When polarssl is compiled without pkcs11 support, or a required
pkcs11-helper library is missing, configure will now issue an error.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1363942465-3251-7-git-send-email-steffan.karger@fox-it.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7441
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -726,6 +726,13 @@ case "${with_mem_check}" in |
726 | 726 |
esac |
727 | 727 |
|
728 | 728 |
PKG_CHECK_MODULES( |
729 |
+ [PKCS11_HELPER], |
|
730 |
+ [libpkcs11-helper-1 >= 1.02], |
|
731 |
+ [have_pkcs11_helper="yes"], |
|
732 |
+ [] |
|
733 |
+) |
|
734 |
+ |
|
735 |
+PKG_CHECK_MODULES( |
|
729 | 736 |
[OPENSSL_CRYPTO], |
730 | 737 |
[libcrypto >= 0.9.6], |
731 | 738 |
[have_openssl_crypto="yes"], |
... | ... |
@@ -789,9 +796,11 @@ if test -z "${POLARSSL_LIBS}"; then |
789 | 789 |
[polarssl], |
790 | 790 |
[aes_crypt_cbc], |
791 | 791 |
, |
792 |
- [have_polarssl_crypto="no"] |
|
792 |
+ [have_polarssl_crypto="no"], |
|
793 |
+ [${PKCS11_HELPER_LIBS}] |
|
793 | 794 |
) |
794 |
- ] |
|
795 |
+ ], |
|
796 |
+ [${PKCS11_HELPER_LIBS}] |
|
795 | 797 |
) |
796 | 798 |
fi |
797 | 799 |
|
... | ... |
@@ -806,14 +815,44 @@ if test "${with_crypto_library}" = "polarssl" ; then |
806 | 806 |
]], |
807 | 807 |
[[ |
808 | 808 |
#if POLARSSL_VERSION_NUMBER < 0x01020500 |
809 |
-#error invalid version PolarSSL-1.2.5 or newer required |
|
809 |
+#error invalid version |
|
810 | 810 |
#endif |
811 | 811 |
]] |
812 | 812 |
)], |
813 | 813 |
[AC_MSG_RESULT([ok])], |
814 |
- [AC_MSG_ERROR([invalid polarssl version])] |
|
814 |
+ [AC_MSG_ERROR([PolarSSL 1.2.5 or newer required])] |
|
815 | 815 |
) |
816 |
+ |
|
817 |
+ polarssl_with_pkcs11="no" |
|
818 |
+ AC_COMPILE_IFELSE( |
|
819 |
+ [AC_LANG_PROGRAM( |
|
820 |
+ [[ |
|
821 |
+#include <polarssl/config.h> |
|
822 |
+ ]], |
|
823 |
+ [[ |
|
824 |
+#ifndef POLARSSL_PKCS11_C |
|
825 |
+#error pkcs11 wrapper missing |
|
826 |
+#endif |
|
827 |
+ ]] |
|
828 |
+ )], |
|
829 |
+ polarssl_with_pkcs11="yes") |
|
816 | 830 |
CFLAGS="${old_CFLAGS}" |
831 |
+ |
|
832 |
+ AC_MSG_CHECKING([polarssl pkcs11 support]) |
|
833 |
+ if test "${enable_pkcs11}" = "yes"; then |
|
834 |
+ if test "${polarssl_with_pkcs11}" = "yes"; then |
|
835 |
+ AC_MSG_RESULT([ok]) |
|
836 |
+ else |
|
837 |
+ AC_MSG_ERROR([polarssl has no pkcs11 wrapper compiled in]) |
|
838 |
+ fi |
|
839 |
+ else |
|
840 |
+ if test "${polarssl_with_pkcs11}" != "yes"; then |
|
841 |
+ AC_MSG_RESULT([ok]) |
|
842 |
+ else |
|
843 |
+ AC_MSG_ERROR([PolarSSL compiled with PKCS11, while OpenVPN is not]) |
|
844 |
+ fi |
|
845 |
+ fi |
|
846 |
+ |
|
817 | 847 |
fi |
818 | 848 |
|
819 | 849 |
AC_ARG_VAR([LZO_CFLAGS], [C compiler flags for lzo]) |
... | ... |
@@ -856,13 +895,6 @@ if test "${have_lzo}" = "yes"; then |
856 | 856 |
CFLAGS="${saved_CFLAGS}" |
857 | 857 |
fi |
858 | 858 |
|
859 |
-PKG_CHECK_MODULES( |
|
860 |
- [PKCS11_HELPER], |
|
861 |
- [libpkcs11-helper-1 >= 1.02], |
|
862 |
- [have_pkcs11_helper="yes"], |
|
863 |
- [] |
|
864 |
-) |
|
865 |
- |
|
866 | 859 |
AC_MSG_CHECKING([git checkout]) |
867 | 860 |
GIT_CHECKOUT="no" |
868 | 861 |
if test -n "${GIT}" -a -d "${srcdir}/.git"; then |