From e5f755a470d127d78847eb3fd2a63f24590b3903 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 13:45:15 -0500 Subject: [PATCH 1/6] libratbox: Add checks for GnuTLS support. --- libratbox/configure.ac | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/libratbox/configure.ac b/libratbox/configure.ac index 40ce6d9e..fe642856 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -241,6 +241,25 @@ if test "$is_mingw" = "yes"; then AC_DEFINE(HAVE_WIN32, [1], [Define to 1 if you are on windows]) fi +dnl GnuTLS support +AC_MSG_CHECKING(for GnuTLS) +AC_ARG_ENABLE(gnutls, +[AC_HELP_STRING([--enable-gnutls],[Enable GnuTLS support.]) +AC_HELP_STRING([--disable-gnutls],[Disable GnuTLS support.])], +[cf_enable_gnutls=$enableval], +[cf_enable_gnutls="auto"]) + +if test "$cf_enable_gnutls" != no; then + PKG_CHECK_MODULES(GNUTLS, [gnutls], [ + CPPFLAGS="$CPPFLAGS $GNUTLS_CFLAGS" + LIBS="$LIBS $GNUTLS_LIBS" + cf_enable_gnutls="yes" + ], [cf_enable_gnutls="no"]) +fi + +if test "$cf_enable_gnutls" != no; then + AC_DEFINE(HAVE_GNUTLS, 1, [Has GNUTLS]) +fi dnl OpenSSL support AC_MSG_CHECKING(for OpenSSL) @@ -250,6 +269,11 @@ AC_HELP_STRING([--disable-openssl],[Disable OpenSSL support.])], [cf_enable_openssl=$enableval], [cf_enable_openssl="auto"]) +dnl Prefer GnuTLS over OpenSSL due to licensing issues, this could use improvement +if test "$cf_enable_gnutls" = "yes" -a "$cf_enable_openssl" = "auto"; then + cf_enable_openssl="no" +fi + if test "$cf_enable_openssl" != "no" ; then cf_openssl_basedir="" if test "$cf_enable_openssl" != "auto" && @@ -671,5 +695,6 @@ echo "IPv6 support ................... $have_v6" echo "Assert debugging ............... $assert" echo "Block allocator ................ $balloc" echo "OpenSSL ........................ $cf_enable_openssl" +echo "GnuTLS ......................... $cf_enable_gnutls" echo From 709c19516d13852721d5bd8f4564aa02d2d4ccce Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 13:45:43 -0500 Subject: [PATCH 2/6] Run autoreconf. --- libratbox/Makefile.in | 3 + libratbox/aclocal.m4 | 160 ++++++++++++- libratbox/configure | 285 +++++++++++++++++++++--- libratbox/include/libratbox_config.h.in | 3 + libratbox/src/Makefile.in | 3 + 5 files changed, 428 insertions(+), 26 deletions(-) diff --git a/libratbox/Makefile.in b/libratbox/Makefile.in index d6a8f823..051ad7de 100644 --- a/libratbox/Makefile.in +++ b/libratbox/Makefile.in @@ -104,6 +104,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ +GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ +GNUTLS_LIBS = @GNUTLS_LIBS@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -132,6 +134,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PICFLAGS = @PICFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ RB_PREFIX = @RB_PREFIX@ RM = @RM@ diff --git a/libratbox/aclocal.m4 b/libratbox/aclocal.m4 index f7b3957a..6730501e 100644 --- a/libratbox/aclocal.m4 +++ b/libratbox/aclocal.m4 @@ -21,7 +21,7 @@ To do so, use the procedure documented by the package, typically `autoreconf'.]) # libtool.m4 - Configure libtool for the host system. -*-Autoconf-*- -# serial 52 Debian 1.5.26-1 AC_PROG_LIBTOOL +# serial 52 Debian 1.5.26-4 AC_PROG_LIBTOOL # AC_PROVIDE_IFELSE(MACRO-NAME, IF-PROVIDED, IF-NOT-PROVIDED) @@ -6781,6 +6781,164 @@ AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET], | (ullmax / ull) | (ullmax % ull));]]) ]) +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# +# Copyright © 2004 Scott James Remnant . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# PKG_PROG_PKG_CONFIG([MIN-VERSION]) +# ---------------------------------- +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi + +fi[]dnl +])# PKG_PROG_PKG_CONFIG + +# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# +# Check to see whether a particular set of modules exists. Similar +# to PKG_CHECK_MODULES(), but does not set variables or print errors. +# +# +# Similar to PKG_CHECK_MODULES, make sure that the first instance of +# this or PKG_CHECK_MODULES is called, or make sure to call +# PKG_CHECK_EXISTS manually +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_ifval([$2], [$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + + +# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +# --------------------------------------------- +m4_define([_PKG_CONFIG], +[if test -n "$PKG_CONFIG"; then + if test -n "$$1"; then + pkg_cv_[]$1="$$1" + else + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], + [pkg_failed=yes]) + fi +else + pkg_failed=untried +fi[]dnl +])# _PKG_CONFIG + +# _PKG_SHORT_ERRORS_SUPPORTED +# ----------------------------- +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])# _PKG_SHORT_ERRORS_SUPPORTED + + +# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +# [ACTION-IF-NOT-FOUND]) +# +# +# Note that if there is a possibility the first call to +# PKG_CHECK_MODULES might not happen, you should be sure to include an +# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +# +# +# -------------------------------------------------------------- +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + ifelse([$4], , [AC_MSG_ERROR(dnl +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT +])], + [AC_MSG_RESULT([no]) + $4]) +elif test $pkg_failed = untried; then + ifelse([$4], , [AC_MSG_FAILURE(dnl +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .])], + [$4]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + ifelse([$3], , :, [$3]) +fi[]dnl +])# PKG_CHECK_MODULES + # Copyright (C) 2002, 2003, 2005, 2006, 2007 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation diff --git a/libratbox/configure b/libratbox/configure index 2079d221..1f19034f 100755 --- a/libratbox/configure +++ b/libratbox/configure @@ -890,6 +890,9 @@ NEED_CRYPT_TRUE NEED_CRYPT_FALSE CRYPT_LIB ALLOCA +PKG_CONFIG +GNUTLS_CFLAGS +GNUTLS_LIBS PICFLAGS SEDOBJ SSL_INCLUDES @@ -912,7 +915,10 @@ CXXFLAGS CCC CXXCPP F77 -FFLAGS' +FFLAGS +PKG_CONFIG +GNUTLS_CFLAGS +GNUTLS_LIBS' ac_subdirs_all='libltdl' # Initialize some variables set by options. @@ -1502,6 +1508,8 @@ Optional Features: optimize for fast installation [default=yes] --disable-libtool-lock avoid locking (might break parallel builds) --disable-ipv6 Disable IPv6 support + --enable-gnutls Enable GnuTLS support. + --disable-gnutls Disable GnuTLS support. --enable-openssl=DIR Enable OpenSSL support (DIR optional). --disable-openssl Disable OpenSSL support. --enable-assert Enable assert(). Choose between soft(warnings) and @@ -1532,6 +1540,10 @@ Some influential environment variables: CXXCPP C++ preprocessor F77 Fortran 77 compiler command FFLAGS Fortran 77 compiler flags + PKG_CONFIG path to pkg-config utility + GNUTLS_CFLAGS + C compiler flags for GNUTLS, overriding pkg-config + GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -5605,7 +5617,7 @@ ia64-*-hpux*) ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5608 "configure"' > conftest.$ac_ext + echo '#line 5620 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8657,11 +8669,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8660: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8672: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8664: \$? = $ac_status" >&5 + echo "$as_me:8676: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8947,11 +8959,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8950: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8962: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8954: \$? = $ac_status" >&5 + echo "$as_me:8966: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -9051,11 +9063,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:9054: $lt_compile\"" >&5) + (eval echo "\"\$as_me:9066: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:9058: \$? = $ac_status" >&5 + echo "$as_me:9070: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -11428,7 +11440,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:13944: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13936: \$? = $ac_status" >&5 + echo "$as_me:13948: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -14033,11 +14045,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:14036: $lt_compile\"" >&5) + (eval echo "\"\$as_me:14048: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:14040: \$? = $ac_status" >&5 + echo "$as_me:14052: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15631,11 +15643,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15634: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15646: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15638: \$? = $ac_status" >&5 + echo "$as_me:15650: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15735,11 +15747,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15738: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15750: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15742: \$? = $ac_status" >&5 + echo "$as_me:15754: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17955,11 +17967,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17958: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17970: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17962: \$? = $ac_status" >&5 + echo "$as_me:17974: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -18245,11 +18257,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:18248: $lt_compile\"" >&5) + (eval echo "\"\$as_me:18260: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:18252: \$? = $ac_status" >&5 + echo "$as_me:18264: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -18349,11 +18361,11 @@ else -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:18352: $lt_compile\"" >&5) + (eval echo "\"\$as_me:18364: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:18356: \$? = $ac_status" >&5 + echo "$as_me:18368: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -25874,6 +25886,221 @@ _ACEOF fi +{ echo "$as_me:$LINENO: checking for GnuTLS" >&5 +echo $ECHO_N "checking for GnuTLS... $ECHO_C" >&6; } +# Check whether --enable-gnutls was given. +if test "${enable_gnutls+set}" = set; then + enableval=$enable_gnutls; cf_enable_gnutls=$enableval +else + cf_enable_gnutls="auto" +fi + + +if test "$cf_enable_gnutls" != no; then + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { echo "$as_me:$LINENO: result: $PKG_CONFIG" >&5 +echo "${ECHO_T}$PKG_CONFIG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ echo "$as_me:$LINENO: checking for $ac_word" >&5 +echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6; } +if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done +done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { echo "$as_me:$LINENO: result: $ac_pt_PKG_CONFIG" >&5 +echo "${ECHO_T}$ac_pt_PKG_CONFIG" >&6; } +else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ echo "$as_me:$LINENO: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&5 +echo "$as_me: WARNING: In the future, Autoconf will not detect cross-tools +whose name does not start with the host triplet. If you think this +configuration is useful to you, please write to autoconf@gnu.org." >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { echo "$as_me:$LINENO: checking pkg-config is at least version $_pkg_min_version" >&5 +echo $ECHO_N "checking pkg-config is at least version $_pkg_min_version... $ECHO_C" >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + else + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + PKG_CONFIG="" + fi + +fi + +pkg_failed=no +{ echo "$as_me:$LINENO: checking for GNUTLS" >&5 +echo $ECHO_N "checking for GNUTLS... $ECHO_C" >&6; } + +if test -n "$PKG_CONFIG"; then + if test -n "$GNUTLS_CFLAGS"; then + pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS" + else + if test -n "$PKG_CONFIG" && \ + { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls\"") >&5 + ($PKG_CONFIG --exists --print-errors "gnutls") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi +if test -n "$PKG_CONFIG"; then + if test -n "$GNUTLS_LIBS"; then + pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS" + else + if test -n "$PKG_CONFIG" && \ + { (echo "$as_me:$LINENO: \$PKG_CONFIG --exists --print-errors \"gnutls\"") >&5 + ($PKG_CONFIG --exists --print-errors "gnutls") 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then + pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls" 2>/dev/null` +else + pkg_failed=yes +fi + fi +else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "gnutls"` + else + GNUTLS_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "gnutls"` + fi + # Put the nasty error message in config.log where it belongs + echo "$GNUTLS_PKG_ERRORS" >&5 + + { echo "$as_me:$LINENO: result: no" >&5 +echo "${ECHO_T}no" >&6; } + cf_enable_gnutls="no" +elif test $pkg_failed = untried; then + cf_enable_gnutls="no" +else + GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS + GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS + { echo "$as_me:$LINENO: result: yes" >&5 +echo "${ECHO_T}yes" >&6; } + + CPPFLAGS="$CPPFLAGS $GNUTLS_CFLAGS" + LIBS="$LIBS $GNUTLS_LIBS" + cf_enable_gnutls="yes" + +fi +fi + +if test "$cf_enable_gnutls" != no; then + +cat >>confdefs.h <<\_ACEOF +#define HAVE_GNUTLS 1 +_ACEOF + +fi { echo "$as_me:$LINENO: checking for OpenSSL" >&5 echo $ECHO_N "checking for OpenSSL... $ECHO_C" >&6; } @@ -25885,6 +26112,10 @@ else fi +if test "$cf_enable_gnutls" = "yes" -a "$cf_enable_openssl" = "auto"; then + cf_enable_openssl="no" +fi + if test "$cf_enable_openssl" != "no" ; then cf_openssl_basedir="" if test "$cf_enable_openssl" != "auto" && @@ -27215,6 +27446,9 @@ NEED_CRYPT_TRUE!$NEED_CRYPT_TRUE$ac_delim NEED_CRYPT_FALSE!$NEED_CRYPT_FALSE$ac_delim CRYPT_LIB!$CRYPT_LIB$ac_delim ALLOCA!$ALLOCA$ac_delim +PKG_CONFIG!$PKG_CONFIG$ac_delim +GNUTLS_CFLAGS!$GNUTLS_CFLAGS$ac_delim +GNUTLS_LIBS!$GNUTLS_LIBS$ac_delim PICFLAGS!$PICFLAGS$ac_delim SEDOBJ!$SEDOBJ$ac_delim SSL_INCLUDES!$SSL_INCLUDES$ac_delim @@ -27224,7 +27458,7 @@ LIBOBJS!$LIBOBJS$ac_delim LTLIBOBJS!$LTLIBOBJS$ac_delim _ACEOF - if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 31; then + if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 34; then break elif $ac_last_try; then { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 @@ -28135,5 +28369,6 @@ echo "IPv6 support ................... $have_v6" echo "Assert debugging ............... $assert" echo "Block allocator ................ $balloc" echo "OpenSSL ........................ $cf_enable_openssl" +echo "GnuTLS ......................... $cf_enable_gnutls" echo diff --git a/libratbox/include/libratbox_config.h.in b/libratbox/include/libratbox_config.h.in index c8c8523f..0737b7e2 100644 --- a/libratbox/include/libratbox_config.h.in +++ b/libratbox/include/libratbox_config.h.in @@ -51,6 +51,9 @@ /* Define to 1 if you have the `gmtime_r' function. */ #undef HAVE_GMTIME_R +/* Has GNUTLS */ +#undef HAVE_GNUTLS + /* Define to 1 if the system has the type `intmax_t'. */ #undef HAVE_INTMAX_T diff --git a/libratbox/src/Makefile.in b/libratbox/src/Makefile.in index fc02fa4d..f79515d4 100644 --- a/libratbox/src/Makefile.in +++ b/libratbox/src/Makefile.in @@ -112,6 +112,8 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ F77 = @F77@ FFLAGS = @FFLAGS@ +GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ +GNUTLS_LIBS = @GNUTLS_LIBS@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -140,6 +142,7 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PICFLAGS = @PICFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ RB_PREFIX = @RB_PREFIX@ RM = @RM@ From fc8711d128f72797deb0e7bae31de9a5020fe60b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 20:33:15 -0500 Subject: [PATCH 3/6] GNUTLS backend. Untested. --- TODO | 2 +- libratbox/src/Makefile.am | 1 + libratbox/src/Makefile.in | 4 +- libratbox/src/gnutls.c | 523 ++++++++++++++++++++++++++++++++++++++ libratbox/src/nossl.c | 2 +- 5 files changed, 529 insertions(+), 3 deletions(-) create mode 100644 libratbox/src/gnutls.c diff --git a/TODO b/TODO index c1aa49b7..e87cc1da 100644 --- a/TODO +++ b/TODO @@ -19,6 +19,7 @@ [x] ssl channelmode (done by extban and chm_compat) [ ] acknowledgement message for SSL users like '* *** You are connected using SSL cipher "DHE RSA-AES 128 CBC-SHA"' [ ] ssl stuff files generator in ./configure time + [ ] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too) [x] merge some stuff from ircd-seven directly (to be determined what) [x] remote d:lines support [F] kline/xline/resv sync @@ -41,4 +42,3 @@ [x] merge m_join.c and m_sjoin.c in one module (same functions, done in ratbox3) [x] create chmode.h and put there all declarations of chm_* - this will make some modules clean [?] Move oper override server WALLOPS to global server notices? - diff --git a/libratbox/src/Makefile.am b/libratbox/src/Makefile.am index 5b9db533..47ff031d 100644 --- a/libratbox/src/Makefile.am +++ b/libratbox/src/Makefile.am @@ -11,6 +11,7 @@ libratbox_la_SOURCES = \ balloc.c \ commio.c \ openssl.c \ + gnutls.c \ nossl.c \ event.c \ ratbox_lib.c \ diff --git a/libratbox/src/Makefile.in b/libratbox/src/Makefile.in index f79515d4..bf7009bc 100644 --- a/libratbox/src/Makefile.in +++ b/libratbox/src/Makefile.in @@ -55,7 +55,7 @@ libLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(lib_LTLIBRARIES) libratbox_la_DEPENDENCIES = am_libratbox_la_OBJECTS = unix.lo win32.lo crypt.lo balloc.lo \ - commio.lo openssl.lo nossl.lo event.lo ratbox_lib.lo \ + commio.lo openssl.lo gnutls.lo nossl.lo event.lo ratbox_lib.lo \ rb_memory.lo linebuf.lo snprintf.lo tools.lo helper.lo \ devpoll.lo epoll.lo poll.lo ports.lo sigio.lo select.lo \ kqueue.lo rawbuf.lo patricia.lo @@ -216,6 +216,7 @@ libratbox_la_SOURCES = \ balloc.c \ commio.c \ openssl.c \ + gnutls.c \ nossl.c \ event.c \ ratbox_lib.c \ @@ -312,6 +313,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/devpoll.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/epoll.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/event.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/helper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kqueue.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/linebuf.Plo@am__quote@ diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c new file mode 100644 index 00000000..5442bc10 --- /dev/null +++ b/libratbox/src/gnutls.c @@ -0,0 +1,523 @@ +/* + * libratbox: a library used by ircd-ratbox and other things + * gnutls.c: gnutls related code + * + * Copyright (C) 2007-2008 ircd-ratbox development team + * Copyright (C) 2007-2008 Aaron Sethman + * Copyright (C) 2008 William Pitcock + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 + * USA + * + * $Id: commio.c 24808 2008-01-02 08:17:05Z androsyn $ + */ + +#include +#include + +#ifdef HAVE_GNUTLS + +#include +#include +#include + +static gnutls_certificate_credentials_t x509_cred; +static gnutls_dh_params_t dh_params; + +void +rb_ssl_shutdown(rb_fde_t * F) +{ + if(F == NULL || F->ssl == NULL) + return; + + gnutls_bye((gnutls_session_t) F->ssl, GNUTLS_SHUT_RDWR); + gnutls_deinit((gnutls_session_t) F->ssl); +} + +static void +rb_ssl_timeout(rb_fde_t * F, void *notused) +{ + lrb_assert(F->accept != NULL); + F->accept->callback(F, RB_ERR_TIMEOUT, NULL, 0, F->accept->data); +} + +static void +rb_ssl_tryaccept(rb_fde_t * F, void *data) +{ + int ssl_err; + lrb_assert(F->accept != NULL); + int flags; + struct acceptdata *ad; + + if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0) + { + switch (ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + if(gnutls_record_get_direction((gnutls_session_t) F->ssl)) + flags = RB_SELECT_WRITE; + else + flags = RB_SELECT_READ; + + F->ssl_errno = ssl_err; + rb_setselect(F, flags, rb_ssl_tryaccept, NULL); + return; + } + break; + default: + F->ssl_errno = ssl_err; + F->accept->callback(F, RB_ERROR_SSL, NULL, 0, F->accept->data); + break; + } + return; + } + rb_settimeout(F, 0, NULL, NULL); + rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL); + + ad = F->accept; + F->accept = NULL; + ad->callback(F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen, + ad->data); + rb_free(ad); +} + +void +rb_ssl_start_accepted(rb_fde_t * new_F, ACCB * cb, void *data, int timeout) +{ + gnutls_session_t sess; + int ssl_err; + + new_F->type |= RB_FD_SSL; + + gnutls_init(&sess, GNUTLS_SERVER); + gnutls_set_default_priority(sess); + gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_dh_set_prime_bits(sess, 1024); + gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); + + new_F->ssl = sess; + + new_F->accept = rb_malloc(sizeof(struct acceptdata)); + + new_F->accept->callback = cb; + new_F->accept->data = data; + rb_settimeout(new_F, timeout, rb_ssl_timeout, NULL); + + new_F->accept->addrlen = 0; + + gnutls_transport_set_ptr((gnutls_session_t) new_F->ssl, (gnutls_transport_ptr_t) rb_get_fd(new_F)); + + if((ssl_err = gnutls_handshake((gnutls_session_t) new_F->ssl)) != 0) + { + switch(ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + int flags; + + if(gnutls_record_get_direction((gnutls_session_t) new_F->ssl)) + flags = RB_SELECT_WRITE; + else + flags = RB_SELECT_READ; + + new_F->ssl_errno = ssl_err; + rb_setselect(new_F, flags, rb_ssl_tryaccept, NULL); + return; + } + break; + default: + new_F->ssl_errno = ssl_err; + new_F->accept->callback(new_F, RB_ERROR_SSL, NULL, 0, new_F->accept->data); + return; + } + } + else + { + struct acceptdata *ad; + + rb_settimeout(new_F, 0, NULL, NULL); + rb_setselect(new_F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL); + + ad = new_F->accept; + new_F->accept = NULL; + ad->callback(new_F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen, + ad->data); + rb_free(ad); + } +} + +void +rb_ssl_accept_setup(rb_fde_t * F, int new_fd, struct sockaddr *st, int addrlen) +{ + gnutls_session_t sess; + rb_fde_t *new_F; + int ssl_err; + + new_F = rb_find_fd(new_fd); + + gnutls_init(&sess, GNUTLS_SERVER); + gnutls_set_default_priority(sess); + gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_dh_set_prime_bits(sess, 1024); + gnutls_certificate_server_set_request(sess, GNUTLS_CERT_REQUEST); + + new_F->type |= RB_FD_SSL; + new_F->accept = rb_malloc(sizeof(struct acceptdata)); + + new_F->accept->callback = F->accept->callback; + new_F->accept->data = F->accept->data; + rb_settimeout(new_F, 10, rb_ssl_timeout, NULL); + memcpy(&new_F->accept->S, st, addrlen); + new_F->accept->addrlen = addrlen; + + gnutls_transport_set_ptr((gnutls_session_t) new_F->ssl, (gnutls_transport_ptr_t) rb_get_fd(new_F)); + if((ssl_err = gnutls_handshake((gnutls_session_t) new_F->ssl)) != 0) + { + switch(ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + int flags; + + if(gnutls_record_get_direction((gnutls_session_t) new_F->ssl)) + flags = RB_SELECT_WRITE; + else + flags = RB_SELECT_READ; + + new_F->ssl_errno = ssl_err; + rb_setselect(new_F, flags, rb_ssl_tryaccept, NULL); + return; + } + break; + default: + new_F->ssl_errno = ssl_err; + new_F->accept->callback(new_F, RB_ERROR_SSL, NULL, 0, new_F->accept->data); + return; + } + } + else + { + struct acceptdata *ad; + + rb_settimeout(new_F, 0, NULL, NULL); + rb_setselect(new_F, RB_SELECT_READ | RB_SELECT_WRITE, NULL, NULL); + + ad = new_F->accept; + new_F->accept = NULL; + ad->callback(new_F, RB_OK, (struct sockaddr *) &ad->S, ad->addrlen, + ad->data); + rb_free(ad); + } +} + +static ssize_t +rb_ssl_read_or_write(int r_or_w, rb_fde_t * F, void *rbuf, const void *wbuf, size_t count) +{ + ssize_t ret; + unsigned long err; + gnutls_session_t ssl = F->ssl; + + if(r_or_w == 0) + ret = gnutls_record_recv(ssl, rbuf, count); + else + ret = gnutls_record_send(ssl, wbuf, count); + + if(ret < 0) + { + switch (ret) + { + case GNUTLS_E_AGAIN: + errno = EAGAIN; + if (gnutls_record_get_direction(ssl)) + return RB_RW_SSL_NEED_WRITE; + else + return RB_RW_SSL_NEED_READ; + case GNUTLS_E_INTERRUPTED: + err = ret; + if(err == 0) + { + F->ssl_errno = 0; + return RB_RW_IO_ERROR; + } + break; + default: + err = ret; + break; + } + F->ssl_errno = err; + if(err > 0) + { + errno = EIO; /* not great but... */ + return RB_RW_SSL_ERROR; + } + return RB_RW_IO_ERROR; + } + return ret; +} + +ssize_t +rb_ssl_read(rb_fde_t * F, void *buf, size_t count) +{ + return rb_ssl_read_or_write(0, F, buf, NULL, count); +} + +ssize_t +rb_ssl_write(rb_fde_t * F, const void *buf, size_t count) +{ + return rb_ssl_read_or_write(1, F, NULL, buf, count); +} + +int +rb_init_ssl(void) +{ + int ret = 1, g_ret; + + gnutls_global_init(); + + if((g_ret = gnutls_dh_params_generate2(dh_params, 1024)) < 0) + { + rb_lib_log("rb_init_gnutls: Failed to generate GNUTLS DH params: %s", gnutls_strerror(g_ret)); + ret = 0; + } + + gnutls_certificate_set_dh_params(x509_cred, dh_params); + + return ret; +} + +int +rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile) +{ + int ret = 0; + + if((ret = gnutls_certificate_set_x509_key_file(x509_cred, cert, keyfile, GNUTLS_X509_FMT_PEM)) < 0) + { + rb_lib_log("rb_setup_ssl_server: Setting x509 keys up failed: %s", gnutls_strerror(ret)); + return 0; + } + + return 1; +} + +int +rb_ssl_listen(rb_fde_t * F, int backlog) +{ + F->type = RB_FD_SOCKET | RB_FD_LISTEN | RB_FD_SSL; + return listen(F->fd, backlog); +} + +struct ssl_connect +{ + CNCB *callback; + void *data; + int timeout; +}; + +static void +rb_ssl_connect_realcb(rb_fde_t * F, int status, struct ssl_connect *sconn) +{ + F->connect->callback = sconn->callback; + F->connect->data = sconn->data; + rb_free(sconn); + rb_connect_callback(F, status); +} + +static void +rb_ssl_tryconn_timeout_cb(rb_fde_t * F, void *data) +{ + rb_ssl_connect_realcb(F, RB_ERR_TIMEOUT, data); +} + +static void +rb_ssl_tryconn_cb(rb_fde_t * F, void *data) +{ + struct ssl_connect *sconn = data; + int ssl_err; + + if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0) + { + switch (ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + F->ssl_errno = ssl_err; + rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, + rb_ssl_tryconn_cb, sconn); + return; + } + default: + F->ssl_errno = ssl_err; + rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn); + return; + } + } + else + { + rb_ssl_connect_realcb(F, RB_OK, sconn); + } +} + +static void +rb_ssl_tryconn(rb_fde_t * F, int status, void *data) +{ + gnutls_session_t sess; + struct ssl_connect *sconn = data; + int ssl_err; + + if(status != RB_OK) + { + rb_ssl_connect_realcb(F, status, sconn); + return; + } + + F->type |= RB_FD_SSL; + + gnutls_init(&sess, GNUTLS_CLIENT); + gnutls_set_default_priority(sess); + gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_dh_set_prime_bits(sess, 1024); + gnutls_transport_set_ptr(sess, (gnutls_transport_ptr_t) F->fd); + + F->ssl = sess; + + rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); + if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0) + { + switch (ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + F->ssl_errno = ssl_err; + rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, + rb_ssl_tryconn_cb, sconn); + return; + } + default: + F->ssl_errno = ssl_err; + rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn); + return; + } + } + else + { + rb_ssl_connect_realcb(F, RB_OK, sconn); + } +} + +void +rb_connect_tcp_ssl(rb_fde_t * F, struct sockaddr *dest, + struct sockaddr *clocal, int socklen, CNCB * callback, void *data, int timeout) +{ + struct ssl_connect *sconn; + if(F == NULL) + return; + + sconn = rb_malloc(sizeof(struct ssl_connect)); + sconn->data = data; + sconn->callback = callback; + sconn->timeout = timeout; + rb_connect_tcp(F, dest, clocal, socklen, rb_ssl_tryconn, sconn, timeout); +} + +void +rb_ssl_start_connected(rb_fde_t * F, CNCB * callback, void *data, int timeout) +{ + gnutls_session_t sess; + struct ssl_connect *sconn; + int ssl_err; + if(F == NULL) + return; + + sconn = rb_malloc(sizeof(struct ssl_connect)); + sconn->data = data; + sconn->callback = callback; + sconn->timeout = timeout; + F->connect = rb_malloc(sizeof(struct conndata)); + F->connect->callback = callback; + F->connect->data = data; + F->type |= RB_FD_SSL; + + gnutls_init(&sess, GNUTLS_CLIENT); + gnutls_set_default_priority(sess); + gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_dh_set_prime_bits(sess, 1024); + gnutls_transport_set_ptr(sess, (gnutls_transport_ptr_t) F->fd); + + F->ssl = sess; + + rb_settimeout(F, sconn->timeout, rb_ssl_tryconn_timeout_cb, sconn); + if((ssl_err = gnutls_handshake((gnutls_session_t) F->ssl)) != 0) + { + switch (ssl_err) + { + case GNUTLS_E_INTERRUPTED: + if(rb_ignore_errno(errno)) + case GNUTLS_E_AGAIN: + { + F->ssl_errno = ssl_err; + rb_setselect(F, RB_SELECT_READ | RB_SELECT_WRITE, + rb_ssl_tryconn_cb, sconn); + return; + } + default: + F->ssl_errno = ssl_err; + rb_ssl_connect_realcb(F, RB_ERROR_SSL, sconn); + return; + } + } + else + { + rb_ssl_connect_realcb(F, RB_OK, sconn); + } +} + +/* XXX: implement me */ +int +rb_init_prng(const char *path, prng_seed_t seed_type) +{ + return -1; +} + +int +rb_get_random(void *buf, size_t length) +{ + return -1; +} + + +const char * +rb_get_ssl_strerror(rb_fde_t * F) +{ + return gnutls_strerror(F->ssl_errno); +} + +int +rb_supports_ssl(void) +{ + return 1; +} + +#endif /* HAVE_GNUTLS */ diff --git a/libratbox/src/nossl.c b/libratbox/src/nossl.c index 1dd8deae..c27a0c76 100644 --- a/libratbox/src/nossl.c +++ b/libratbox/src/nossl.c @@ -27,7 +27,7 @@ #include #include -#ifndef HAVE_OPENSSL +#if !defined(HAVE_OPENSSL) && !defined(HAVE_GNUTLS) #include #include From f17c2ef84ce52036b652c505547312e989a12651 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 21:24:49 -0500 Subject: [PATCH 4/6] Make sure x509_cred and dh_params objects are allocated. --- libratbox/src/gnutls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libratbox/src/gnutls.c b/libratbox/src/gnutls.c index 5442bc10..15eb4f52 100644 --- a/libratbox/src/gnutls.c +++ b/libratbox/src/gnutls.c @@ -293,6 +293,9 @@ rb_init_ssl(void) gnutls_global_init(); + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_dh_params_init(&dh_params); + if((g_ret = gnutls_dh_params_generate2(dh_params, 1024)) < 0) { rb_lib_log("rb_init_gnutls: Failed to generate GNUTLS DH params: %s", gnutls_strerror(g_ret)); From af240db72b5f4aea98d6ff648021bedace144167 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 22:02:10 -0500 Subject: [PATCH 5/6] Add libratbox.pc.in for out-of-tree libratbox build (think: packaging). --- libratbox/Makefile.am | 3 +++ libratbox/configure.ac | 10 +++++----- libratbox/libratbox.pc.in | 14 ++++++++++++++ 3 files changed, 22 insertions(+), 5 deletions(-) create mode 100644 libratbox/libratbox.pc.in diff --git a/libratbox/Makefile.am b/libratbox/Makefile.am index 15ea2b31..059cd80c 100644 --- a/libratbox/Makefile.am +++ b/libratbox/Makefile.am @@ -1,3 +1,6 @@ AUTOMAKE_OPTIONS = foreign SUBDIRS = src + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libratbox.pc diff --git a/libratbox/configure.ac b/libratbox/configure.ac index fe642856..45f6940f 100644 --- a/libratbox/configure.ac +++ b/libratbox/configure.ac @@ -675,11 +675,11 @@ fi ) - -AC_CONFIG_FILES( \ - src/Makefile \ - Makefile \ -) +AC_CONFIG_FILES([ + src/Makefile + Makefile + libratbox.pc +]) AC_OUTPUT diff --git a/libratbox/libratbox.pc.in b/libratbox/libratbox.pc.in new file mode 100644 index 00000000..16c4aacd --- /dev/null +++ b/libratbox/libratbox.pc.in @@ -0,0 +1,14 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +data_dir=@datadir@/@PACKAGE_NAME@ + +version=@PACKAGE_VERSION@ +include_dir=@includedir@/libratbox +lib_dir=@libdir@ + +Name: libratbox +Description: Portable runtime for ircd-ratbox and other things +Version: @PACKAGE_VERSION@ +Libs: -L${lib_dir} -lratbox +Cflags: -I${include_dir} From c617c321a2e42b50d516955130ebf20358cb7838 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Tue, 10 Jun 2008 22:06:54 -0500 Subject: [PATCH 6/6] Set SONAME to libratbox.so.3. (Again, packaging. Yeah. We know.) --- libratbox/src/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libratbox/src/Makefile.am b/libratbox/src/Makefile.am index 47ff031d..bc084991 100644 --- a/libratbox/src/Makefile.am +++ b/libratbox/src/Makefile.am @@ -31,7 +31,7 @@ libratbox_la_SOURCES = \ patricia.c -libratbox_la_LDFLAGS = -avoid-version -no-undefined -export-symbols export-syms.txt +libratbox_la_LDFLAGS = -version-info 3:0:0 -no-undefined -export-symbols export-syms.txt libratbox_la_LIBADD = @CRYPT_LIB@ @SSL_LIBS@ lib_LTLIBRARIES = libratbox.la