OpenSystemsDevelopment / qpdf

Commit a99ad2b9007d1775e9598bc78698cbc5d5ba0f60

Authored by Dean Scarff
Committed by Jay Berkenbilt
1 parent 2ff84aa2

Update OpenSSL autoconf checks 

- Checks explicitly for versions >= 1.1.0 with pkg-config
- Refactor the fallback checks.  Previously they were copied
from the gnutls logic, but could be slightly surprising (it's not
obvious that they're for the case where pkg-config returns a false
negative, and it's weird that the linker check overode the header check)
- Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl
(-lcrypto is the standard library OpenSSL ships the crypto symbols in).
- Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not
present in versions prior to 1.1.0.

Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
Inline Side-by-side
Showing 3 changed files with 40 additions and 39 deletions
autofiles.sums
  View file @a99ad2b
1   -055e54a34d94a0c2ed9451042a1c747e47b29259a9035af9e7327401a5c3fbd1 configure.ac
  1 +d2cb3f80935a7e6e265a04da6ba9c0df4eabae3de33c6a48384a9fa50a15143b configure.ac
2 2 d3f9ee6f6f0846888d9a10fd3dad2e4b1258be84205426cf04d7cef02d61dad7 aclocal.m4
3 3 cf2c764639c4c94abc183a0976eca6ae500b80790ea25e3d0af97b23587363b7 libqpdf/qpdf/qpdf-config.h.in
4 4 5297971a0ef90bcd5563eb3f7127a032bb76d3ae2af7258bf13479caf8983a60 m4/ax_cxx_compile_stdcxx.m4
... ...
configure
  View file @a99ad2b
... ... @@ -1477,7 +1477,7 @@ Optional Features:
1477 1477 are not explicitly requested; true by default
1478 1478 --enable-crypto-native whether to include support for native crypto
1479 1479 provider
1480   - --enable-crypto-openssl whether to include support for the BoringSSL crypto
  1480 + --enable-crypto-openssl whether to include support for the openssl crypto
1481 1481 provider
1482 1482 --enable-crypto-gnutls whether to include support for gnutls crypto
1483 1483 provider
... ... @@ -17811,12 +17811,12 @@ if test -n "$pc_openssl_CFLAGS"; then
17811 17811 pkg_cv_pc_openssl_CFLAGS="$pc_openssl_CFLAGS"
17812 17812 elif test -n "$PKG_CONFIG"; then
17813 17813 if test -n "$PKG_CONFIG" && \
17814   - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
17815   - ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
  17814 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
  17815 + ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
17816 17816 ac_status=$?
17817 17817 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
17818 17818 test $ac_status = 0; }; then
17819   - pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl" 2>/dev/null`
  17819 + pkg_cv_pc_openssl_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 1.1.0" 2>/dev/null`
17820 17820 test "x$?" != "x0" && pkg_failed=yes
17821 17821 else
17822 17822 pkg_failed=yes
... ... @@ -17828,12 +17828,12 @@ if test -n "$pc_openssl_LIBS"; then
17828 17828 pkg_cv_pc_openssl_LIBS="$pc_openssl_LIBS"
17829 17829 elif test -n "$PKG_CONFIG"; then
17830 17830 if test -n "$PKG_CONFIG" && \
17831   - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl\""; } >&5
17832   - ($PKG_CONFIG --exists --print-errors "openssl") 2>&5
  17831 + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 1.1.0\""; } >&5
  17832 + ($PKG_CONFIG --exists --print-errors "openssl >= 1.1.0") 2>&5
17833 17833 ac_status=$?
17834 17834 $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
17835 17835 test $ac_status = 0; }; then
17836   - pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl" 2>/dev/null`
  17836 + pkg_cv_pc_openssl_LIBS=`$PKG_CONFIG --libs "openssl >= 1.1.0" 2>/dev/null`
17837 17837 test "x$?" != "x0" && pkg_failed=yes
17838 17838 else
17839 17839 pkg_failed=yes
... ... @@ -17854,9 +17854,9 @@ else
17854 17854 _pkg_short_errors_supported=no
17855 17855 fi
17856 17856 if test $_pkg_short_errors_supported = yes; then
17857   - pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl" 2>&1`
  17857 + pc_openssl_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
17858 17858 else
17859   - pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl" 2>&1`
  17859 + pc_openssl_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "openssl >= 1.1.0" 2>&1`
17860 17860 fi
17861 17861 # Put the nasty error message in config.log where it belongs
17862 17862 echo "$pc_openssl_PKG_ERRORS" >&5
... ... @@ -17873,18 +17873,13 @@ else
17873 17873 $as_echo "yes" >&6; }
17874 17874 OPENSSL_FOUND=1
17875 17875 fi
17876   -if test "$OPENSSL_FOUND" = "0"; then
  17876 +
  17877 +if test "$OPENSSL_FOUND" = "0"; then :
17877 17878 ac_fn_c_check_header_mongrel "$LINENO" "openssl/evp.h" "ac_cv_header_openssl_evp_h" "$ac_includes_default"
17878 17879 if test "x$ac_cv_header_openssl_evp_h" = xyes; then :
17879   - OPENSSL_FOUND=1
17880   -else
17881   - OPENSSL_FOUND=0
17882   -fi
17883   -
17884   -
17885   - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_DigestInit_ex" >&5
17886   -$as_echo_n "checking for library containing EVP_DigestInit_ex... " >&6; }
17887   -if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
  17880 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_MD_CTX_new" >&5
  17881 +$as_echo_n "checking for library containing EVP_MD_CTX_new... " >&6; }
  17882 +if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
17888 17883 $as_echo_n "(cached) " >&6
17889 17884 else
17890 17885 ac_func_search_save_LIBS=$LIBS
... ... @@ -17897,16 +17892,16 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
17897 17892 #ifdef __cplusplus
17898 17893 extern "C"
17899 17894 #endif
17900   -char EVP_DigestInit_ex ();
  17895 +char EVP_MD_CTX_new ();
17901 17896 int
17902 17897 main ()
17903 17898 {
17904   -return EVP_DigestInit_ex ();
  17899 +return EVP_MD_CTX_new ();
17905 17900 ;
17906 17901 return 0;
17907 17902 }
17908 17903 _ACEOF
17909   -for ac_lib in '' openssl; do
  17904 +for ac_lib in '' crypto; do
17910 17905 if test -z "$ac_lib"; then
17911 17906 ac_res="none required"
17912 17907 else
... ... @@ -17914,34 +17909,36 @@ for ac_lib in '' openssl; do
17914 17909 LIBS="-l$ac_lib $ac_func_search_save_LIBS"
17915 17910 fi
17916 17911 if ac_fn_c_try_link "$LINENO"; then :
17917   - ac_cv_search_EVP_DigestInit_ex=$ac_res
  17912 + ac_cv_search_EVP_MD_CTX_new=$ac_res
17918 17913 fi
17919 17914 rm -f core conftest.err conftest.$ac_objext \
17920 17915 conftest$ac_exeext
17921   - if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
  17916 + if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
17922 17917 break
17923 17918 fi
17924 17919 done
17925   -if ${ac_cv_search_EVP_DigestInit_ex+:} false; then :
  17920 +if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
17926 17921  
17927 17922 else
17928   - ac_cv_search_EVP_DigestInit_ex=no
  17923 + ac_cv_search_EVP_MD_CTX_new=no
17929 17924 fi
17930 17925 rm conftest.$ac_ext
17931 17926 LIBS=$ac_func_search_save_LIBS
17932 17927 fi
17933   -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_DigestInit_ex" >&5
17934   -$as_echo "$ac_cv_search_EVP_DigestInit_ex" >&6; }
17935   -ac_res=$ac_cv_search_EVP_DigestInit_ex
  17928 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_MD_CTX_new" >&5
  17929 +$as_echo "$ac_cv_search_EVP_MD_CTX_new" >&6; }
  17930 +ac_res=$ac_cv_search_EVP_MD_CTX_new
17936 17931 if test "$ac_res" != no; then :
17937 17932 test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
17938 17933 OPENSSL_FOUND=1
17939   -else
17940   - OPENSSL_FOUND=0
17941 17934 fi
17942 17935  
17943 17936 fi
17944 17937  
  17938 +
  17939 +
  17940 +fi
  17941 +
17945 17942 IMPLICIT_OPENSSL=0
17946 17943 USE_CRYPTO_OPENSSL=0
17947 17944  
... ...
configure.ac
  View file @a99ad2b
... ... @@ -586,23 +586,27 @@ if test "$USE_CRYPTO_NATIVE" = "1"; then
586 586 DEFAULT_CRYPTO=native
587 587 fi
588 588  
589   -dnl If the openssl/BoringSSL provider is explicitly requested, require openssl
  589 +dnl If the openssl/BoringSSL provider is explicitly requested, require openssl.
590 590 dnl If the openssl provider is not explicitly disabled, enable it if
591 591 dnl openssl is available. If the openssl provider is explicitly
592 592 dnl disabled, do not link with openssl even if present.
593 593  
594   -PKG_CHECK_MODULES([pc_openssl], [openssl], [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
595   -if test "$OPENSSL_FOUND" = "0"; then
596   - AC_CHECK_HEADER([openssl/evp.h],[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
597   - AC_SEARCH_LIBS(EVP_DigestInit_ex,openssl,[OPENSSL_FOUND=1],[OPENSSL_FOUND=0])
598   -fi
  594 +PKG_CHECK_MODULES([pc_openssl], [openssl >= 1.1.0],
  595 + [OPENSSL_FOUND=1], [OPENSSL_FOUND=0])
  596 +
  597 +dnl Override pkg-config if headers and libraries are present.
  598 +AS_IF([test "$OPENSSL_FOUND" = "0"],
  599 + [AC_CHECK_HEADER(
  600 + [openssl/evp.h],
  601 + [AC_SEARCH_LIBS(EVP_MD_CTX_new,crypto,[OPENSSL_FOUND=1])])
  602 + ])
599 603  
600 604 IMPLICIT_OPENSSL=0
601 605 USE_CRYPTO_OPENSSL=0
602 606 AC_SUBST(USE_CRYPTO_OPENSSL)
603 607 AC_ARG_ENABLE(crypto-openssl,
604 608 AS_HELP_STRING([--enable-crypto-openssl],
605   - [whether to include support for the BoringSSL crypto provider]),
  609 + [whether to include support for the openssl crypto provider]),
606 610 [if test "$enableval" = "yes"; then
607 611 USE_CRYPTO_OPENSSL=1
608 612 else
... ...