UUID_LIBS
LDAP_LIBS_BE
LDAP_LIBS_FE
+with_ssl
PTHREAD_CFLAGS
PTHREAD_LIBS
PTHREAD_CC
with_readline
with_systemd
with_selinux
-with_openssl
with_ldap
with_krb_srvnam
krb_srvtab
with_bsd_auth
with_ldap
with_bonjour
-with_openssl
with_selinux
with_systemd
with_readline
with_system_tzdata
with_zlib
with_gnu_ld
+with_ssl
+with_openssl
enable_largefile
'
ac_precious_vars='build_alias
--with-bsd-auth build with BSD Authentication support
--with-ldap build with LDAP support
--with-bonjour build with Bonjour support
- --with-openssl build with OpenSSL support
--with-selinux build with SELinux support
--with-systemd build with systemd support
--without-readline do not use GNU Readline nor BSD Libedit for editing
use system time zone data in DIR
--without-zlib do not use Zlib
--with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-ssl=LIB use LIB for SSL/TLS support (openssl)
+ --with-openssl obsolete spelling of --with-ssl=openssl
Some influential environment variables:
CC C compiler command
$as_echo "$with_bonjour" >&6; }
-#
-# OpenSSL
-#
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with OpenSSL support" >&5
-$as_echo_n "checking whether to build with OpenSSL support... " >&6; }
-
-
-
-# Check whether --with-openssl was given.
-if test "${with_openssl+set}" = set; then :
- withval=$with_openssl;
- case $withval in
- yes)
-
-$as_echo "#define USE_OPENSSL 1" >>confdefs.h
-
- ;;
- no)
- :
- ;;
- *)
- as_fn_error $? "no argument expected for --with-openssl option" "$LINENO" 5
- ;;
- esac
-
-else
- with_openssl=no
-
-fi
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_openssl" >&5
-$as_echo "$with_openssl" >&6; }
-
-
#
# SELinux
#
fi
fi
+#
+# SSL Library
+#
+# There is currently only one supported SSL/TLS library: OpenSSL.
+#
+
+
+
+# Check whether --with-ssl was given.
+if test "${with_ssl+set}" = set; then :
+ withval=$with_ssl;
+ case $withval in
+ yes)
+ as_fn_error $? "argument required for --with-ssl option" "$LINENO" 5
+ ;;
+ no)
+ as_fn_error $? "argument required for --with-ssl option" "$LINENO" 5
+ ;;
+ *)
+
+ ;;
+ esac
+
+fi
+
+
+if test x"$with_ssl" = x"" ; then
+ with_ssl=no
+fi
+
+
+
+# Check whether --with-openssl was given.
+if test "${with_openssl+set}" = set; then :
+ withval=$with_openssl;
+ case $withval in
+ yes)
+ :
+ ;;
+ no)
+ :
+ ;;
+ *)
+ as_fn_error $? "no argument expected for --with-openssl option" "$LINENO" 5
+ ;;
+ esac
+
+else
+ with_openssl=no
+
+fi
+
+
if test "$with_openssl" = yes ; then
+ with_ssl=openssl
+fi
+
+if test "$with_ssl" = openssl ; then
# Minimum required OpenSSL version is 1.0.1
$as_echo "#define OPENSSL_API_COMPAT 0x10001000L" >>confdefs.h
fi
done
+
+$as_echo "#define USE_OPENSSL 1" >>confdefs.h
+
+elif test "$with_ssl" != no ; then
+ as_fn_error $? "--with-ssl must specify openssl" "$LINENO" 5
fi
+
if test "$with_pam" = yes ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pam_start in -lpam" >&5
$as_echo_n "checking for pam_start in -lpam... " >&6; }
fi
-if test "$with_openssl" = yes ; then
+if test "$with_ssl" = openssl ; then
ac_fn_c_check_header_mongrel "$LINENO" "openssl/ssl.h" "ac_cv_header_openssl_ssl_h" "$ac_includes_default"
if test "x$ac_cv_header_openssl_ssl_h" = xyes; then :
# will be used.
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random number source to use" >&5
$as_echo_n "checking which random number source to use... " >&6; }
-if test x"$with_openssl" = x"yes" ; then
+if test x"$with_ssl" = x"openssl" ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: OpenSSL" >&5
$as_echo "OpenSSL" >&6; }
elif test x"$PORTNAME" = x"win32" ; then
AC_MSG_RESULT([$with_bonjour])
-#
-# OpenSSL
-#
-AC_MSG_CHECKING([whether to build with OpenSSL support])
-PGAC_ARG_BOOL(with, openssl, no, [build with OpenSSL support],
- [AC_DEFINE([USE_OPENSSL], 1, [Define to build with OpenSSL support. (--with-openssl)])])
-AC_MSG_RESULT([$with_openssl])
-AC_SUBST(with_openssl)
-
#
# SELinux
#
fi
fi
+#
+# SSL Library
+#
+# There is currently only one supported SSL/TLS library: OpenSSL.
+#
+PGAC_ARG_REQ(with, ssl, [LIB], [use LIB for SSL/TLS support (openssl)])
+if test x"$with_ssl" = x"" ; then
+ with_ssl=no
+fi
+PGAC_ARG_BOOL(with, openssl, no, [obsolete spelling of --with-ssl=openssl])
if test "$with_openssl" = yes ; then
+ with_ssl=openssl
+fi
+
+if test "$with_ssl" = openssl ; then
dnl Order matters!
# Minimum required OpenSSL version is 1.0.1
AC_DEFINE(OPENSSL_API_COMPAT, [0x10001000L],
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
# function was removed.
AC_CHECK_FUNCS([CRYPTO_lock])
+ AC_DEFINE([USE_OPENSSL], 1, [Define to 1 if you have OpenSSL support.])
+elif test "$with_ssl" != no ; then
+ AC_MSG_ERROR([--with-ssl must specify openssl])
fi
+AC_SUBST(with_ssl)
if test "$with_pam" = yes ; then
AC_CHECK_LIB(pam, pam_start, [], [AC_MSG_ERROR([library 'pam' is required for PAM])])
[AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])])
fi
-if test "$with_openssl" = yes ; then
+if test "$with_ssl" = openssl ; then
AC_CHECK_HEADER(openssl/ssl.h, [], [AC_MSG_ERROR([header file <openssl/ssl.h> is required for OpenSSL])])
AC_CHECK_HEADER(openssl/err.h, [], [AC_MSG_ERROR([header file <openssl/err.h> is required for OpenSSL])])
fi
# first choice, else the native platform sources (Windows API or /dev/urandom)
# will be used.
AC_MSG_CHECKING([which random number source to use])
-if test x"$with_openssl" = x"yes" ; then
+if test x"$with_ssl" = x"openssl" ; then
AC_MSG_RESULT([OpenSSL])
elif test x"$PORTNAME" = x"win32" ; then
AC_MSG_RESULT([Windows native])
unaccent \
vacuumlo
-ifeq ($(with_openssl),yes)
+ifeq ($(with_ssl),openssl)
SUBDIRS += sslinfo
else
ALWAYS_SUBDIRS += sslinfo
ZLIB_TST = pgp-compression
ZLIB_OFF_TST = pgp-zlib-DISABLED
-CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS))
-CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS))
+CF_SRCS = $(if $(subst openssl,,$(with_ssl)), $(INT_SRCS), $(OSSL_SRCS))
+CF_TESTS = $(if $(subst openssl,,$(with_ssl)), $(INT_TESTS), $(OSSL_TESTS))
CF_PGP_TESTS = $(if $(subst no,,$(with_zlib)), $(ZLIB_TST), $(ZLIB_OFF_TST))
SRCS = \
</varlistentry>
<varlistentry>
- <term><option>--with-openssl</option>
+ <term><option>--with-ssl=<replaceable>LIBRARY</replaceable></option>
<indexterm>
<primary>OpenSSL</primary>
<seealso>SSL</seealso>
<listitem>
<para>
Build with support for <acronym>SSL</acronym> (encrypted)
- connections. This requires the <productname>OpenSSL</productname>
- package to be installed. <filename>configure</filename> will check
- for the required header files and libraries to make sure that
- your <productname>OpenSSL</productname> installation is sufficient
- before proceeding.
+ connections. The only <replaceable>LIBRARY</replaceable>
+ supported is <option>openssl</option>. This requires the
+ <productname>OpenSSL</productname> package to be installed.
+ <filename>configure</filename> will check for the required
+ header files and libraries to make sure that your
+ <productname>OpenSSL</productname> installation is sufficient
+ before proceeding.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--with-openssl</option></term>
+ <listitem>
+ <para>
+ Obsolete equivalent of <literal>--with-ssl=openssl</literal>.
</para>
</listitem>
</varlistentry>
<filename>pgcrypto</filename> configures itself according to the findings of the
main PostgreSQL <literal>configure</literal> script. The options that
affect it are <literal>--with-zlib</literal> and
- <literal>--with-openssl</literal>.
+ <literal>--with-ssl=openssl</literal>.
</para>
<para>
<para>
This extension won't build at all unless the installation was
- configured with <literal>--with-openssl</literal>.
+ configured with <literal>--with-ssl=openssl</literal>.
</para>
<sect2>
with_perl = @with_perl@
with_python = @with_python@
with_tcl = @with_tcl@
-with_openssl = @with_openssl@
+with_ssl = @with_ssl@
with_readline = @with_readline@
with_selinux = @with_selinux@
with_systemd = @with_systemd@
pqmq.o \
pqsignal.o
-ifeq ($(with_openssl),yes)
+ifeq ($(with_ssl),openssl)
OBJS += be-secure-openssl.o
endif
ereport(elevel,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("hostssl record cannot match because SSL is not supported by this build"),
- errhint("Compile with --with-openssl to use SSL connections."),
+ errhint("Compile with --with-ssl=openssl to use SSL connections."),
errcontext("line %d of configuration file \"%s\"",
line_num, HbaFileName)));
*err_msg = "hostssl record cannot match because SSL is not supported by this build";
wait_error.o \
wchar.o
-ifeq ($(with_openssl),yes)
+ifeq ($(with_ssl),openssl)
OBJS_COMMON += \
protocol_openssl.o \
cryptohash_openssl.o
/* Define to select named POSIX semaphores. */
#undef USE_NAMED_POSIX_SEMAPHORES
-/* Define to build with OpenSSL support. (--with-openssl) */
+/* Define to build with OpenSSL support. (--with-ssl=openssl) */
#undef USE_OPENSSL
/* Define to 1 to build with PAM support. (--with-pam) */
pqexpbuffer.o \
fe-auth.o
-ifeq ($(with_openssl),yes)
+# File shared across all SSL implementations supported.
+ifneq ($(with_ssl),no)
+OBJS += \
+ fe-secure-common.o
+endif
+
+ifeq ($(with_ssl),openssl)
OBJS += \
- fe-secure-common.o \
fe-secure-openssl.o
endif
SUBDIRS += ldap
endif
endif
-ifeq ($(with_openssl),yes)
+ifeq ($(with_ssl),openssl)
ifneq (,$(filter ssl,$(PG_TEST_EXTRA)))
SUBDIRS += ssl
endif
unsafe_tests \
worker_spi
-ifeq ($(with_openssl),yes)
+ifeq ($(with_ssl),openssl)
SUBDIRS += ssl_passphrase_callback
else
ALWAYS_SUBDIRS += ssl_passphrase_callback
# ssl_passphrase_callback Makefile
-export with_openssl
+export with_ssl
MODULE_big = ssl_passphrase_func
OBJS = ssl_passphrase_func.o $(WIN32RES)
use Test::More;
use PostgresNode;
-unless (($ENV{with_openssl} || 'no') eq 'yes')
+unless ($ENV{with_ssl} eq 'openssl')
{
- plan skip_all => 'SSL not supported by this build';
+ plan skip_all => 'OpenSSL not supported by this build';
}
my $clearpass = "FooBaR1";
top_builddir = ../../..
include $(top_builddir)/src/Makefile.global
-export with_openssl
+export with_ssl
CERTIFICATES := server_ca server-cn-and-alt-names \
server-cn-only server-single-alt-name server-multiple-alt-names \
use SSLServer;
-if ($ENV{with_openssl} eq 'yes')
+if ($ENV{with_ssl} ne 'openssl')
{
- plan tests => 93;
+ plan skip_all => 'OpenSSL not supported by this build';
}
else
{
- plan skip_all => 'SSL not supported by this build';
+ plan tests => 93;
}
#### Some configuration
use SSLServer;
-if ($ENV{with_openssl} ne 'yes')
+if ($ENV{with_ssl} ne 'openssl')
{
- plan skip_all => 'SSL not supported by this build';
+ plan skip_all => 'OpenSSL not supported by this build';
}
# This is the hostname used to connect to the server.
$cfg .= ' --with-ldap' if ($self->{options}->{ldap});
$cfg .= ' --without-zlib' unless ($self->{options}->{zlib});
$cfg .= ' --with-extra-version' if ($self->{options}->{extraver});
- $cfg .= ' --with-openssl' if ($self->{options}->{openssl});
+ $cfg .= ' --with-ssl=openssl' if ($self->{options}->{openssl});
$cfg .= ' --with-uuid' if ($self->{options}->{uuid});
$cfg .= ' --with-libxml' if ($self->{options}->{xml});
$cfg .= ' --with-libxslt' if ($self->{options}->{xslt});
tcl => undef, # --with-tcl=<path>
perl => undef, # --with-perl=<path>
python => undef, # --with-python=<path>
- openssl => undef, # --with-
openssl=<path>
+ openssl => undef, # --with-
ssl=openssl with <path>
uuid => undef, # --with-uuid=<path>
xml => undef, # --with-libxml=<path>
xslt => undef, # --with-libxslt=<path>
projects / postgresql.git / commitdiff