAG_CFLAGS@
export LIBLANGTAG_LIBS=$(gb_SPACE)@LIBLANGTAG_LIBS@
export LIBLAYOUT_JAR=@LIBLAYOUT_JAR@
......
......@@ -8579,6 +8579,21 @@ fi
AC_SUBST([DISABLE_OPENSSL])
dnl ===================================================================
dnl Check for building gnutls
dnl ===================================================================
AC_MSG_CHECKING([whether to use gnutls])
if test "$enable_neon" != "no" && test "$enable_openssl" = "no"; then
AC_MSG_RESULT([yes])
AM_PATH_LIBGCRYPT()
PKG_CHECK_MODULES(GNUTLS, [gnutls],,
AC_MSG_ERROR([Disabling OpenSSL was requested, but GNUTLS is not
available in the system to use as replacement.]))
fi
AC_SUBST([LIBGCRYPT_CFLAGS])
AC_SUBST([LIBGCRYPT_LIBS])
dnl ===================================================================
dnl Check for system redland
dnl ===================================================================
......
dnl Autoconf macros for libgcrypt
dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc.
dnl
dnl This file is free software; as a special exception the author gives
dnl unlimited permission to copy and/or distribute it, with or without
dnl modifications, as long as this notice is preserved.
dnl
dnl This file is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS.
dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
dnl with the API version to also check the API compatibility. Example:
dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
if test x$libgcrypt_config_prefix != x ; then
if test x${LIBGCRYPT_CONFIG+set} != xset ; then
LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
fi
fi
AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
else
req_libgcrypt_api=0
min_libgcrypt_version="$tmp"
fi
AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version)
ok=no
if test "$LIBGCRYPT_CONFIG" != "no" ; then
req_major=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_libgcrypt_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version`
major=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
micro=`echo $libgcrypt_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
if test "$major" -gt "$req_major"; then
ok=yes
else
if test "$major" -eq "$req_major"; then
if test "$minor" -gt "$req_minor"; then
ok=yes
else
if test "$minor" -eq "$req_minor"; then
if test "$micro" -ge "$req_micro"; then
ok=yes
fi
fi
fi
fi
fi
fi
if test $ok = yes; then
AC_MSG_RESULT([yes ($libgcrypt_config_version)])
else
AC_MSG_RESULT(no)
fi
if test $ok = yes; then
# If we have a recent libgcrypt, we should also check that the
# API is compatible
if test "$req_libgcrypt_api" -gt 0 ; then
tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0`
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([LIBGCRYPT API version])
if test "$req_libgcrypt_api" -eq "$tmp" ; then
AC_MSG_RESULT([okay])
else
ok=no
AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp])
fi
fi
fi
fi
if test $ok = yes; then
LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags`
LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs`
ifelse([$2], , :, [$2])
if test x"$host" != x ; then
libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none`
if test x"$libgcrypt_config_host" != xnone ; then
if test x"$libgcrypt_config_host" != x"$host" ; then
AC_MSG_WARN([[
***
*** The config script $LIBGCRYPT_CONFIG was
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
*** to specify a matching config script.
***]])
fi
fi
fi
else
LIBGCRYPT_CFLAGS=""
LIBGCRYPT_LIBS=""
ifelse([$3], , :, [$3])
fi
AC_SUBST(LIBGCRYPT_CFLAGS)
AC_SUBST(LIBGCRYPT_LIBS)
])
......@@ -12,7 +12,9 @@ $(eval $(call gb_Library_Library,neon))
$(eval $(call gb_Library_use_unpacked,neon,neon))
$(eval $(call gb_Library_use_externals,neon,\
gnutls \
libxml2 \
libgcrypt \
openssl \
openssl_headers \
zlib \
......@@ -56,8 +58,19 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_utils \
UnpackedTarball/neon/src/ne_xml \
UnpackedTarball/neon/src/ne_xmlreq \
))
ifneq ($(DISABLE_OPENSSL),YES)
$(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_openssl \
))
else
$(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_gnutls \
))
endif
ifeq ($(OS),WNT)
$(eval $(call gb_Library_use_system_win32_libs,neon,\
......@@ -76,9 +89,11 @@ $(eval $(call gb_Library_add_generated_cobjects,neon,\
))
else
ifneq ($(DISABLE_OPENSSL),YES)
$(eval $(call gb_Library_add_generated_cobjects,neon,\
UnpackedTarball/neon/src/ne_ntlm \
))
endif
endif
......
......@@ -20,6 +20,7 @@ $(eval $(call gb_UnpackedTarball_set_patchlevel,neon,0))
$(eval $(call gb_UnpackedTarball_add_patches,neon,\
neon/neon.patch \
neon/neon_ne_set_request_flag.patch \
neon/neon_with_gnutls.patch \
))
# vim: set noet sw=4 ts=4:
......@@ -79,23 +79,25 @@
#define HAVE_GETSOCKOPT 1
#endif
#ifdef DISABLE_OPENSSL
/* Define if GnuTLS support is enabled */
/* #undef HAVE_GNUTLS */
#define HAVE_GNUTLS
/* Define to 1 if you have the `gnutls_certificate_get_x509_cas' function. */
/* #undef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS */
/* Define to 1 if you have the `gnutls_certificate_verify_peers2' function. */
/* #undef HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 */
#define HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2
/* Define to 1 if you have the `gnutls_session_get_data2' function. */
/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */
#define HAVE_GNUTLS_SESSION_GET_DATA2
/* Define to 1 if you have the `gnutls_sign_callback_set' function. */
/* #undef HAVE_GNUTLS_SIGN_CALLBACK_SET */
#define HAVE_GNUTLS_SIGN_CALLBACK_SET
/* Define to 1 if you have the `gnutls_x509_dn_get_rdn_ava' function. */
/* #undef HAVE_GNUTLS_X509_DN_GET_RDN_AVA */
#define HAVE_GNUTLS_X509_DN_GET_RDN_AVA
#endif /* DISABLE_OPENSSL */
/* Define if GSSAPI support is enabled */
/* #undef HAVE_GSSAPI */
......@@ -179,6 +181,7 @@
#define HAVE_NETINET_TCP_H 1
#endif
#ifndef DISABLE_OPENSSL
/* Define if NTLM is supported */
#ifndef WIN32
#define HAVE_NTLM 1
......@@ -192,6 +195,7 @@
/* Define to 1 if you have the <openssl/ssl.h> header file. */
#define HAVE_OPENSSL_SSL_H 1
#endif /* !DISABLE_OPENSSL */
/* Define if pakchois library supported */
/* #undef HAVE_PAKCHOIS */
......
--- src/ne_gnutls.c 2009-12-02 23:40:41.000000000 +0200
+++ src/ne_gnutls.c 2013-03-29 13:41:00.429857276 +0200
@@ -48,6 +48,26 @@
#include <iconv.h>
#endif
+
+/* GnuTLS removed these symbols from 2.99.0.
+ *
+ * This is a dodgy solution to avoid further patching of neon
+ * sources */
+#if LIBGNUTLS_VERSION_NUMBER >= 0x026300
+# define gnutls_pkcs12 gnutls_pkcs12_t
+# define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
+# define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
+# define gnutls_certificate_verify_peers(_ssl) ({ \
+ int __status_ ## __LINE__ = 0; \
+ gnutls_certificate_verify_peers2((_ssl), &__status_ ## __LINE__) == 0 \
+ ? __status_ ## __LINE__ : -1; \
+ })
+#elif LIBGNUTLS_VERSION_NUMBER >= 0x020303
+/* GnuTLS had these symbols since 2.3.3. */
+# define HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
+#endif /* LIBGNUTLS_VERSION_NUMBER */
+
+
#include "ne_ssl.h"
#include "ne_string.h"
#include "ne_session.h"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment