diff options
author | Damien Miller <djm@mindrot.org> | 2019-11-01 13:34:49 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-01 13:35:34 +1100 |
commit | 764d51e04460ec0da12e05e4777bc90c116accb9 (patch) | |
tree | 7bd6cd697ffcf62cea723059bebd1968cef8cb32 /configure.ac | |
parent | 45f17a159acfc5a8e450bfbcc2cffe72950ed7a3 (diff) |
autoconf pieces for U2F support
Mostly following existing logic for PKCS#11 - turning off support
when either libcrypto or dlopen(3) are unavailable.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 57 |
1 files changed, 48 insertions, 9 deletions
diff --git a/configure.ac b/configure.ac index 9b4a7ee62..8f007e635 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1878,16 +1878,53 @@ AC_ARG_ENABLE([pkcs11], | |||
1878 | ] | 1878 | ] |
1879 | ) | 1879 | ) |
1880 | 1880 | ||
1881 | # PKCS11 depends on OpenSSL. | 1881 | disable_sk= |
1882 | if test "x$openssl" = "xyes" && test "x$disable_pkcs11" = "x"; then | 1882 | AC_ARG_ENABLE([security-key], |
1883 | # PKCS#11 support requires dlopen() and co | 1883 | [ --disable-security-key disable U2F/FIDO support code [no]], |
1884 | AC_SEARCH_LIBS([dlopen], [dl], | 1884 | [ |
1885 | AC_CHECK_DECL([RTLD_NOW], | 1885 | if test "x$enableval" = "xno" ; then |
1886 | AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]), | 1886 | disable_sk=1 |
1887 | [], [#include <dlfcn.h>] | 1887 | fi |
1888 | ) | 1888 | ] |
1889 | ) | 1889 | ) |
1890 | |||
1891 | # PKCS11/U2F depend on OpenSSL and dlopen(). | ||
1892 | AC_SEARCH_LIBS([dlopen], [dl]) | ||
1893 | AC_CHECK_FUNCS([dlopen]) | ||
1894 | AC_CHECK_DECL([RTLD_NOW], [], [], [#include <dlfcn.h>]) | ||
1895 | |||
1896 | enable_pkcs11=yes | ||
1897 | enable_sk=yes | ||
1898 | if test "x$openssl" != "xyes" ; then | ||
1899 | enable_pkcs11="disabled; missing libcrypto" | ||
1900 | enable_sk="disabled; missing libcrypto" | ||
1901 | fi | ||
1902 | if test "x$ac_cv_func_dlopen" != "xyes" ; then | ||
1903 | enable_pkcs11="disabled; missing dlopen(3)" | ||
1904 | enable_sk="disabled; missing dlopen(3)" | ||
1905 | fi | ||
1906 | if test "x$ac_cv_have_decl_RTLD_NOW" != "xyes" ; then | ||
1907 | enable_pkcs11="disabled; missing RTLD_NOW" | ||
1908 | enable_sk="disabled; missing RTLD_NOW" | ||
1909 | fi | ||
1910 | if test ! -z "$disable_pkcs11" ; then | ||
1911 | enable_pkcs11="disabled by user" | ||
1912 | fi | ||
1913 | if test ! -z "$disable_sk" ; then | ||
1914 | enable_sk="disabled by user" | ||
1915 | fi | ||
1916 | |||
1917 | AC_MSG_CHECKING([whether to enable PKCS11]) | ||
1918 | if test "x$enable_pkcs11" = "xyes" ; then | ||
1919 | AC_DEFINE([ENABLE_PKCS11], [], [Enable for PKCS#11 support]) | ||
1920 | fi | ||
1921 | AC_MSG_RESULT([$enable_pkcs11]) | ||
1922 | |||
1923 | AC_MSG_CHECKING([whether to enable U2F]) | ||
1924 | if test "x$enable_sk" = "xyes" ; then | ||
1925 | AC_DEFINE([ENABLE_SK], [], [Enable for U2F/FIDO support]) | ||
1890 | fi | 1926 | fi |
1927 | AC_MSG_RESULT([$enable_sk]) | ||
1891 | 1928 | ||
1892 | # IRIX has a const char return value for gai_strerror() | 1929 | # IRIX has a const char return value for gai_strerror() |
1893 | AC_CHECK_FUNCS([gai_strerror], [ | 1930 | AC_CHECK_FUNCS([gai_strerror], [ |
@@ -5247,6 +5284,8 @@ echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | |||
5247 | echo " BSD Auth support: $BSD_AUTH_MSG" | 5284 | echo " BSD Auth support: $BSD_AUTH_MSG" |
5248 | echo " Random number source: $RAND_MSG" | 5285 | echo " Random number source: $RAND_MSG" |
5249 | echo " Privsep sandbox style: $SANDBOX_STYLE" | 5286 | echo " Privsep sandbox style: $SANDBOX_STYLE" |
5287 | echo " PKCS#11 support: $enable_pkcs11" | ||
5288 | echo " U2F/FIDO support: $enable_sk" | ||
5250 | 5289 | ||
5251 | echo "" | 5290 | echo "" |
5252 | 5291 | ||