On 08.07.2012 10:30, Kaspar Brand wrote:
> On 06.07.2012 14:41, b...@apache.org wrote:
>> Author: ben
>> Date: Fri Jul 6 12:41:10 2012
>> New Revision: 1358167
>>
>> URL: http://svn.apache.org/viewvc?rev=1358167&view=rev
>> Log:
>> Work correctly with a development version of OpenSSL. I suspect
>> something similar is needed when there are two OpenSSL installations,
>> one in a default location.
I had another look at this, since it has been proposed for backporting
to 2.4 in the meantime, and still think the following is true:
> If I'm understanding correctly, then this
> patch tries to support building against an OpenSSL source tree (or
> perhaps a build directory where only "make libs" has been executed)?
(should have read "make build_libs" instead)
It's a useful enhancement if mod_ssl can be linked with a specific
OpenSSL version in a non-default location, but the current approach has
at least one problem, AFAICT: it will only work if the directory pointed
to by --with-ssl does not include shared libraries for OpenSSL (by
default, OpenSSL only builds libssl.a and libcrypto.a, so the issue
might not be obvious at first sight).
> I would suggest to use a separate
> configure argument to support this build option, e.g. --with-ssl-srcdir.
I gave it a try, see the attached "work-in-progress" patch. While we're
at it, I think we should also fix a flaw in the handling of the
--with-ssl argument: in
http://svn.apache.org/viewvc?view=revision&revision=730926, acinclude.m4
was modified to always give pkg-config precedence over any argument
specified through --with-ssl. While the rationale for this change
becomes clear from the commit log, I consider it an unfortunate side
effect that pkg-config always trumps any --with-ssl directory argument.
My suggestion would be to handle OpenSSL paths in configure arguments
like this, instead:
1) use --with-ssl-builddir for linking with the static OpenSSL libraries
in that directory (and ignore --with-ssl in this case)
2) use --with-ssl for linking against an installed version of OpenSSL
3) use pkg-config to locate OpenSSL
Does that sound like a reasonable proposal? Comments welcome, and test
feedback would be much appreciated (remember to run "buildconf" after
applying the patch to acinclude.m4, and before calling configure).
Kaspar
Index: acinclude.m4
===================================================================
--- acinclude.m4 (revision 1369535)
+++ acinclude.m4 (working copy)
@@ -467,86 +467,97 @@
dnl
dnl APACHE_CHECK_OPENSSL
dnl
-dnl Configure for OpenSSL, giving preference to
-dnl "--with-ssl=<path>" if it was specified.
+dnl Configure for OpenSSL, giving preference to the following options:
+dnl 1) "--with-ssl-builddir=<path>", for linking against static libraries
+dnl in an OpenSSL build directory where at least "make build_libs"
+dnl has been executed
+dnl 2) "--with-ssl=<path>", pointing to a path where an installed version
+dnl of OpenSSL can be found
+dnl 3) the path as determined by pkg-config
dnl
AC_DEFUN(APACHE_CHECK_OPENSSL,[
- AC_CACHE_CHECK([for OpenSSL], [ac_cv_openssl], [
+ AC_CACHE_VAL([ac_cv_openssl], [
dnl initialise the variables we use
ac_cv_openssl=no
- ap_openssl_found=""
ap_openssl_base=""
- ap_openssl_libs=""
+ saved_CPPFLAGS="$CPPFLAGS"
+ SSL_LIBS=""
- dnl Determine the OpenSSL base directory, if any
- AC_MSG_CHECKING([for user-provided OpenSSL base directory])
- AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL base
directory), [
- dnl If --with-ssl specifies a directory, we use that directory
- if test "x$withval" != "xyes" -a "x$withval" != "x"; then
- dnl This ensures $withval is actually a directory and that it is
absolute
+ AC_MSG_NOTICE([checking for OpenSSL...])
+
+ dnl Allow linking against static libraries from an OpenSSL build directory
+ AC_MSG_CHECKING([for user-provided OpenSSL build directory with static
libraries])
+ AC_ARG_WITH(ssl-builddir,
APACHE_HELP_STRING(--with-ssl-builddir=DIR,OpenSSL build directory with static
libraries to link with), [
+ if test "x$withval" != "xyes" -a -d "$withval"; then
+ dnl This ensures $withval is actually a directory
+ dnl and that it is absolute
ap_openssl_base="`cd $withval ; pwd`"
+ if test "x$ap_openssl_base" != "x"; then
+ AC_MSG_RESULT($ap_openssl_base)
+ CPPFLAGS="-I$ap_openssl_base/include $CPPFLAGS"
+ INCLUDES="-I$ap_openssl_base/include $INCLUDES"
+ if test "x$enable_ssl" = "xstatic"; then
+ APR_ADDTO(LIBS, [$ap_openssl_base/libssl.a
$ap_openssl_base/libcrypto.a])
+ else
+ LDFLAGS="-L$ap_openssl_base -Wl,-L$ap_openssl_base $LDFLAGS"
+ dnl force the linker to use libssl.a and libcrypto.a (but only
+ dnl these, i.e. make sure that we are switching back to dynamic
+ dnl mode afterwards - from ld(1): "affects library searching
+ dnl for -l options which follow it")
+ APR_ADDTO(SSL_LIBS, [-Wl,-Bstatic,-lssl,-lcrypto,-Bdynamic])
+ fi
+ fi
+ else
+ AC_MSG_RESULT(none)
fi
])
- if test "x$ap_openssl_base" = "x"; then
- AC_MSG_RESULT(none)
- else
- AC_MSG_RESULT($ap_openssl_base)
- fi
- dnl Run header and version checks
- saved_CPPFLAGS="$CPPFLAGS"
+ dnl The reason for saving LDFLAGS and LIBS at this point (and not at
+ dnl the beginning of APACHE_CHECK_OPENSSL, as with the CPPFLAGS) is that
+ dnl LDFLAGS and LIBS are potentially modified by --with-ssl-builddir, and
+ dnl will then be retained in EXTRA_LDFLAGS and EXTRA_LIBS when configure
+ dnl finally calls APR_RESTORE_THE_ENVIRONMENT(LDFLAGS, EXTRA_) etc.
+ saved_LDFLAGS="$LDFLAGS"
saved_LIBS="$LIBS"
- saved_LDFLAGS="$LDFLAGS"
- SSL_LIBS=""
- dnl See if we've been given a development OpenSSL (lib does not exist)
- if test ! -d "$ap_openssl_base/lib"; then
- AC_MSG_WARN([Using development version of OpenSSL])
- dnl we need to prepend the directories to override the system version
- CPPFLAGS="-I$ap_openssl_base/include $CPPFLAGS"
- INCLUDES="-I$ap_openssl_base/include $INCLUDES"
- LDFLAGS="-L$ap_openssl_base $LDFLAGS"
- dnl naughty, but easier than the alternatives
- saved_LDFLAGS="$LDFLAGS"
- SSL_LIBS="-L$ap_openssl_base"
- else
-
- dnl Before doing anything else, load in pkg-config variables
- if test -n "$PKGCONFIG"; then
- saved_PKG_CONFIG_PATH="$PKG_CONFIG_PATH"
- if test "x$ap_openssl_base" != "x" -a \
- -f "${ap_openssl_base}/lib/pkgconfig/openssl.pc"; then
- dnl Ensure that the given path is used by pkg-config too, otherwise
- dnl the system openssl.pc might be picked up instead.
-
PKG_CONFIG_PATH="${ap_openssl_base}/lib/pkgconfig${PKG_CONFIG_PATH+:}${PKG_CONFIG_PATH}"
- export PKG_CONFIG_PATH
+ dnl Handle "--with-ssl=DIR" (ignore if "--with-ssl-builddir" is specified)
+ if test "x$with_ssl_builddir" = "x"; then
+ AC_MSG_CHECKING([for user-provided OpenSSL base directory])
+ AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,OpenSSL base
directory), [
+ if test "x$withval" != "xyes" -a "x$withval" != "x"; then
+ ap_openssl_base="`cd $withval ; pwd`"
+ if test "x$ap_openssl_base" != "x"; then
+ AC_MSG_RESULT($ap_openssl_base)
+ APR_ADDTO(CPPFLAGS, [-I$ap_openssl_base/include])
+ APR_ADDTO(INCLUDES, [-I$ap_openssl_base/include])
+ APR_ADDTO(LDFLAGS, [-L$ap_openssl_base/lib])
+ APR_ADDTO(SSL_LIBS, [-L$ap_openssl_base/lib -lssl -lcrypto])
+ if test "x$ap_platform_runtime_link_flag" != "x"; then
+ APR_ADDTO(LDFLAGS,
[$ap_platform_runtime_link_flag$ap_openssl_base/lib])
+ APR_ADDTO(SSL_LIBS,
[$ap_platform_runtime_link_flag$ap_openssl_base/lib])
+ fi
+ else
+ AC_MSG_RESULT(none)
+ fi
fi
- ap_openssl_libs="`$PKGCONFIG --libs-only-l openssl 2>&1`"
- if test $? -eq 0; then
- ap_openssl_found="yes"
- pkglookup="`$PKGCONFIG --cflags-only-I openssl`"
- APR_ADDTO(CPPFLAGS, [$pkglookup])
- APR_ADDTO(INCLUDES, [$pkglookup])
- pkglookup="`$PKGCONFIG --libs-only-L --libs-only-other openssl`"
- APR_ADDTO(LDFLAGS, [$pkglookup])
- APR_ADDTO(SSL_LIBS, [$pkglookup])
- fi
- PKG_CONFIG_PATH="$saved_PKG_CONFIG_PATH"
+ ])
+ fi
+
+ dnl If no directory found / specified through --with-ssl-builddir
+ dnl or --with-ssl, try pkg-config
+ if test "x$ap_openssl_base" = "x" -a -n "$PKGCONFIG"; then
+ pkglookup="`$PKGCONFIG --libs-only-l openssl 2>&1`"
+ if test $? -eq 0; then
+ pkglookup="`$PKGCONFIG --cflags-only-I openssl`"
+ APR_ADDTO(CPPFLAGS, [$pkglookup])
+ APR_ADDTO(INCLUDES, [$pkglookup])
+ pkglookup="`$PKGCONFIG --libs-only-L openssl`"
+ APR_ADDTO(LDFLAGS, [$pkglookup])
+ APR_ADDTO(SSL_LIBS, [$pkglookup -lssl -lcrypto])
fi
-
- dnl fall back to the user-supplied directory if not found via pkg-config
- if test "x$ap_openssl_base" != "x" -a "x$ap_openssl_found" = "x"; then
- APR_ADDTO(CPPFLAGS, [-I$ap_openssl_base/include])
- APR_ADDTO(INCLUDES, [-I$ap_openssl_base/include])
- APR_ADDTO(LDFLAGS, [-L$ap_openssl_base/lib])
- APR_ADDTO(SSL_LIBS, [-L$ap_openssl_base/lib])
- if test "x$ap_platform_runtime_link_flag" != "x"; then
- APR_ADDTO(LDFLAGS,
[$ap_platform_runtime_link_flag$ap_openssl_base/lib])
- APR_ADDTO(SSL_LIBS,
[$ap_platform_runtime_link_flag$ap_openssl_base/lib])
- fi
- fi
fi
+ dnl Run version check
AC_MSG_CHECKING([for OpenSSL version >= 0.9.7])
AC_TRY_COMPILE([#include <openssl/opensslv.h>],[
#if !defined(OPENSSL_VERSION_NUMBER)
@@ -560,10 +571,9 @@
[AC_MSG_RESULT(FAILED)])
if test "x$ac_cv_openssl" = "xyes"; then
- ap_openssl_libs="-lssl -lcrypto `$apr_config --libs`"
- APR_ADDTO(SSL_LIBS, [$ap_openssl_libs])
- APR_ADDTO(LIBS, [$ap_openssl_libs])
- APACHE_SUBST(SSL_LIBS)
+ ap_apr_libs="`$apr_config --libs`"
+ APR_ADDTO(SSL_LIBS, [$ap_apr_libs])
+ APR_ADDTO(LIBS, [-lssl -lcrypto $ap_apr_libs])
dnl Run library and function checks
liberrors=""
