1dnl
2dnl TLS stuff for CUPS.
3dnl
4dnl Copyright 2007-2019 by Apple Inc.
5dnl Copyright 1997-2007 by Easy Software Products, all rights reserved.
6dnl
7dnl Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
8dnl
9
10AC_ARG_ENABLE(ssl, [  --disable-ssl           disable SSL/TLS support])
11AC_ARG_ENABLE(cdsassl, [  --enable-cdsassl        use CDSA for SSL/TLS support, default=first])
12AC_ARG_ENABLE(gnutls, [  --enable-gnutls         use GNU TLS for SSL/TLS support, default=second])
13
14SSLFLAGS=""
15SSLLIBS=""
16have_ssl=0
17CUPS_SERVERKEYCHAIN=""
18
19if test x$enable_ssl != xno; then
20    dnl Look for CDSA...
21    if test $have_ssl = 0 -a "x$enable_cdsassl" != "xno"; then
22	if test $host_os_name = darwin; then
23	    AC_CHECK_HEADER(Security/SecureTransport.h, [
24	    	have_ssl=1
25		AC_DEFINE(HAVE_SSL)
26		AC_DEFINE(HAVE_CDSASSL)
27		CUPS_SERVERKEYCHAIN="/Library/Keychains/System.keychain"
28
29		dnl Check for the various security headers...
30		AC_CHECK_HEADER(Security/SecCertificate.h,
31		    AC_DEFINE(HAVE_SECCERTIFICATE_H))
32		AC_CHECK_HEADER(Security/SecItem.h,
33		    AC_DEFINE(HAVE_SECITEM_H))
34		AC_CHECK_HEADER(Security/SecPolicy.h,
35		    AC_DEFINE(HAVE_SECPOLICY_H))])
36	fi
37    fi
38
39    dnl Then look for GNU TLS...
40    if test $have_ssl = 0 -a "x$enable_gnutls" != "xno" -a "x$PKGCONFIG" != x; then
41    	AC_PATH_TOOL(LIBGNUTLSCONFIG,libgnutls-config)
42	if $PKGCONFIG --exists gnutls; then
43	    have_ssl=1
44	    SSLLIBS=`$PKGCONFIG --libs gnutls`
45	    SSLFLAGS=`$PKGCONFIG --cflags gnutls`
46	    AC_DEFINE(HAVE_SSL)
47	    AC_DEFINE(HAVE_GNUTLS)
48	elif test "x$LIBGNUTLSCONFIG" != x; then
49	    have_ssl=1
50	    SSLLIBS=`$LIBGNUTLSCONFIG --libs`
51	    SSLFLAGS=`$LIBGNUTLSCONFIG --cflags`
52	    AC_DEFINE(HAVE_SSL)
53	    AC_DEFINE(HAVE_GNUTLS)
54	fi
55
56	if test $have_ssl = 1; then
57	    CUPS_SERVERKEYCHAIN="ssl"
58
59	    SAVELIBS="$LIBS"
60	    LIBS="$LIBS $SSLLIBS"
61	    AC_CHECK_FUNC(gnutls_transport_set_pull_timeout_function, AC_DEFINE(HAVE_GNUTLS_TRANSPORT_SET_PULL_TIMEOUT_FUNCTION))
62	    AC_CHECK_FUNC(gnutls_priority_set_direct, AC_DEFINE(HAVE_GNUTLS_PRIORITY_SET_DIRECT))
63	    LIBS="$SAVELIBS"
64	fi
65    fi
66fi
67
68IPPALIASES="http"
69if test $have_ssl = 1; then
70    AC_MSG_RESULT([    Using SSLLIBS="$SSLLIBS"])
71    AC_MSG_RESULT([    Using SSLFLAGS="$SSLFLAGS"])
72    IPPALIASES="http https ipps"
73elif test x$enable_cdsa = xyes -o x$enable_gnutls = xyes; then
74    AC_MSG_ERROR([Unable to enable SSL support.])
75fi
76
77AC_SUBST(CUPS_SERVERKEYCHAIN)
78AC_SUBST(IPPALIASES)
79AC_SUBST(SSLFLAGS)
80AC_SUBST(SSLLIBS)
81
82EXPORT_SSLLIBS="$SSLLIBS"
83AC_SUBST(EXPORT_SSLLIBS)
84