commit e6ee8f53b19a9c9dc4b325d0a3673cc460224f6a
parent 1a484eda61b713fa2105bd570c86c8a085adfa67
Author: Evgeny Grin (Karlson2k) <k2k@drgrin.dev>
Date: Sun, 30 Nov 2025 20:25:54 +0100
configure: improved detection of MbedTLS
Diffstat:
| M | COPYING | | | 8 | +++----- |
| M | configure.ac | | | 463 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++------------------- |
2 files changed, 359 insertions(+), 112 deletions(-)
diff --git a/COPYING b/COPYING
@@ -12,12 +12,10 @@ available license options as follows:
* If linked only with GnuTLS, the only available license option
is the GNU Lesser General Public License version 2.1 or any
later version.
- * If linked with OpenSSL, the only available license option
- is the GNU Lesser General Public License version 3 or any later
- version.
- * If linked with both GnuTLS and OpenSSL, the only available
+ * If linked with OpenSSL, MbedTLS, or both, the only available
license option is the GNU Lesser General Public License
- version 3 or any later version.
+ version 3 or any later version; this remains the case regardless
+ of whether GnuTLS is also used in the same build.
Accordingly, in TLS-enabled builds the alternative "GNU General
Public License version 2 or any later version with the eCos 2.0
exception" option is unavailable.
diff --git a/configure.ac b/configure.ac
@@ -5767,11 +5767,12 @@ AS_IF([[test "x$enable_postparser" != "xno"]],
AM_CONDITIONAL([MHD_SUPPORT_POST_PARSER], [test "x$enable_postparser" != "xno"])
AC_MSG_RESULT([[$enable_postparser]])
-have_mbedtls=no
have_gnutls=no
have_gnutls_pkgcfg=no
have_openssl=no
have_openssl_pkgcfg=no
+have_mbedtls=no
+have_mbedtls_pkgcfg=no
multiple_tls="no"
AS_UNSET([MHD_TLS_LIB_CPPFLAGS])
AS_UNSET([MHD_TLS_LIB_LDFLAGS])
@@ -5795,6 +5796,7 @@ AS_VAR_IF([enable_http2],["yes"],
AM_CONDITIONAL([MHD_SUPPORT_HTTP2], [test "x$enable_http2" = "xyes"])
# optional: HTTPS support. Enabled if GnuTLS is available.
+PKG_PROG_PKG_CONFIG
AC_ARG_ENABLE([https],
[AS_HELP_STRING([--enable-https],
[enable HTTPS support (yes, no, auto)[auto]])],
@@ -5804,10 +5806,8 @@ AS_IF([test "x$enable_https" != "xno"],
have_gnutls_pkgcfg=no
AC_MSG_CHECKING([[how to find GnuTLS library]])
AC_ARG_WITH([[gnutls]],
- [
- AS_HELP_STRING([[--with-gnutls[=PRFX]]],
- [use GnuTLS for HTTPS support, optional PRFX overrides pkg-config data for GnuTLS headers (PRFX/include) and libs (PRFX/lib)])
- ],
+ [AS_HELP_STRING([[--with-gnutls[=PRFX]]],
+ [use GnuTLS for HTTPS support, optional PRFX overrides pkg-config data for GnuTLS headers (PRFX/include) and libs (PRFX/lib)])],
[
AS_CASE([$with_gnutls],
[no],[
@@ -5977,10 +5977,8 @@ choke me now
AC_MSG_CHECKING([[how to find OpenSSL library]])
AC_ARG_WITH([[openssl]],
- [
- AS_HELP_STRING([[--with-openssl[=PRFX]]],
- [use OpenSSL for HTTPS support, optional PRFX overrides pkg-config data for OpenSSL headers (PRFX/include) and libs (PRFX/lib)])
- ],
+ [AS_HELP_STRING([[--with-openssl[=PRFX]]],
+ [use OpenSSL for HTTPS support, optional PRFX overrides pkg-config data for OpenSSL headers (PRFX/include) and libs (PRFX/lib)])],
[
AS_CASE([$with_openssl],
[no],[
@@ -6144,115 +6142,360 @@ choke me now
]
)
- AC_MSG_CHECKING([[how to find mbedTLS library]])
+ AC_MSG_CHECKING([[how to find MbedTLS library]])
AC_ARG_WITH([[mbedtls]],
- [
- AS_HELP_STRING([[--with-mbedtls[=PRFX]]],
- [use mbedTLS for HTTPS support, optional PRFX overrides pkg-config data for mbedTLS headers (PRFX/include) and libs (PRFX/lib)])
- ],
+ [AS_HELP_STRING([[--with-mbedtls[=PRFX]]],
+ [use MbedTLS for HTTPS support, optional PRFX overrides pkg-config data for MbedTLS headers (PRFX/include) and libs (PRFX/lib)])],
[
AS_CASE([$with_mbedtls],
[no],[
have_mbedtls="no"
- AC_MSG_RESULT([[mbedTLS disabled]])
- AS_UNSET([MBEDTLS_CPPFLAGS])
- AS_UNSET([MBEDTLS_CFLAGS])
- AS_UNSET([MBEDTLS_LDFLAGS])
- AS_UNSET([MBEDTLS_LIBS])
+ have_mbedtls_pkgcfg="no"
+ AC_MSG_RESULT([[MbedTLS disabled]])
],
[yes],[
+ have_mbedtls="find"
+ have_mbedtls_pkgcfg="auto"
AC_MSG_RESULT([[automatically, forced]])
],
[
- AC_MSG_RESULT([[-I$with_mbedtls/include -L$with_mbedtls/lib -lmbedtls -lmbedx509 -lmbedcrypto]])
- LDFLAGS="${LDFLAGS_ac} -L$with_mbedtls/lib ${user_LDFLAGS}"
- CPPFLAGS="${CPPFLAGS_ac} -I$with_mbedtls/include ${user_CPPFLAGS}"
+ AC_MSG_RESULT([[-I$with_mbedtls/include -L$with_mbedtls/lib]])
+
+ AS_UNSET([MBEDTLS_FULL_CPPFLAGS])
+ AS_UNSET([MBEDTLS_FULL_CFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LDFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LIBS])
+ AS_UNSET([MBEDTLS_CRYPTO_CPPFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_LDFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_LIBS])
+ AS_UNSET([MBEDTLS_X509_CPPFLAGS])
+ AS_UNSET([MBEDTLS_X509_CFLAGS])
+ AS_UNSET([MBEDTLS_X509_LDFLAGS])
+ AS_UNSET([MBEDTLS_X509_LIBS])
+ AS_UNSET([MBEDTLS_TLS_CPPFLAGS])
+ AS_UNSET([MBEDTLS_TLS_CFLAGS])
+ AS_UNSET([MBEDTLS_TLS_LDFLAGS])
+ AS_UNSET([MBEDTLS_TLS_LIBS])
+ have_mbedtls="find"
have_mbedtls_pkgcfg="no"
- # A simple check for the working header and the library
- MHD_CHECK_FUNC([mbedtls_ssl_init],
- [[
-#include <mbedtls/ssl.h>
- ]],
- [[
- mbedtls_ssl_context ssl;
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_free(&ssl);
- ]],
- [
- have_mbedtls="yes"
- MBEDTLS_CPPFLAGS="-I$with_mbedtls/include"
- AS_UNSET([MBEDTLS_CFLAGS])
- MBEDTLS_LDFLAGS="-L$with_mbedtls/lib"
- MBEDTLS_LIBS="-lmbedtls -lmbedx509 -lmbedcrypto"
- ],
- [AC_MSG_ERROR([cannot find usable mbedTLS at specified prefix $with_mbedtls])],
- [-lmbedtls -lmbedx509 -lmbedcrypto]
- )
- CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
- CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
- LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
- ])
- ],
- [AC_MSG_RESULT([[automatically]])]
+ ]
+ )
+ ],
+ [
+ have_mbedtls_pkgcfg="auto"
+ with_mbedtls=""
+ AC_MSG_RESULT([[automatically]])
+ ]
)
AS_IF([test "x$with_mbedtls" != "xno" && test "x$have_mbedtls" != "xyes"],
[
- PKG_CHECK_MODULES([MBEDTLS], [[mbedtls >= 2.0]],
+ AS_VAR_SET_IF([MBEDTLS_CRYPTO_CFLAGS],
+ [have_user_MBEDTLS_CRYPTO_CFLAGS="yes"],
+ [have_user_MBEDTLS_CRYPTO_CFLAGS="no"]
+ )
+ AS_VAR_SET_IF([MBEDTLS_CRYPTO_LIBS],
+ [have_user_MBEDTLS_CRYPTO_LIBS="yes"],
+ [have_user_MBEDTLS_CRYPTO_LIBS="no"]
+ )
+ AS_VAR_SET_IF([MBEDTLS_X509_CFLAGS],
+ [have_user_MBEDTLS_X509_CFLAGS="yes"],
+ [have_user_MBEDTLS_X509_CFLAGS="no"]
+ )
+ AS_VAR_SET_IF([MBEDTLS_X509_LIBS],
+ [have_user_MBEDTLS_X509_LIBS="yes"],
+ [have_user_MBEDTLS_X509_LIBS="no"]
+ )
+ AS_VAR_SET_IF([MBEDTLS_TLS_CFLAGS],
+ [have_user_MBEDTLS_TLS_CFLAGS="yes"],
+ [have_user_MBEDTLS_TLS_CFLAGS="no"]
+ )
+ AS_VAR_SET_IF([MBEDTLS_TLS_LIBS],
+ [have_user_MBEDTLS_TLS_LIBS="yes"],
+ [have_user_MBEDTLS_TLS_LIBS="no"]
+ )
+ AS_IF([test "x$have_mbedtls" != "xyes" && test "x${have_mbedtls_pkgcfg}" != "xno"],
[
- CPPFLAGS="${CPPFLAGS_ac} $MBEDTLS_CFLAGS ${user_CPPFLAGS}"
- # A simple check for the working header and the library
- MHD_CHECK_FUNC([mbedtls_ssl_init],
- [[
-#include <mbedtls/ssl.h>
- ]],
- [[
- mbedtls_ssl_context ssl;
- mbedtls_ssl_init(&ssl);
- mbedtls_ssl_free(&ssl);
- ]],
+ mbedtsl_min_ver="3.0"
+ PKG_CHECK_MODULES([MBEDTLS_CRYPTO], [[mbedcrypto-4 >= 4.0]],
[
- have_mbedtls="yes"
- have_mbedtls_pkgcfg="yes"
- # MBEDTLS_CFLAGS is actually CPPFLAGS
- MBEDTLS_CPPFLAGS="$MBEDTLS_CFLAGS"
- AS_UNSET([MBEDTLS_CFLAGS])
- # MBEDTLS_LIBS is a combination of LDFLAGS and LIBS
- AS_UNSET([MBEDTLS_LDFLAGS])
- ],
+ mbedtsl_min_ver="4.0"
+ mbedtls_modules="mbedcrypto-4"
+ PKG_CHECK_MODULES([MBEDTLS_X509], [[mbedx509-4 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules}, mbedx509-4"
+ PKG_CHECK_MODULES([MBEDTLS_TLS], [[mbedtls-4 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules} and mbedtls-4"
+ have_mbedtls_pkgcfg="yes"
+ have_mbedtls="yes"
+ ],[]
+ )
+ ],[]
+ )
+ ],[]
+ )
+ AS_VAR_IF([have_mbedtls],["yes"],[:],
[
- AS_VAR_IF([with_mbedtls],["yes"],
- [AC_MSG_ERROR([cannot find usable mbedTLS])]
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_CFLAGS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_LIBS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_CFLAGS],["no"],[AS_UNSET([MBEDTLS_X509_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_LIBS],["no"],[AS_UNSET([MBEDTLS_X509_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_CFLAGS],["no"],[AS_UNSET([MBEDTLS_TLS_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_LIBS],["no"],[AS_UNSET([MBEDTLS_TLS_LIBS])])
+ PKG_CHECK_MODULES([MBEDTLS_CRYPTO], [[mbedcrypto-3 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="mbedcrypto-3"
+ PKG_CHECK_MODULES([MBEDTLS_X509], [[mbedx509-3 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules}, mbedx509-3"
+ PKG_CHECK_MODULES([MBEDTLS_TLS], [[mbedtls-3 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules} and mbedtls-3"
+ have_mbedtls_pkgcfg="yes"
+ have_mbedtls="yes"
+ ],[]
+ )
+ ],[]
+ )
+ ],[]
+ )
+ ]
+ )
+ AS_VAR_IF([have_mbedtls],["yes"],[:],
+ [
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_CFLAGS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_LIBS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_CFLAGS],["no"],[AS_UNSET([MBEDTLS_X509_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_LIBS],["no"],[AS_UNSET([MBEDTLS_X509_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_CFLAGS],["no"],[AS_UNSET([MBEDTLS_TLS_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_LIBS],["no"],[AS_UNSET([MBEDTLS_TLS_LIBS])])
+ PKG_CHECK_MODULES([MBEDTLS_CRYPTO], [[mbedcrypto >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="mbedcrypto"
+ PKG_CHECK_MODULES([MBEDTLS_X509], [[mbedx509 >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules}, mbedx509"
+ PKG_CHECK_MODULES([MBEDTLS_TLS], [[mbedtls >= ${mbedtsl_min_ver}]],
+ [
+ mbedtls_modules="${mbedtls_modules} and mbedtls"
+ have_mbedtls_pkgcfg="yes"
+ have_mbedtls="yes"
+ ],[]
+ )
+ ],[]
+ )
+ ],[]
)
- AC_MSG_WARN([pkg-config reports that mbedTLS is present, but mbedTLS cannot be used])
- AS_UNSET([MBEDTLS_CPPFLAGS])
- AS_UNSET([MBEDTLS_CFLAGS])
- AS_UNSET([MBEDTLS_LDFLAGS])
- AS_UNSET([MBEDTLS_LIBS])
+ ]
+ )
+ AS_VAR_IF([have_mbedtls],["yes"],
+ [
+ AS_UNSET([MBEDTLS_FULL_CPPFLAGS])
+ AS_UNSET([MBEDTLS_FULL_CFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LDFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LIBS])
+ # pkg-config's *_CFLAGS are actually *_CPPFLAGS
+ MBEDTLS_CRYPTO_CPPFLAGS="${MBEDTLS_CRYPTO_CFLAGS}"
+ MBEDTLS_X509_CPPFLAGS="${MBEDTLS_X509_CFLAGS}"
+ MBEDTLS_TLS_CPPFLAGS="${MBEDTLS_TLS_CFLAGS}"
+ AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])
+ AS_UNSET([MBEDTLS_X509_CFLAGS])
+ AS_UNSET([MBEDTLS_TLS_CFLAGS])
+ # pkg-config's *_LIBS are combinations of *_LDFLAGS and *_LIBS
+ AS_UNSET([MBEDTLS_CRYPTO_LDFLAGS])
+ AS_UNSET([MBEDTLS_X509_LDFLAGS])
+ AS_UNSET([MBEDTLS_TLS_LDFLAGS])
+
+ # Smart-combine three libraries flags
+ MBEDTLS_FULL_CPPFLAGS="${MBEDTLS_CRYPTO_CPPFLAGS}"
+ AS_CASE([" ${MBEDTLS_X509_CPPFLAGS} "],
+ [*" ${MBEDTLS_FULL_CPPFLAGS} "*],[:],
+ [
+ AS_CASE([" ${MBEDTLS_FULL_CPPFLAGS} "],
+ [*" ${MBEDTLS_X509_CPPFLAGS} "*],[MBEDTLS_FULL_CPPFLAGS="${MBEDTLS_X509_CPPFLAGS}"],
+ [MBEDTLS_FULL_CPPFLAGS="${MBEDTLS_FULL_CPPFLAGS} ${MBEDTLS_X509_CPPFLAGS}"]
+ )
+ ]
+ )
+ AS_CASE([" ${MBEDTLS_TLS_CPPFLAGS} "],
+ [*" ${MBEDTLS_FULL_CPPFLAGS} "*],[:],
+ [
+ AS_CASE([" ${MBEDTLS_FULL_CPPFLAGS} "],
+ [*" ${MBEDTLS_TLS_CPPFLAGS} "*],[MBEDTLS_FULL_CPPFLAGS="${MBEDTLS_TLS_CPPFLAGS}"],
+ [MBEDTLS_FULL_CPPFLAGS="${MBEDTLS_FULL_CPPFLAGS} ${MBEDTLS_TLS_CPPFLAGS}"]
+ )
+ ]
+ )
+ MBEDTLS_FULL_LIBS="${MBEDTLS_CRYPTO_LIBS}"
+ AS_CASE([" ${MBEDTLS_X509_LIBS} "],
+ [*" ${MBEDTLS_FULL_LIBS} "*],[:],
+ [
+ AS_CASE([" ${MBEDTLS_FULL_LIBS} "],
+ [*" ${MBEDTLS_X509_LIBS} "*],[MBEDTLS_FULL_LIBS="${MBEDTLS_X509_LIBS}"],
+ [MBEDTLS_FULL_LIBS="${MBEDTLS_X509_LIBS} ${MBEDTLS_FULL_LIBS}"]
+ )
+ ]
+ )
+ AS_CASE([" ${MBEDTLS_TLS_LIBS} "],
+ [*" ${MBEDTLS_FULL_LIBS} "*],[:],
+ [
+ AS_CASE([" ${MBEDTLS_FULL_LIBS} "],
+ [*" ${MBEDTLS_TLS_LIBS} "*],[MBEDTLS_FULL_LIBS="${MBEDTLS_TLS_LIBS}"],
+ [MBEDTLS_FULL_LIBS="${MBEDTLS_TLS_LIBS} ${MBEDTLS_FULL_LIBS}"]
+ )
+ ]
+ )
+
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_FULL_CPPFLAGS} ${user_CPPFLAGS}"
+
+ MHD_CHECK_FUNC([mbedtls_ssl_init],[[#include <mbedtls/ssl.h>]],
+ [[
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init (&ssl);
+ mbedtls_ssl_free (&ssl);
+ ]],
+ [],
+ [AC_MSG_ERROR([pkg-config reports that $mbedtls_modules modules are present, but MbedTLS cannot be used])],
+ ["${MBEDTLS_FULL_LIBS}"]
+ )
+
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
],
- [$MBEDTLS_LIBS]
+ [
+ AS_UNSET([mbedtls_modules])
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_CFLAGS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_CRYPTO_LIBS],["no"],[AS_UNSET([MBEDTLS_CRYPTO_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_CFLAGS],["no"],[AS_UNSET([MBEDTLS_X509_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_X509_LIBS],["no"],[AS_UNSET([MBEDTLS_X509_LIBS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_CFLAGS],["no"],[AS_UNSET([MBEDTLS_TLS_CFLAGS])])
+ AS_VAR_IF([have_user_MBEDTLS_TLS_LIBS],["no"],[AS_UNSET([MBEDTLS_TLS_LIBS])])
+ ]
)
- ],
+ AS_UNSET([have_user_MBEDTLS_CRYPTO_CFLAGS])
+ AS_UNSET([have_user_MBEDTLS_CRYPTO_LIBS])
+ AS_UNSET([have_user_MBEDTLS_X509_CFLAGS])
+ AS_UNSET([have_user_MBEDTLS_X509_LIBS])
+ AS_UNSET([have_user_MBEDTLS_TLS_CFLAGS])
+ AS_UNSET([have_user_MBEDTLS_TLS_LIBS])
+ ]
+ )
+
+ AS_VAR_IF([have_mbedtls],["yes"],[:],
[
- # check for mbedTLS at default paths
have_mbedtls_pkgcfg="no"
- AS_VAR_IF([with_mbedtls],["yes"],
- [AC_MSG_ERROR([cannot find usable mbedTLS])]
+ AS_CASE(["x${with_mbedtls}"],
+ ["xyes"],[
+ MBEDTLS_FULL_CPPFLAGS=""
+ MBEDTLS_FULL_LDFLAGS=""
+ ],
+ ["x"],[
+ MBEDTLS_FULL_CPPFLAGS=""
+ MBEDTLS_FULL_LDFLAGS=""
+ ],
+ [
+ MBEDTLS_FULL_CPPFLAGS="-I$with_mbedtls/include"
+ MBEDTLS_FULL_LDFLAGS="-L$with_mbedtls/lib"
+ ]
+ )
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_FULL_CPPFLAGS} ${user_CPPFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_FULL_LDFLAGS} ${user_LDFLAGS}"
+
+ MHD_FIND_LIB([mbedtls_md_init],[[#include <mbedtls/md.h>]],
+ [[
+ /* These functions must be enabled i][f TLS is built */
+ mbedtls_md_context_t ctx;
+ mbedtls_md_init (&ctx);
+ mbedtls_md_free (&ctx);
+ ]],
+ [tfpsacrypto-4 tfpsacrypto mbedcrypto-3 mbedcrypto],
+ [
+ AS_CASE([${MBEDTLS_CRYPTO_LIBS}],
+ [*-4],[check_names_x509="mbedx509-4"
+ check_names_tls="mbedtls-4"],
+ [*-3],[check_names_x509="mbedx509-3"
+ check_names_tls="mbedtls-3"],
+ [*crypto],[check_names_x509="mbedx509"
+ check_names_tls="mbedtls"],
+ [check_names_x509="mbedx509-4 mbedx509-3 mbedx509"
+ check_names_tls="mbedtls-4 mbedtls-3 mbedtls"]
+ )
+ MHD_FIND_LIB([mbedtls_x509_crt_init],[[#include <mbedtls/x509_crt.h>]],
+ [[
+ /* These functions must be enabled i][f TLS based on X509 certificates is built */
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt_init(&crt);
+ mbedtls_x509_crt_free(&crt);
+ ]],
+ [${check_names_x509}],
+ [
+ AS_CASE([${MBEDTLS_X509_LIBS}],
+ [*-4],[check_names_tls="mbedtls-4"],
+ [*-3],[check_names_tls="mbedtls-3"],
+ [*x509],[check_names_tls="mbedtls"]
+ )
+ MHD_FIND_LIB([mbedtls_ssl_init],[[#include <mbedtls/ssl.h>]],
+ [[
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_init (&ssl);
+ mbedtls_ssl_free (&ssl);
+ ]],
+ [${check_names_tls}],
+ [
+ have_mbedtls="yes"
+ MBEDTLS_FULL_LIBS="${MBEDTLS_TLS_LIBS} ${MBEDTLS_X509_LIBS} ${MBEDTLS_CRYPTO_LIBS}"
+ MBEDTLS_CRYPTO_CPPFLAGS="${MBEDTLS_FULL_CPPFLAGS}"
+ MBEDTLS_CRYPTO_LDFLAGS="${MBEDTLS_FULL_LDFLAGS}"
+ MBEDTLS_X509_CPPFLAGS="${MBEDTLS_FULL_CPPFLAGS}"
+ MBEDTLS_X509_LDFLAGS="${MBEDTLS_FULL_LDFLAGS}"
+ MBEDTLS_TLS_CPPFLAGS="${MBEDTLS_FULL_CPPFLAGS}"
+ MBEDTLS_TLS_LDFLAGS="${MBEDTLS_FULL_LDFLAGS}"
+ ],[],
+ [MBEDTLS_TLS_LIBS],[${MBEDTLS_X509_LIBS} ${MBEDTLS_CRYPTO_LIBS}]
+ )
+ ],[],
+ [MBEDTLS_X509_LIBS],[${MBEDTLS_CRYPTO_LIBS}]
+ )
+ AS_UNSET([check_names_tls])
+ AS_UNSET([check_names_x509])
+ ],[],
+ [MBEDTLS_CRYPTO_LIBS]
)
- AS_UNSET([MBEDTLS_CPPFLAGS])
- AS_UNSET([MBEDTLS_CFLAGS])
- AS_UNSET([MBEDTLS_LDFLAGS])
- AS_UNSET([MBEDTLS_LIBS])
+ CPPFLAGS="${CPPFLAGS_ac} ${user_CPPFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${user_LDFLAGS}"
]
)
]
)
AS_VAR_IF([have_mbedtls],["yes"],[:],
- [have_mbedtls="no"]
+ [
+ have_mbedtls="no"
+ AS_CASE(["x$with_mbedtls"],
+ ["xyes"],[AC_MSG_ERROR([connot find usable MbedTLS library])],
+ ["x"],[with_mbedtls="no"],
+ [AC_MSG_ERROR([cannot find usable MbedTLS library at specified prefix $with_mbedtls])]
+ )
+ AS_UNSET([MBEDTLS_FULL_CPPFLAGS])
+ AS_UNSET([MBEDTLS_FULL_CFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LDFLAGS])
+ AS_UNSET([MBEDTLS_FULL_LIBS])
+ AS_UNSET([MBEDTLS_CRYPTO_CPPFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_CFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_LDFLAGS])
+ AS_UNSET([MBEDTLS_CRYPTO_LIBS])
+ AS_UNSET([MBEDTLS_X509_CPPFLAGS])
+ AS_UNSET([MBEDTLS_X509_CFLAGS])
+ AS_UNSET([MBEDTLS_X509_LDFLAGS])
+ AS_UNSET([MBEDTLS_X509_LIBS])
+ AS_UNSET([MBEDTLS_TLS_CPPFLAGS])
+ AS_UNSET([MBEDTLS_TLS_CFLAGS])
+ AS_UNSET([MBEDTLS_TLS_LDFLAGS])
+ AS_UNSET([MBEDTLS_TLS_LIBS])
+ ]
)
-
AS_IF([test "x$have_gnutls" = "xyes" || test "x$have_openssl" = "xyes" || test "x$have_mbedtls" = "xyes"],
[
enable_https="yes"
@@ -6297,8 +6540,11 @@ choke me now
multiple_tls="yes"
]
)
- AC_DEFINE([MHD_SUPPORT_MBEDTLS],[1],[Define to '1' i][f mbedTLS library should be used])
- MSG_TLS_BACKENDS="${MSG_TLS_BACKENDS}mbedTLS"
+ AC_DEFINE([MHD_SUPPORT_MBEDTLS],[1],[Define to '1' i][f MbedTLS library should be used])
+ MSG_TLS_BACKENDS="${MSG_TLS_BACKENDS}MbedTLS"
+ MHD_APPEND_FLAG_TO_VAR([MHD_TLS_LIB_CPPFLAGS],[$MBEDTLS_FULL_CPPFLAGS])
+ MHD_APPEND_FLAG_TO_VAR([MHD_TLS_LIB_LDFLAGS],[$MBEDTLS_FULL_LDFLAGS])
+ MHD_PREPEND_FLAG_TO_VAR([MHD_TLS_LIBDEPS],[$MBEDTLS_FULL_LIBS])
]
)
AS_VAR_IF([multiple_tls],["yes"],
@@ -6356,9 +6602,9 @@ AC_SUBST([OPENSSL_CPPFLAGS])
AC_SUBST([OPENSSL_LDFLAGS])
AC_SUBST([OPENSSL_LIBS])
AM_CONDITIONAL([MHD_SUPPORT_MBEDTLS], [[test "x$have_mbedtls" = "xyes"]])
-AC_SUBST([MBEDTLS_CPPFLAGS])
-AC_SUBST([MBEDTLS_LDFLAGS])
-AC_SUBST([MBEDTLS_LIBS])
+AC_SUBST([MBEDTLS_FULL_CPPFLAGS])
+AC_SUBST([MBEDTLS_FULL_LDFLAGS])
+AC_SUBST([MBEDTLS_FULL_LIBS])
AM_CONDITIONAL([MHD_ENABLE_MULTITLS], [test "x$multiple_tls" = "xyes"])
AM_CONDITIONAL([MHD_SUPPORT_HTTPS], [test "x$enable_https" = "xyes"])
@@ -6694,16 +6940,16 @@ AS_CASE([${enable_md5}],[yes|tlslib],
]
)
- # Check mbedTLS
+ # Check MbedTLS
AS_VAR_IF([have_mbedtls],["yes"],
[
- AC_CACHE_CHECK([whether mbedTLS supports MD5 hashing],[mhd_cv_mbedtls_md5],
+ AC_CACHE_CHECK([whether MbedTLS supports MD5 hashing],[mhd_cv_mbedtls_md5],
[
- CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CPPFLAGS} ${user_CPPFLAGS}"
- CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
- LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_LDFLAGS} ${user_LDFLAGS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CRYPTO_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${MBEDTLS_CRYPTO_CFLAGS} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_CRYPTO_LDFLAGS} ${user_LDFLAGS}"
save_LIBS="$LIBS"
- LIBS="${MBEDTLS_LIBS} ${LIBS} -lmbedcrypto"
+ LIBS="${MBEDTLS_CRYPTO_LIBS} ${LIBS}"
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM(
@@ -6732,12 +6978,12 @@ AS_CASE([${enable_md5}],[yes|tlslib],
AS_VAR_IF([mhd_cv_mbedtls_md5],["no"],
[
AS_VAR_IF([enable_md5],["tlslib"],
- [AC_MSG_WARN([mbedTLS MD5 implementation is not available])]
+ [AC_MSG_WARN([MbedTLS MD5 implementation is not available])]
)
],
[
AC_DEFINE([[MHD_MD5_EXTR_MBEDTLS]],[[1]],
- [Define to 1 if libmicrohttpd is compiled with MD5 hashing by mbedTLS.])
+ [Define to 1 if libmicrohttpd is compiled with MD5 hashing by MbedTLS.])
found_md5_tls="yes"
]
)
@@ -6930,16 +7176,16 @@ AS_CASE([${enable_sha256}],[yes|tlslib],
]
) # end check OpenSSL
- # Check mbedTLS
+ # Check MbedTLS
AS_VAR_IF([have_mbedtls],["yes"],
[
- AC_CACHE_CHECK([whether mbedTLS supports SHA256 hashing],[mhd_cv_mbedtls_sha256],
+ AC_CACHE_CHECK([whether MbedTLS supports SHA256 hashing],[mhd_cv_mbedtls_sha256],
[
- CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CPPFLAGS} ${user_CPPFLAGS}"
- CFLAGS="${CFLAGS_ac} ${user_CFLAGS}"
- LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_LDFLAGS} ${user_LDFLAGS}"
+ CPPFLAGS="${CPPFLAGS_ac} ${MBEDTLS_CRYPTO_CPPFLAGS} ${user_CPPFLAGS}"
+ CFLAGS="${CFLAGS_ac} ${MBEDTLS_CRYPTO_CFLAGS} ${user_CFLAGS}"
+ LDFLAGS="${LDFLAGS_ac} ${MBEDTLS_CRYPTO_LDFLAGS} ${user_LDFLAGS}"
save_LIBS="$LIBS"
- LIBS="${MBEDTLS_LIBS} ${LIBS} -lmbedcrypto"
+ LIBS="${MBEDTLS_CRYPTO_LIBS} ${LIBS}"
AC_LINK_IFELSE(
[
AC_LANG_PROGRAM(
@@ -6968,12 +7214,12 @@ AS_CASE([${enable_sha256}],[yes|tlslib],
AS_VAR_IF([mhd_cv_mbedtls_sha256],["no"],
[
AS_VAR_IF([enable_sha256],["tlslib"],
- [AC_MSG_WARN([mbedTLS SHA256 implementation is not available])]
+ [AC_MSG_WARN([MbedTLS SHA256 implementation is not available])]
)
],
[
AC_DEFINE([[MHD_SHA256_EXTR_MBEDTLS]],[[1]],
- [Define to 1 if libmicrohttpd is compiled with SHA256 hashing by mbedTLS.])
+ [Define to 1 if libmicrohttpd is compiled with SHA256 hashing by MbedTLS.])
found_sha256_tls="yes"
]
)
@@ -8870,6 +9116,9 @@ AS_VAR_IF([have_gnutls],["yes"],
AS_VAR_IF([have_openssl],["yes"],
[AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
)
+AS_VAR_IF([have_mbedtls],["yes"],
+ [AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
+)
AS_CASE([$licence_num],
[0],[licence_descr="LGPLv2.1+ or eCos"],
[2],[licence_descr="LGPL version 2.1 or any later version"],
