mirror of
https://github.com/OpenVPN/openvpn.git
synced 2026-06-09 00:42:51 -04:00
build: proper pkcs11-helper detection and usage
Signed-off-by: Alon Bar-Lev <alon.barlev@gmail.com> Acked-by: Samuli Seppänen <samuli@openvpn.net> Signed-off-by: David Sommerseth <davids@redhat.com>
This commit is contained in:
Alon Bar-Lev
David Sommerseth
parent
e06832a7ed
commit
18b5fbdfb3
5 changed files with 26 additions and 41 deletions
49
configure.ac
49
configure.ac
|
|
@ -111,9 +111,9 @@ AC_ARG_ENABLE(
|
|||
|
||||
AC_ARG_ENABLE(
|
||||
[pkcs11],
|
||||
[AS_HELP_STRING([--disable-pkcs11], [disable pkcs11 support])],
|
||||
[AS_HELP_STRING([--enable-pkcs11], [enable pkcs11 support])],
|
||||
,
|
||||
[enable_pkcs11="yes"]
|
||||
[enable_pkcs11="no"]
|
||||
)
|
||||
|
||||
AC_ARG_ENABLE(
|
||||
|
|
@ -253,19 +253,6 @@ AC_ARG_WITH(
|
|||
[LDFLAGS="$LDFLAGS -L$withval"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(
|
||||
[pkcs11-helper-headers],
|
||||
[AS_HELP_STRING([--with-pkcs11-helper-headers=DIR], [pkcs11-helper Include files location])],
|
||||
[PKCS11_HELPER_HDR_DIR="$withval"]
|
||||
[CPPFLAGS="$CPPFLAGS -I$withval"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(
|
||||
[pkcs11-helper-lib],
|
||||
[AS_HELP_STRING([--with-pkcs11-helper-lib=DIR], [pkcs11-helper Library location])],
|
||||
[LDFLAGS="$LDFLAGS -L$withval"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(
|
||||
[mem-check],
|
||||
[AS_HELP_STRING([--with-mem-check=TYPE], [build with debug memory checking, TYPE=dmalloc|valgrind|ssl])],
|
||||
|
|
@ -719,22 +706,12 @@ if test "${enable_lzo_stub}" = "yes"; then
|
|||
AC_DEFINE([LZO_STUB], [1], [Enable LZO stub capability])
|
||||
fi
|
||||
|
||||
dnl
|
||||
dnl enable pkcs11 capability
|
||||
dnl
|
||||
if test "${enable_pkcs11}" = "yes"; then
|
||||
AC_CHECKING([for pkcs11-helper Library and Header files])
|
||||
AC_CHECK_HEADER(pkcs11-helper-1.0/pkcs11h-core.h,
|
||||
[AC_CHECK_LIB(pkcs11-helper, pkcs11h_initialize,
|
||||
[
|
||||
AC_DEFINE(USE_PKCS11, 1, [Enable PKCS11 capability])
|
||||
LIBS="${LIBS} -lpkcs11-helper"
|
||||
],
|
||||
[AC_MSG_RESULT([pkcs11-helper library not found.])]
|
||||
)],
|
||||
[AC_MSG_RESULT([pkcs11-helper headers not found.])]
|
||||
)
|
||||
fi
|
||||
PKG_CHECK_MODULES(
|
||||
[PKCS11_HELPER],
|
||||
[libpkcs11-helper-1 >= 1.02],
|
||||
[have_pkcs11_helper="yes"],
|
||||
[]
|
||||
)
|
||||
|
||||
dnl
|
||||
dnl check for SSL-crypto library
|
||||
|
|
@ -890,6 +867,14 @@ if test "${enable_selinux}" = "yes"; then
|
|||
AC_DEFINE([ENABLE_SELINUX], [1], [SELinux support])
|
||||
fi
|
||||
|
||||
if test "${enable_pkcs11}" = "yes"; then
|
||||
test "${have_pkcs11_helper}" != "yes" && AC_MSG_ERROR([PKCS11 enabled but libpkcs11-helper is missing])
|
||||
test "${enable_ssl}" != "yes" && AC_MSG_ERROR([PKCS11 can be enabled only if SSL is enabled])
|
||||
OPTIONAL_PKCS11_HELPER_CFLAGS="${PKCS11_HELPER_CFLAGS}"
|
||||
OPTIONAL_PKCS11_HELPER_LIBS="${PKCS11_HELPER_LIBS}"
|
||||
AC_DEFINE([ENABLE_PKCS11], [1], [Enable PKCS11])
|
||||
fi
|
||||
|
||||
if test "${enable_pedantic}" = "yes"; then
|
||||
enable_strict="yes"
|
||||
CFLAGS="${CFLAGS} -ansi -pedantic"
|
||||
|
|
@ -917,6 +902,8 @@ AC_SUBST([TAP_WIN_MIN_MINOR])
|
|||
|
||||
AC_SUBST([OPTIONAL_DL_LIBS])
|
||||
AC_SUBST([OPTIONAL_SELINUX_LIBS])
|
||||
AC_SUBST([OPTIONAL_PKCS11_HELPER_CFLAGS])
|
||||
AC_SUBST([OPTIONAL_PKCS11_HELPER_LIBS])
|
||||
|
||||
AM_CONDITIONAL([WIN32], [test "${WIN32}" = "yes"])
|
||||
|
||||
|
|
|
|||
|
|
@ -52,8 +52,8 @@ Requires: openssl >= 0.9.6
|
|||
%{!?without_pam:BuildRequires: pam-devel}
|
||||
%{!?without_pam:Requires: pam}
|
||||
|
||||
%{!?with_pkcs11:BuildRequires: pkcs11-helper-devel}
|
||||
%{!?with_pkcs11:Requires: pkcs11-helper}
|
||||
%{?with_pkcs11:BuildRequires: pkcs11-helper-devel}
|
||||
%{?with_pkcs11:Requires: pkcs11-helper}
|
||||
|
||||
#
|
||||
# Description
|
||||
|
|
@ -111,6 +111,7 @@ Development support for OpenVPN.
|
|||
--docdir="%{_docdir}/%{name}-%{version}" \
|
||||
%{?with_password_save:--enable-password-save} \
|
||||
%{?without_lzo:--disable-lzo} \
|
||||
%{?with_pkcs11:--enable-pkcs11} \
|
||||
%{?with_kerberos:--with-ssl-headers=/usr/kerberos/include}
|
||||
%__make
|
||||
|
||||
|
|
|
|||
|
|
@ -16,6 +16,9 @@ MAINTAINERCLEANFILES = \
|
|||
|
||||
INCLUDES = -I$(top_srcdir)/include
|
||||
|
||||
AM_CFLAGS = \
|
||||
$(OPTIONAL_PKCS11_HELPER_CFLAGS)
|
||||
|
||||
sbin_PROGRAMS = openvpn
|
||||
|
||||
openvpn_SOURCES = \
|
||||
|
|
@ -97,6 +100,7 @@ openvpn_SOURCES = \
|
|||
cryptoapi.h cryptoapi.c
|
||||
openvpn_LDADD = \
|
||||
$(SOCKETS_LIBS) \
|
||||
$(OPTIONAL_PKCS11_HELPER_LIBS) \
|
||||
$(OPTIONAL_SELINUX_LIBS) \
|
||||
$(OPTIONAL_DL_LIBS)
|
||||
if WIN32
|
||||
|
|
|
|||
|
|
@ -264,7 +264,7 @@ ssl_purge_auth (const bool auth_user_pass_only)
|
|||
{
|
||||
if (!auth_user_pass_only)
|
||||
{
|
||||
#ifdef USE_PKCS11
|
||||
#ifdef ENABLE_PKCS11
|
||||
pkcs11_logout ();
|
||||
#endif
|
||||
purge_user_pass (&passbuf, true);
|
||||
|
|
|
|||
|
|
@ -589,13 +589,6 @@ socket_defined (const socket_descriptor_t sd)
|
|||
#define GENERAL_PROXY_SUPPORT
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Do we have PKCS11 capability?
|
||||
*/
|
||||
#if defined(USE_PKCS11) && defined(USE_CRYPTO) && defined(USE_SSL)
|
||||
#define ENABLE_PKCS11
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Do we have CryptoAPI capability?
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in a new issue