Hi, I have submitted a patch for review:
https://gerrit.libreoffice.org/3330 To pull it, you can do: git pull ssh://gerrit.libreoffice.org:29418/core refs/changes/30/3330/1 neon: honor --disable-openssl and use GNUTLS On --disable-openssl, the bundled neon library will link against GNUTLS + gcrypt instead of OpenSSL. Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4 --- M config_host.mk.in M configure.ac M neon/Library_neon.mk M neon/UnpackedTarball_neon.mk M neon/configs/config.h A neon/neon_with_gnutls.patch 6 files changed, 87 insertions(+), 7 deletions(-) diff --git a/config_host.mk.in b/config_host.mk.in index d794d16..a0f4675 100644 --- a/config_host.mk.in +++ b/config_host.mk.in @@ -182,6 +182,8 @@ export GIT_NEEDED_SUBMODULES=@GIT_NEEDED_SUBMODULES@ export GNOMEVFS_CFLAGS=$(gb_SPACE)@GNOMEVFS_CFLAGS@ export GNOMEVFS_LIBS=$(gb_SPACE)@GNOMEVFS_LIBS@ +export GNUTLS_CFLAGS=$(gb_SPACE)@GNUTLS_CFLAGS@ +export GNUTLS_LIBS=$(gb_SPACE)@GNUTLS_LIBS@ export PARALLELISM?=@PARALLELISM@ @x_GNUCP@ export GNUCOPY=@GNUCP@ export GNUMAKE=@GNUMAKE@ @@ -289,6 +291,8 @@ export LIBEXTTEXTCAT_LIBS=$(gb_SPACE)@LIBEXTTEXTCAT_LIBS@ export LIBFONTS_JAR=@LIBFONTS_JAR@ export LIBFORMULA_JAR=@LIBFORMULA_JAR@ +export LIBGCRYPT_CFLAGS=@LIBGCRYPT_CFLAGS@ +export LIBGCRYPT_LIBS=@LIBGCRYPT_LIBS@ export LIBLANGTAG_CFLAGS=$(gb_SPACE)@LIBLANGTAG_CFLAGS@ export LIBLANGTAG_LIBS=$(gb_SPACE)@LIBLANGTAG_LIBS@ export LIBLAYOUT_JAR=@LIBLAYOUT_JAR@ diff --git a/configure.ac b/configure.ac index 9c1f2e9..2c852f2 100644 --- a/configure.ac +++ b/configure.ac @@ -8562,6 +8562,21 @@ AC_SUBST([DISABLE_OPENSSL]) dnl =================================================================== +dnl Check for building gnutls +dnl =================================================================== +AC_MSG_CHECKING([whether to use gnutls]) +if test "$enable_neon" != "no" && test "$enable_openssl" = "no"; then + AC_MSG_RESULT([yes]) + AM_PATH_LIBGCRYPT() + PKG_CHECK_MODULES(GNUTLS, [gnutls],, + AC_MSG_ERROR([Disabling OpenSSL was requested, but GNUTLS is not + available in the system to use as replacement.])) +fi + +AC_SUBST([LIBGCRYPT_CFLAGS]) +AC_SUBST([LIBGCRYPT_LIBS]) + +dnl =================================================================== dnl Check for system redland dnl =================================================================== dnl versions before 1.0.8 write RDF/XML that is useless for ODF (@xml:base) diff --git a/neon/Library_neon.mk b/neon/Library_neon.mk index bc5fe25..0ea887f 100644 --- a/neon/Library_neon.mk +++ b/neon/Library_neon.mk @@ -13,10 +13,15 @@ $(eval $(call gb_Library_use_externals,neon,\ libxml2 \ - openssl \ - openssl_headers \ zlib \ )) + +ifneq ($(DISABLE_OPENSSL),YES) +$(eval $(call gb_Library_use_externals,neon,\ + openssl \ + openssl_headers \ +)) +endif $(eval $(call gb_Library_set_visibility_default,neon)) @@ -56,8 +61,28 @@ UnpackedTarball/neon/src/ne_utils \ UnpackedTarball/neon/src/ne_xml \ UnpackedTarball/neon/src/ne_xmlreq \ +)) + + +ifneq ($(DISABLE_OPENSSL),YES) +$(eval $(call gb_Library_add_generated_cobjects,neon,\ UnpackedTarball/neon/src/ne_openssl \ )) +else +$(eval $(call gb_Library_add_generated_cobjects,neon,\ + UnpackedTarball/neon/src/ne_gnutls \ +)) +$(eval $(call gb_Library_add_cflags,neon,\ + -DDISABLE_OPENSSL \ + $(LIBGCRYPT_CFLAGS) \ + $(GNUTLS_CFLAGS) \ +)) +$(eval $(call gb_Library_add_libs,neon,\ + $(LIBGCRYPT_LIBS) \ + $(GNUTLS_LIBS) \ +)) +endif + ifeq ($(OS),WNT) $(eval $(call gb_Library_use_system_win32_libs,neon,\ @@ -76,9 +101,11 @@ )) else +ifneq ($(DISABLE_OPENSSL),YES) $(eval $(call gb_Library_add_generated_cobjects,neon,\ UnpackedTarball/neon/src/ne_ntlm \ )) +endif endif diff --git a/neon/UnpackedTarball_neon.mk b/neon/UnpackedTarball_neon.mk index a099718..a6cb87b 100644 --- a/neon/UnpackedTarball_neon.mk +++ b/neon/UnpackedTarball_neon.mk @@ -20,6 +20,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,neon,\ neon/neon.patch \ neon/neon_ne_set_request_flag.patch \ + neon/neon_with_gnutls.patch \ )) # vim: set noet sw=4 ts=4: diff --git a/neon/configs/config.h b/neon/configs/config.h index db68aa2..b0fdf22 100644 --- a/neon/configs/config.h +++ b/neon/configs/config.h @@ -79,23 +79,25 @@ #define HAVE_GETSOCKOPT 1 #endif +#ifdef DISABLE_OPENSSL /* Define if GnuTLS support is enabled */ -/* #undef HAVE_GNUTLS */ +#define HAVE_GNUTLS /* Define to 1 if you have the `gnutls_certificate_get_x509_cas' function. */ /* #undef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS */ /* Define to 1 if you have the `gnutls_certificate_verify_peers2' function. */ -/* #undef HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 */ +#define HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 /* Define to 1 if you have the `gnutls_session_get_data2' function. */ -/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */ +#define HAVE_GNUTLS_SESSION_GET_DATA2 /* Define to 1 if you have the `gnutls_sign_callback_set' function. */ -/* #undef HAVE_GNUTLS_SIGN_CALLBACK_SET */ +#define HAVE_GNUTLS_SIGN_CALLBACK_SET /* Define to 1 if you have the `gnutls_x509_dn_get_rdn_ava' function. */ -/* #undef HAVE_GNUTLS_X509_DN_GET_RDN_AVA */ +#define HAVE_GNUTLS_X509_DN_GET_RDN_AVA +#endif /* DISABLE_OPENSSL */ /* Define if GSSAPI support is enabled */ /* #undef HAVE_GSSAPI */ @@ -179,6 +181,7 @@ #define HAVE_NETINET_TCP_H 1 #endif +#ifndef DISABLE_OPENSSL /* Define if NTLM is supported */ #ifndef WIN32 #define HAVE_NTLM 1 @@ -192,6 +195,7 @@ /* Define to 1 if you have the <openssl/ssl.h> header file. */ #define HAVE_OPENSSL_SSL_H 1 +#endif /* !DISABLE_OPENSSL */ /* Define if pakchois library supported */ /* #undef HAVE_PAKCHOIS */ diff --git a/neon/neon_with_gnutls.patch b/neon/neon_with_gnutls.patch new file mode 100644 index 0000000..ed8b7fa --- /dev/null +++ b/neon/neon_with_gnutls.patch @@ -0,0 +1,29 @@ +--- src/ne_gnutls.c 2009-12-02 23:40:41.000000000 +0200 ++++ src/ne_gnutls.c 2013-03-29 13:41:00.429857276 +0200 +@@ -48,6 +48,26 @@ + #include <iconv.h> + #endif + ++ ++/* GnuTLS removed these symbols from 2.99.0. ++ * ++ * This is a dodgy solution to avoid further patching of neon ++ * sources */ ++#if LIBGNUTLS_VERSION_NUMBER >= 0x026300 ++# define gnutls_pkcs12 gnutls_pkcs12_t ++# define gnutls_pkcs12_bag gnutls_pkcs12_bag_t ++# define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t ++# define gnutls_certificate_verify_peers(_ssl) ({ \ ++ int __status_ ## __LINE__ = 0; \ ++ gnutls_certificate_verify_peers2((_ssl), &__status_ ## __LINE__) == 0 \ ++ ? __status_ ## __LINE__ : -1; \ ++ }) ++#elif LIBGNUTLS_VERSION_NUMBER >= 0x020303 ++/* GnuTLS had these symbols since 2.3.3. */ ++# define HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS ++#endif /* LIBGNUTLS_VERSION_NUMBER */ ++ ++ + #include "ne_ssl.h" + #include "ne_string.h" + #include "ne_session.h" -- To view, visit https://gerrit.libreoffice.org/3330 To unsubscribe, visit https://gerrit.libreoffice.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4 Gerrit-PatchSet: 1 Gerrit-Project: core Gerrit-Branch: master Gerrit-Owner: Andres Gomez <ago...@igalia.com> _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice