summaryrefslogtreecommitdiffstats
path: root/configure.ac
diff options
context:
space:
mode:
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac138
1 files changed, 98 insertions, 40 deletions
diff --git a/configure.ac b/configure.ac
index 0008e8a..92afdf3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5891,6 +5891,12 @@ ac_includes_default="$save_includes_default"
AX_CHECK_OPENSSL([have_openssl=yes],[have_openssl=no])
# rpath to libssl and libcrypto
+AS_VAR_IF([GNULD], [yes], [
+ rpath_arg="-Wl,--enable-new-dtags,-rpath="
+], [
+ rpath_arg="-Wl,-rpath="
+])
+
AC_MSG_CHECKING(for --with-openssl-rpath)
AC_ARG_WITH(openssl-rpath,
AS_HELP_STRING([--with-openssl-rpath=@<:@DIR|auto|no@:>@],
@@ -5903,58 +5909,104 @@ AC_ARG_WITH(openssl-rpath,
[with_openssl_rpath=no]
)
AS_CASE($with_openssl_rpath,
- [auto|yes],[OPENSSL_RPATH=auto],
- [no],[OPENSSL_RPATH=],
+ [auto|yes], [
+ OPENSSL_RPATH=auto
+ dnl look for linker directories
+ for arg in "$OPENSSL_LDFLAGS"; do
+ AS_CASE([$arg],
+ [-L*], [OPENSSL_LDFLAGS_RPATH="$OPENSSL_LDFLAGS_RPATH ${rpath_arg}$(echo $arg | cut -c3-)"]
+ )
+ done
+ ],
+ [no], [OPENSSL_RPATH=],
[AS_IF(
[test -d "$with_openssl_rpath"],
- [OPENSSL_RPATH="$with_openssl_rpath"],
+ [
+ OPENSSL_RPATH="$with_openssl_rpath"
+ OPENSSL_LDFLAGS_RPATH="${rpath_arg}$with_openssl_rpath"
+ ],
AC_MSG_ERROR([--with-openssl-rpath "$with_openssl_rpath" is not a directory]))
]
)
AC_MSG_RESULT($OPENSSL_RPATH)
AC_SUBST([OPENSSL_RPATH])
+# This static linking is NOT OFFICIALLY SUPPORTED and not advertised.
+# Requires static OpenSSL build with position-independent code. Some features
+# like DSO engines or external OSSL providers don't work. Only tested with GCC
+# and clang on X86_64.
+AS_VAR_IF([PY_UNSUPPORTED_OPENSSL_BUILD], [static], [
+ AC_MSG_CHECKING([for unsupported static openssl build])
+ new_OPENSSL_LIBS=
+ for arg in $OPENSSL_LIBS; do
+ AS_CASE([$arg],
+ [-l*], [
+ libname=$(echo $arg | cut -c3-)
+ new_OPENSSL_LIBS="$new_OPENSSL_LIBS -l:lib${libname}.a -Wl,--exclude-libs,lib${libname}.a"
+ ],
+ [new_OPENSSL_LIBS="$new_OPENSSL_LIBS $arg"]
+ )
+ done
+ dnl include libz for OpenSSL build flavors with compression support
+ OPENSSL_LIBS="$new_OPENSSL_LIBS $ZLIB_LIBS"
+ AC_MSG_RESULT([$OPENSSL_LIBS])
+])
+
+dnl AX_CHECK_OPENSSL does not export libcrypto-only libs
+LIBCRYPTO_LIBS=
+for arg in $OPENSSL_LIBS; do
+ AS_CASE([$arg],
+ [-l*ssl*|-Wl*ssl*], [],
+ [LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS $arg"]
+ )
+done
+
# check if OpenSSL libraries work as expected
-AC_CACHE_CHECK([whether OpenSSL provides required APIs], [ac_cv_working_openssl], [
-save_LIBS="$LIBS"
-save_CFLAGS="$CFLAGS"
-save_LDFLAGS="$LDFLAGS"
-LIBS="$LIBS $OPENSSL_LIBS"
-CFLAGS="$CFLAGS_NODIST $OPENSSL_INCLUDES"
-LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+WITH_SAVE_ENV([
+ LIBS="$LIBS $OPENSSL_LIBS"
+ CFLAGS="$CFLAGS $OPENSSL_INCLUDES"
+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH"
-AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <openssl/opensslv.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
+ AC_CACHE_CHECK([whether OpenSSL provides required ssl module APIs], [ac_cv_working_openssl_ssl], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <openssl/opensslv.h>
+ #include <openssl/ssl.h>
+ #if OPENSSL_VERSION_NUMBER < 0x10101000L
+ #error "OpenSSL >= 1.1.1 is required"
+ #endif
+ static void keylog_cb(const SSL *ssl, const char *line) {}
+ ], [
+ SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
+ SSL_CTX_set_keylog_callback(ctx, keylog_cb);
+ SSL *ssl = SSL_new(ctx);
+ X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
+ X509_VERIFY_PARAM_set1_host(param, "python.org", 0);
+ SSL_free(ssl);
+ SSL_CTX_free(ctx);
+ ])], [ac_cv_working_openssl_ssl=yes], [ac_cv_working_openssl_ssl=no])
+ ])
+])
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
-#error "OpenSSL >= 1.1.1 is required"
-#endif
+WITH_SAVE_ENV([
+ LIBS="$LIBS $LIBCRYPTO_LIBS"
+ CFLAGS="$CFLAGS $OPENSSL_INCLUDES"
+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH"
-static void keylog_cb(const SSL *ssl, const char *line) {}
-]], [[
-/* SSL APIs */
-SSL_CTX *ctx = SSL_CTX_new(TLS_client_method());
-SSL_CTX_set_keylog_callback(ctx, keylog_cb);
-SSL *ssl = SSL_new(ctx);
-X509_VERIFY_PARAM *param = SSL_get0_param(ssl);
-X509_VERIFY_PARAM_set1_host(param, "python.org", 0);
-SSL_free(ssl);
-SSL_CTX_free(ctx);
-
-/* hashlib APIs */
-OBJ_nid2sn(NID_md5);
-OBJ_nid2sn(NID_sha1);
-OBJ_nid2sn(NID_sha3_512);
-OBJ_nid2sn(NID_blake2b512);
-EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0);
-]])],
- [ac_cv_working_openssl=yes],
- [ac_cv_working_openssl=no])
-LIBS="$save_LIBS"
-CFLAGS="$save_CFLAGS"
-LDFLAGS="$save_LDFLAGS"
+ AC_CACHE_CHECK([whether OpenSSL provides required hashlib module APIs], [ac_cv_working_openssl_hashlib], [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <openssl/opensslv.h>
+ #include <openssl/evp.h>
+ #if OPENSSL_VERSION_NUMBER < 0x10101000L
+ #error "OpenSSL >= 1.1.1 is required"
+ #endif
+ ], [
+ OBJ_nid2sn(NID_md5);
+ OBJ_nid2sn(NID_sha1);
+ OBJ_nid2sn(NID_sha3_512);
+ OBJ_nid2sn(NID_blake2b512);
+ EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0);
+ ])], [ac_cv_working_openssl_hashlib=yes], [ac_cv_working_openssl_hashlib=no])
+ ])
])
# ssl module default cipher suite string
@@ -6245,6 +6297,12 @@ PY_STDLIB_MOD([_bz2], [], [test "$have_bzip2" = yes],
PY_STDLIB_MOD([_lzma], [], [test "$have_liblzma" = yes],
[$LIBLZMA_CFLAGS], [$LIBLZMA_LIBS])
+dnl OpenSSL bindings
+PY_STDLIB_MOD([_ssl], [], [test "$ac_cv_working_openssl_ssl" = yes],
+ [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $OPENSSL_LIBS])
+PY_STDLIB_MOD([_hashlib], [], [test "$ac_cv_working_openssl_hashlib" = yes],
+ [$OPENSSL_INCLUDES], [$OPENSSL_LDFLAGS $OPENSSL_LDFLAGS_RPATH $LIBCRYPTO_LIBS])
+
dnl test modules
PY_STDLIB_MOD([_testcapi], [test "$TEST_MODULES" = yes])
PY_STDLIB_MOD([_testinternalcapi], [test "$TEST_MODULES" = yes])