## _ _ ## _ __ ___ ___ __| | ___ ___| | mod_ssl ## | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL ## | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org ## |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org ## |_____| ## libssl.module ## Apache 1.3 Configuration mechanism module stub ## ## ## ==================================================================== ## Copyright (c) 1998-2005 Ralf S. Engelschall. All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted provided that the following conditions ## are met: ## ## 1. Redistributions of source code must retain the above copyright ## notice, this list of conditions and the following disclaimer. ## ## 2. Redistributions in binary form must reproduce the above copyright ## notice, this list of conditions and the following ## disclaimer in the documentation and/or other materials ## provided with the distribution. ## ## 3. All advertising materials mentioning features or use of this ## software must display the following acknowledgment: ## "This product includes software developed by ## Ralf S. Engelschall for use in the ## mod_ssl project (http://www.modssl.org/)." ## ## 4. The names "mod_ssl" must not be used to endorse or promote ## products derived from this software without prior written ## permission. For written permission, please contact ## rse@engelschall.com. ## ## 5. Products derived from this software may not be called "mod_ssl" ## nor may "mod_ssl" appear in their names without prior ## written permission of Ralf S. Engelschall. ## ## 6. Redistributions of any form whatsoever must retain the following ## acknowledgment: ## "This product includes software developed by ## Ralf S. Engelschall for use in the ## mod_ssl project (http://www.modssl.org/)." ## ## THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY ## EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR ## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR ## HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ## NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ## STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED ## OF THE POSSIBILITY OF SUCH DAMAGE. ## ==================================================================== ## # ``What you are missing, I suppose, is that I'm not # prepared to give equal rights to Ralf on the basis # that he's spent a few hours doing what he thinks is # better than what I've spent the last 4 years on, # and so he isn't prepared to cooperate with me.'' # -- Ben Laurie, Apache-SSL author Name: ssl_module ConfigStart # # interface to the src/Configure script # my_dir="`echo ${modfile} | sed -e 's:/[^/]*$::'`" my_version="$my_dir/libssl.version" my_outfile="Makefile.config" my_prefix=" +" my_prefixe=" " SSL_CFLAGS='' SSL_LDFLAGS='' SSL_LIBS='' # # find a reasonable Bourne Shell for sub-shell calls # SH=sh if [ -f /bin/bash ]; then SH=/bin/bash elif [ -f /bin/sh5 ]; then SH=/bin/sh5 elif [ -f /bin/sh ]; then SH=/bin/sh fi # # determine mod_ssl author version # A_ID=`cat $my_version | sed -e 's; .*;;'` A_NAME=`echo $A_ID | sed -e 's;/.*;;'` A_VER=`echo $A_ID | sed -e 's;.*/;;'` A_VER_STR=`echo $A_VER | sed -e 's;-.*;;'` case $A_VER_STR in *.*b* ) A_VER_HEX=`echo "$A_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' && echo "$A_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'` ;; *.*.* ) A_VER_HEX=`echo "$A_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'` ;; esac echo "$my_prefix SSL interface: $A_NAME/$A_VER_STR" SSL_VERSION="-DMOD_SSL_VERSION=\\\"$A_VER_STR\\\"" # # determine optional mod_ssl product version # if [ ".`egrep '.*/.* .*/.*' $my_version`" != . ]; then P_ID=`cat $my_version | sed -e 's;.* ;;'` P_NAME=`echo $P_ID | sed -e 's;/.*;;'` P_VER=`echo $P_ID | sed -e 's;.*/;;'` P_VER_STR=`echo $P_VER | sed -e 's;-.*;;'` case $P_VER_STR in *.*b* ) P_VER_HEX=`echo "$P_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' && echo "$P_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'` ;; *.*.* ) P_VER_HEX=`echo "$P_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'` ;; esac echo "$my_prefix SSL product: $P_NAME/$P_VER_STR" SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_NAME=\\\"$P_NAME\\\"" SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_VERSION=\\\"$P_VER_STR\\\"" fi # # determine object build type # case $modfile in *.so ) my_buildtype="DSO" ;; * ) my_buildtype="OBJ" ;; esac echo "$my_prefix SSL interface build type: $my_buildtype" # # determine SSL rules # if [ ".$APXS_MODE" = .YES ]; then my_rule_SSL_COMPAT=$SSL_COMPAT my_rule_SSL_SDBM=$SSL_SDBM my_rule_SSL_EXPERIMENTAL=$SSL_EXPERIMENTAL my_rule_SSL_CONSERVATIVE=$SSL_CONSERVATIVE my_rule_SSL_VENDOR=$SSL_VENDOR else my_rule_SSL_COMPAT=`$SH helpers/CutRule SSL_COMPAT $file` my_rule_SSL_SDBM=`$SH helpers/CutRule SSL_SDBM $file` my_rule_SSL_EXPERIMENTAL=`$SH helpers/CutRule SSL_EXPERIMENTAL $file` my_rule_SSL_CONSERVATIVE=`$SH helpers/CutRule SSL_CONSERVATIVE $file` my_rule_SSL_VENDOR=`$SH helpers/CutRule SSL_VENDOR $file` fi # # determine compatibility mode # if [ ".$my_rule_SSL_COMPAT" = .yes ]; then echo "$my_prefix SSL interface compatibility: enabled" SSL_CFLAGS="$SSL_CFLAGS -DSSL_COMPAT" else echo "$my_prefix SSL interface compatibility: disabled" fi # # determine experimental mode # if [ ".$my_rule_SSL_EXPERIMENTAL" = .yes ]; then echo "$my_prefix SSL interface experimental code: enabled" SSL_CFLAGS="$SSL_CFLAGS -DSSL_EXPERIMENTAL" else echo "$my_prefix SSL interface experimental code: disabled" fi # # determine conservative mode # if [ ".$my_rule_SSL_CONSERVATIVE" = .yes ]; then echo "$my_prefix SSL interface conservative code: enabled" SSL_CFLAGS="$SSL_CFLAGS -DSSL_CONSERVATIVE" else echo "$my_prefix SSL interface conservative code: disabled" fi # # determine vendor mode # SSL_VENDOR_OBJS='' SSL_VENDOR_OBJS_PIC='' if [ ".$my_rule_SSL_VENDOR" = .yes ]; then echo "$my_prefix SSL interface vendor extensions: enabled" SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR" my_src="`cd $my_dir && echo ssl_vendor*.c`" if [ ".$my_src" != . -a ".$my_src" != ".ssl_vendor*.c" ]; then SSL_CFLAGS="$SSL_CFLAGS -DSSL_VENDOR_OBJS" SSL_VENDOR_OBJS="`echo $my_src | sed -e 's;\.c;.o;g'`" SSL_VENDOR_OBJS_PIC="`echo $my_src | sed -e 's;\.c;.lo;g'`" echo "$my_prefix SSL interface vendor objects: $SSL_VENDOR_OBJS" fi else echo "$my_prefix SSL interface vendor extensions: disabled" fi # # determine DBM support library # (src/Configure has DBM_LIB predefined for some platforms) # if [ ".$APXS_MODE" != .YES ]; then SSL_DBM_NAME='' # 1. check for predefined DBM lib if [ ".$DBM_LIB" != . ]; then LIBS_ORIG="$LIBS" LIBS="$LIBS $DBM_LIB" if $SH helpers/TestCompile func dbm_open; then SSL_DBM_NAME="Configured DBM ($DBM_LIB)" SSL_DBM_FLAG="$DBM_LIB" fi LIBS="$LIBS_ORIG" fi # 2. check for various vendor DBM libs if [ ".$SSL_DBM_NAME" = . ]; then if $SH helpers/TestCompile func dbm_open; then SSL_DBM_NAME='Vendor DBM (libc)' SSL_DBM_FLAG='' elif $SH helpers/TestCompile lib dbm dbm_open; then SSL_DBM_NAME='Vendor DBM (libdbm)' SSL_DBM_FLAG='-ldbm' elif $SH helpers/TestCompile lib ndbm dbm_open; then SSL_DBM_NAME='Vendor DBM (libndbm)' SSL_DBM_FLAG='-lndbm' fi fi # 3. let the SSL_SDBM rule override decisions if [ ".$my_rule_SSL_SDBM" = .yes ]; then # force us to fallback to SDBM SSL_DBM_NAME='' fi if [ ".$my_rule_SSL_SDBM" = .no ]; then # for us to never use SDBM, but be # careful when no DBM was found at all if [ ".$SSL_DBM_NAME" = . ]; then echo "Error: SDBM is needed, because no custom or vendor DBM library available!" 1>&2 echo "Hint: Allow us to choose SDBM by changing the rule SSL_SDBM, please." 1>&2 exit 1 fi fi # 4. override decision on a few brain-dead platforms if [ ".$my_rule_SSL_SDBM" = .default ]; then case "$PLAT" in *-linux* ) # force Linux boxes to use builtin SDBM per default because # of too much broken vendor DBM libraries on this platform SSL_DBM_NAME='' ;; esac fi # 5. finally configure the chosen DBM lib if [ ".$SSL_DBM_NAME" != . ]; then echo "$my_prefix SSL interface plugin: $SSL_DBM_NAME" my_dbm_already_used=`echo $LIBS | grep -- " $SSL_DBM_FLAG"` if [ ".$my_buildtype" = .OBJ -a ".$my_dbm_already_used" != . ]; then : else SSL_LIBS="$SSL_LIBS $SSL_DBM_FLAG" fi else echo "$my_prefix SSL interface plugin: Built-in SDBM" SSL_CFLAGS="$SSL_CFLAGS -DSSL_USE_SDBM" fi fi # # determine SSL_BASE # if [ ".$SSL_BASE" = . ]; then SSL_BASE=`egrep '^SSL_BASE=' $file | sed -n -e '$p' | awk -F= '{print $2}'` if [ ".$SSL_BASE" = . ]; then if [ -d /usr/local/ssl ]; then SSL_BASE="/usr/local/ssl" else SSL_BASE="SYSTEM" fi fi fi case $SSL_BASE in SYSTEM ) ;; /* ) ;; * ) SSL_BASE="`cd ../$SSL_BASE; pwd`" ;; esac if [ ".$SSL_BASE" = .SYSTEM ]; then echo "$my_prefix SSL library path: [SYSTEM]" else if [ ! -d "$SSL_BASE" ]; then echo "Error: Cannot find SSL installation in $SSL_BASE" 1>&2 echo "Hint: Please provide us with the location of OpenSSL" 1>&2 echo " via the environment variable SSL_BASE." 1>&2 exit 1 fi echo "$my_prefix SSL library path: $SSL_BASE" fi # # determine location of OpenSSL binaries # (we still search also for `ssleay' to allow us to # better complain about the actually installed version) # SSL_BINDIR="" if [ ".$SSL_BASE" = .SYSTEM ]; then for name in openssl ssleay; do for p in . `echo $PATH | sed -e 's/:/ /g'`; do if [ -f "$p/$name" ]; then SSL_PROGRAM="$p/$name" SSL_BINDIR="$p" break fi done if [ ".$SSL_BINDIR" != . ]; then break; fi done if [ ".$SSL_BINDIR" = . ]; then echo "Error: Cannot find SSL binaries in $PATH" 1>&2 exit 1 fi else for name in openssl ssleay; do if [ -f "$SSL_BASE/bin/$name" ]; then SSL_PROGRAM="$SSL_BASE/bin/$name" SSL_BINDIR='$(SSL_BASE)/bin' break; fi if [ -f "$SSL_BASE/sbin/$name" ]; then SSL_PROGRAM="$SSL_BASE/sbin/$name" SSL_BINDIR='$(SSL_BASE)/sbin' break; fi if [ -f "$SSL_BASE/apps/$name" ]; then SSL_PROGRAM="$SSL_BASE/apps/$name" SSL_BINDIR='$(SSL_BASE)/apps' break; fi done if [ ".$SSL_BINDIR" = . ]; then echo "Error: Cannot find SSL binaries under $SSL_BASE" 1>&2 exit 1 fi fi # # SSL version # SSL_VERSION_ID="`$SSL_PROGRAM version`" echo "$my_prefix SSL library version: $SSL_VERSION_ID" case $SSL_VERSION_ID in *0.[5678].*|*0.9.[012]* ) echo "Error: OpenSSL VERSIONS BELOW 0.9.3 ARE NO LONGER SUPPORTED." echo "Hint: Use OpenSSL version 0.9.3 or higher!" exit 1 ;; esac # # SSL engine support # case $SSL_VERSION_ID in *0.9.6*engine* | *0.9.6a*engine* | *0.9.[789]* ) SSL_CFLAGS="$SSL_CFLAGS -DSSL_ENGINE" ;; esac # # determine location of OpenSSL headers # if [ ".$SSL_BASE" = .SYSTEM ]; then SSL_INCDIR="" for p in . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl; do if [ -f "$p/openssl/ssl.h" ]; then SSL_INCDIR="$p" break fi done if [ ".$SSL_INCDIR" = . ]; then echo "Error: Cannot find SSL header files in any of the following dirs:" 1>&2 echo "Error: . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl" 1>&2 exit 1 fi else if [ -f "$SSL_BASE/include/openssl/ssl.h" ]; then SSL_INCDIR='$(SSL_BASE)/include' else echo "Error: Cannot find SSL header files under $SSL_BASE" 1>&2 exit 1 fi fi if [ ".$SSL_INCDIR" != "./usr/include" ]; then SSL_CFLAGS="$SSL_CFLAGS -I\$(SSL_INCDIR)" fi # # determine location of OpenSSL libraries # if [ ".$SSL_BASE" = .SYSTEM ]; then SSL_LIBDIR="" for p in . /lib /usr/lib /usr/local/lib; do if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then SSL_LIBDIR="$p" my_real_ssl_libdir="$p" break fi done if [ ".$SSL_LIBDIR" = . ]; then echo "Error: Cannot find SSL library files in any of the following dirs:" 1>&2 echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2 exit 1 fi else if [ -f "$SSL_BASE/libssl.a" -o -f "$SSL_BASE/libssl.so" ]; then SSL_LIBDIR='$(SSL_BASE)' my_real_ssl_libdir="$SSL_BASE" elif [ -f "$SSL_BASE/lib/libssl.a" -o -f "$SSL_BASE/lib/libssl.so" ]; then SSL_LIBDIR='$(SSL_BASE)/lib' my_real_ssl_libdir="$SSL_BASE/lib" else echo "Error: Cannot find SSL library files under $SSL_BASE" 1>&2 exit 1 fi fi SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR)" SSL_LIBS="$SSL_LIBS -lssl -lcrypto" # # SSL installation type # case $SSL_BINDIR in */apps ) my_type="source tree only" ;; * ) my_type="installed package" ;; esac case $SSL_BASE in SYSTEM ) my_note="(system-wide)" ;; * ) my_note="(stand-alone)" ;; esac echo "$my_prefix SSL library type: $my_type $my_note" # # Special GCC/DSO support # # Under some platforms where GCC is used we have to link the DSO # (libssl.so) explicitly against the GCC library (libgcc) to avoid # problems with missing symbols like __umoddi3, etc. # # Notice: When GCC is installed as "cc" we assume it's really # well incorporated into the system and no hack is # needed (like on FreeBSD, Linux, etc.) # if [ ".$my_buildtype" = .DSO ]; then my_CC=`echo "$CC" | sed -e 's/ .*//'` case $my_CC in gcc|*/gcc|egcs|*/egcs|egcc|*/egcc|pgcc|*/pgcc ) gcclibdir="`$CC --print-libgcc-file-name | sed -e 's;/[^/]*$;;'`" SSL_LIBS="$SSL_LIBS -L$gcclibdir -lgcc" ;; esac fi # # adjust the Apache build environment # echo "SSL_BASE=$SSL_BASE" >>$my_outfile echo "SSL_BINDIR=$SSL_BINDIR" >>$my_outfile echo "SSL_INCDIR=$SSL_INCDIR" >>$my_outfile echo "SSL_LIBDIR=$SSL_LIBDIR" >>$my_outfile echo "SSL_PROGRAM=$SSL_PROGRAM" >>$my_outfile echo "SSL_VERSION=$SSL_VERSION" >>$my_outfile echo "SSL_CFLAGS=$SSL_CFLAGS" >>$my_outfile echo "SSL_VENDOR_OBJS=$SSL_VENDOR_OBJS" >>$my_outfile echo "SSL_VENDOR_OBJS_PIC=$SSL_VENDOR_OBJS_PIC" >>$my_outfile if [ ".$my_buildtype" = .DSO ]; then # under DSO we link ourself echo "SSL_LIBS=$SSL_LIBS" >>$my_outfile echo "SSL_LDFLAGS=$SSL_LDFLAGS" >>$my_outfile else # else we are linked with httpd LDFLAGS="$LDFLAGS $SSL_LDFLAGS" LIBS="$LIBS $SSL_LIBS" fi CFLAGS="$CFLAGS -DMOD_SSL=$A_VER_HEX" if [ ".$P_ID" != . ]; then CFLAGS="$CFLAGS -DSSL_PRODUCT=$P_VER_HEX" fi RULE_EAPI=yes ConfigEnd