diff options
author | Ton Voon <tonvoon@users.sourceforge.net> | 2004-12-07 06:51:53 +0000 |
---|---|---|
committer | Ton Voon <tonvoon@users.sourceforge.net> | 2004-12-07 06:51:53 +0000 |
commit | 7d25147c1e1cadd11b6ffba18c6d6ba4bb334a7b (patch) | |
tree | e7d5f392e7a68906e3d599e0995abe06d2d5b50d | |
parent | b5b298c725f3ed6f4de02f9c624035fa37e2f56a (diff) | |
download | monitoring-plugins-7d25147c1e1cadd11b6ffba18c6d6ba4bb334a7b.tar.gz |
Better SSL checking (inspired by curl 7.12.2's configure.ac)
git-svn-id: https://nagiosplug.svn.sourceforge.net/svnroot/nagiosplug/nagiosplug/trunk@1011 f882894a-f735-0410-b71e-b25c423dba1c
-rw-r--r-- | configure.in | 200 | ||||
-rw-r--r-- | plugins/Makefile.am | 2 |
2 files changed, 139 insertions, 63 deletions
diff --git a/configure.in b/configure.in index d409b1c4..33f3e599 100644 --- a/configure.in +++ b/configure.in | |||
@@ -255,26 +255,144 @@ CPPFLAGS="$_SAVEDCPPFLAGS $MYSQLINCLUDE" | |||
255 | LIBS="$_SAVEDLIBS" | 255 | LIBS="$_SAVEDLIBS" |
256 | 256 | ||
257 | dnl Check for OpenSSL location | 257 | dnl Check for OpenSSL location |
258 | AC_PATH_PROG(OPENSSL,openssl) | 258 | dnl This whole check is inspired by curl 7.12.2's configure.ac |
259 | if test "$OPENSSL" = "/usr/bin/openssl"; then | 259 | OPT_OPENSSL=off |
260 | OPENSSL=/usr | ||
261 | elif test "$OPENSSL" = "/usr/sbin/openssl"; then | ||
262 | OPENSSL=/usr | ||
263 | elif test "$OPENSSL" = "/opt/bin/openssl"; then | ||
264 | OPENSSL=/opt | ||
265 | elif test "$OPENSSL" = "/opt/openssl/bin/openssl"; then | ||
266 | OPENSSL=/opt/openssl | ||
267 | elif test "$OPENSSL" = "/usr/slocal/bin/openssl"; then | ||
268 | OPENSSL=/usr/slocal | ||
269 | elif test "$OPENSSL" = "/usr/local/bin/openssl"; then | ||
270 | OPENSSL=/usr/local | ||
271 | elif test "$OPENSSL" = "/usr/local/ssl/bin/openssl"; then | ||
272 | OPENSSL=/usr/local/ssl | ||
273 | fi | ||
274 | AC_ARG_WITH(openssl, | 260 | AC_ARG_WITH(openssl, |
275 | ACX_HELP_STRING([--with-openssl=DIR], | 261 | AC_HELP_STRING([--with-openssl=DIR], [sets path to openssl installation]) |
276 | [sets path to openssl installation]), | 262 | AC_HELP_STRING([--without-openssl], [disable openssl]), |
277 | OPENSSL=$withval,) | 263 | OPT_OPENSSL=$withval) |
264 | |||
265 | if test X"$OPT_OPENSSL" = "Xno"; then | ||
266 | AC_MSG_WARN([openssl disabled, you will not be able to use ssl options in some plugins]) | ||
267 | else | ||
268 | dnl backup the pre-ssl variables | ||
269 | CLEANLDFLAGS="$LDFLAGS" | ||
270 | CLEANCPPFLAGS="$CPPFLAGS" | ||
271 | CLEANLIBS="$LIBS" | ||
272 | |||
273 | case "$OPT_OPENSSL" in | ||
274 | yes) | ||
275 | dnl --with-openssl (without path) used | ||
276 | PKGTEST="yes" | ||
277 | ;; | ||
278 | off) | ||
279 | dnl no --with-openssl given, check default places | ||
280 | PKGTEST="yes" | ||
281 | ;; | ||
282 | *) | ||
283 | dnl use the given area | ||
284 | PKGTEST="no" | ||
285 | OPENSSL=$OPT_OPENSSL | ||
286 | LDFLAGS="$LDFLAGS -L$OPENSSL/lib" | ||
287 | CPPFLAGS="$CPPFLAGS -I$OPENSSL/include/openssl -I$OPENSSL/include" | ||
288 | ;; | ||
289 | esac | ||
290 | |||
291 | dnl Check usual areas for openssl | ||
292 | if test "$PKGTEST" = "yes"; then | ||
293 | AC_PATH_PROG(OPENSSL,openssl) | ||
294 | # Don't think 2 tests below are necessary because /usr is always included | ||
295 | # if test "$OPENSSL" = "/usr/bin/openssl"; then | ||
296 | # OPENSSL=/usr | ||
297 | #elif test "$OPENSSL" = "/usr/sbin/openssl"; then | ||
298 | # OPENSSL=/usr | ||
299 | if test "$OPENSSL" = "/opt/bin/openssl"; then | ||
300 | OPENSSL=/opt | ||
301 | elif test "$OPENSSL" = "/opt/openssl/bin/openssl"; then | ||
302 | OPENSSL=/opt/openssl | ||
303 | elif test "$OPENSSL" = "/usr/slocal/bin/openssl"; then | ||
304 | OPENSSL=/usr/slocal | ||
305 | elif test "$OPENSSL" = "/usr/local/bin/openssl"; then | ||
306 | OPENSSL=/usr/local | ||
307 | elif test "$OPENSSL" = "/usr/local/ssl/bin/openssl"; then | ||
308 | OPENSSL=/usr/local/ssl | ||
309 | fi | ||
310 | fi | ||
311 | |||
312 | AC_CHECK_LIB(crypto, CRYPTO_lock,[ | ||
313 | HAVECRYPTO="yes" | ||
314 | ],[ | ||
315 | LDFLAGS="$CLEANLDFLAGS -L$OPENSSL/lib" | ||
316 | CPPFLAGS="$CLEANCPPFLAGS -I$OPENSSL/include/openssl -I$OPENSSL/include" | ||
317 | AC_CHECK_LIB(crypto, CRYPTO_add_lock,[ | ||
318 | HAVECRYPTO="yes" ], [ | ||
319 | LDFLAGS="$CLEANLDFLAGS" | ||
320 | CPPFLAGS="$CLEANCPPFLAGS" | ||
321 | LIBS="$CLEANLIBS" | ||
322 | ]) | ||
323 | ]) | ||
324 | |||
325 | if test "$HAVECRYPTO" = "yes"; then | ||
326 | dnl This is only reasonable to do if crypto actually is there: check for | ||
327 | dnl SSL libs NOTE: it is important to do this AFTER the crypto lib | ||
328 | |||
329 | dnl This is for Msys/Mingw | ||
330 | AC_MSG_CHECKING([for gdi32]) | ||
331 | my_ac_save_LIBS=$LIBS | ||
332 | LIBS="-lgdi32 $LIBS" | ||
333 | AC_TRY_LINK([#include <windef.h> | ||
334 | #include <wingdi.h>], | ||
335 | [GdiFlush();], | ||
336 | [ dnl worked! | ||
337 | AC_MSG_RESULT([yes])], | ||
338 | [ dnl failed, restore LIBS | ||
339 | LIBS=$my_ac_save_LIBS | ||
340 | AC_MSG_RESULT(no)] | ||
341 | ) | ||
342 | |||
343 | AC_CHECK_LIB(crypto, CRYPTO_add_lock) | ||
344 | AC_CHECK_LIB(ssl, SSL_connect) | ||
345 | |||
346 | if test "$ac_cv_lib_ssl_SSL_connect" != yes; then | ||
347 | dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff | ||
348 | AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); | ||
349 | OLIBS=$LIBS | ||
350 | LIBS="$LIBS -lRSAglue -lrsaref" | ||
351 | AC_CHECK_LIB(ssl, SSL_connect) | ||
352 | if test "$ac_cv_lib_ssl_SSL_connect" != yes; then | ||
353 | dnl still no SSL_connect | ||
354 | AC_MSG_RESULT(no) | ||
355 | LIBS=$OLIBS | ||
356 | else | ||
357 | AC_MSG_RESULT(yes) | ||
358 | fi | ||
359 | fi | ||
360 | |||
361 | |||
362 | dnl Check for SSLeay headers | ||
363 | AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ | ||
364 | openssl/pem.h openssl/ssl.h openssl/err.h, | ||
365 | OPENSSL_ENABLED=1) | ||
366 | |||
367 | if test $ac_cv_header_openssl_x509_h = no; then | ||
368 | AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h, | ||
369 | OPENSSL_ENABLED=1) | ||
370 | fi | ||
371 | |||
372 | dnl If the ENGINE library seems to be around, check for the OpenSSL engine | ||
373 | dnl header, it is kind of "separated" from the main SSL check | ||
374 | AC_CHECK_FUNC(ENGINE_init, [ AC_CHECK_HEADERS(openssl/engine.h) ]) | ||
375 | |||
376 | dnl AC_SUBST(OPENSSL_ENABLED) | ||
377 | |||
378 | dnl these can only exist if openssl exists | ||
379 | AC_CHECK_FUNCS( RAND_status \ | ||
380 | RAND_screen \ | ||
381 | RAND_egd \ | ||
382 | CRYPTO_cleanup_all_ex_data ) | ||
383 | |||
384 | fi | ||
385 | |||
386 | if test X"$OPT_OPENSSL" != Xoff && | ||
387 | test "$OPENSSL_ENABLED" != "1"; then | ||
388 | AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) | ||
389 | elif test "$OPENSSL_ENABLED" = "1"; then | ||
390 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps" | ||
391 | AC_SUBST(check_tcp_ssl) | ||
392 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) | ||
393 | with_openssl="yes" | ||
394 | fi | ||
395 | fi | ||
278 | 396 | ||
279 | AC_CHECK_HEADERS(unistd.h) | 397 | AC_CHECK_HEADERS(unistd.h) |
280 | 398 | ||
@@ -417,49 +535,6 @@ if test "$FOUNDINCLUDE" = "no"; then | |||
417 | CPPFLAGS="$_SAVEDCPPFLAGS" | 535 | CPPFLAGS="$_SAVEDCPPFLAGS" |
418 | fi | 536 | fi |
419 | 537 | ||
420 | dnl Check for OpenSSL header files | ||
421 | unset FOUNDINCLUDE | ||
422 | _SAVEDCPPFLAGS="$CPPFLAGS" | ||
423 | if test "$OPENSSL" != "/usr"; then | ||
424 | CPPFLAGS="$CPPFLAGS -I$OPENSSL/include" | ||
425 | fi | ||
426 | AC_CHECK_HEADERS(openssl/ssl.h openssl/x509.h openssl/rsa.h openssl/pem.h openssl/crypto.h openssl/err.h, | ||
427 | SSLINCLUDE="-I$OPENSSL/include" | ||
428 | FOUNDINCLUDE=yes, | ||
429 | FOUNDINCLUDE=no) | ||
430 | if test "$FOUNDINCLUDE" = "no"; then | ||
431 | AC_CHECK_HEADERS(ssl.h x509.h rsa.h pem.h crypto.h err.h, | ||
432 | SSLINCLUDE="-I$OPENSSL/include" | ||
433 | FOUNDINCLUDE=yes, | ||
434 | FOUNDINCLUDE=no) | ||
435 | fi | ||
436 | AC_SUBST(SSLINCLUDE) | ||
437 | if test "$FOUNDINCLUDE" = "no"; then | ||
438 | CPPFLAGS="$_SAVEDCPPFLAGS" | ||
439 | fi | ||
440 | |||
441 | dnl Check for crypto lib | ||
442 | _SAVEDLIBS="$LIBS" | ||
443 | AC_CHECK_LIB(crypto,CRYPTO_lock,,,-L$OPENSSL/lib) | ||
444 | if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then | ||
445 | dnl Check for SSL lib | ||
446 | AC_CHECK_LIB(ssl,main,LDFLAGS="$LDFLAGS -L$OPENSSL/lib" SSLLIBS="-lssl -lcrypto",AC_CHECK_LIB(ssl,main,LDFLAGS="$LDFLAGS -L$OPENSSL/lib" SSLLIBS="-lssl -lcrypto"),-L$OPENSSL/lib -lcrypto) | ||
447 | fi | ||
448 | LIBS="$_SAVEDLIBS" | ||
449 | |||
450 | dnl test headers and libs to decide whether check_http should use SSL | ||
451 | if test "$ac_cv_lib_crypto_CRYPTO_lock" = "yes"; then | ||
452 | if test "$ac_cv_lib_ssl_main" = "yes"; then | ||
453 | if test "$FOUNDINCLUDE" = "yes"; then | ||
454 | check_tcp_ssl="check_simap check_spop check_jabber check_nntps" | ||
455 | AC_SUBST(check_tcp_ssl) | ||
456 | AC_SUBST(SSLLIBS) | ||
457 | AC_DEFINE(HAVE_SSL,1,[Define if SSL libraries are found]) | ||
458 | fi | ||
459 | fi | ||
460 | fi | ||
461 | CPPFLAGS="$_SAVEDCPPFLAGS" | ||
462 | |||
463 | dnl | 538 | dnl |
464 | dnl Checks for header files. | 539 | dnl Checks for header files. |
465 | dnl | 540 | dnl |
@@ -1538,4 +1613,5 @@ ACX_FEATURE([with],[ping-command]) | |||
1538 | ACX_FEATURE([with],[ping6-command]) | 1613 | ACX_FEATURE([with],[ping6-command]) |
1539 | ACX_FEATURE([with],[lwres]) | 1614 | ACX_FEATURE([with],[lwres]) |
1540 | ACX_FEATURE([with],[ipv6]) | 1615 | ACX_FEATURE([with],[ipv6]) |
1616 | ACX_FEATURE([with],[openssl]) | ||
1541 | ACX_FEATURE([enable],[emulate-getaddrinfo]) | 1617 | ACX_FEATURE([enable],[emulate-getaddrinfo]) |
diff --git a/plugins/Makefile.am b/plugins/Makefile.am index ef52baf8..eb67e458 100644 --- a/plugins/Makefile.am +++ b/plugins/Makefile.am | |||
@@ -3,7 +3,7 @@ | |||
3 | VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t | 3 | VPATH = $(top_srcdir) $(top_srcdir)/lib $(top_srcdir)/plugins $(top_srcdir)/plugins/t |
4 | 4 | ||
5 | INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl \ | 5 | INCLUDES = -I.. -I$(top_srcdir)/lib -I$(top_srcdir)/intl \ |
6 | @LDAPINCLUDE@ @PGINCLUDE@ @SSLINCLUDE@ | 6 | @LDAPINCLUDE@ @PGINCLUDE@ |
7 | 7 | ||
8 | datadir = @datadir@ | 8 | datadir = @datadir@ |
9 | localedir = $(datadir)/locale | 9 | localedir = $(datadir)/locale |