diff --git a/ChangeLog b/ChangeLog index f690a35b3..b8adeba3d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ +2001-12-04 Richard Frith-Macdonald + + * Source/GNUmakefile: Add flags for SSL and rules to build bundle + * Source/GSHTTPURLHandle.m: use +sslClass + * Source/GSUnixSSLHandle.m: Extract SSL support for bundle to this file. + * Source/Makefile.preamble: Add flags for SSL + * Source/NSFileHandle.m: Add +sslClass and automated loading of bundle + * Source/UnixFileHandle.m: Remove SSL support. + * Headers/gnustep/base/NSFileHandle.h: Add +sslClass + * Headers/gnustep/base/UnixFileHandle.h: Tidy a little. + * config.mak.in: Add variables needed by SSL bundle + * configure.in: Update to build SSL bundle by default. + * configure: regenerated + The above changes made to move SSL support into a bundle and add a + +sslClass to NSFileHandle to return the class from the bundle if it + is available. Changed the http url handle support to use this. + 2001-12-04 Richard Frith-Macdonald * Source/NSValue.m: polish last set of changes - diff --git a/Headers/gnustep/base/NSFileHandle.h b/Headers/gnustep/base/NSFileHandle.h index 12d777308..2b6aff8ed 100644 --- a/Headers/gnustep/base/NSFileHandle.h +++ b/Headers/gnustep/base/NSFileHandle.h @@ -140,7 +140,7 @@ GS_EXPORT NSString* NSFileHandleOperationException; @end /* - * Where OpenSSL is available, you can use the GSUnixSSLHandle subclass + * Where OpenSSL is available, you can use the subclass returned by +sslClass * to handle SSL connections. * The -sslConnect method is used to do SSL handlshake and start an * encrypted session. @@ -148,8 +148,8 @@ GS_EXPORT NSString* NSFileHandleOperationException; * The -sslSetCertificate:privateKey:PEMpasswd: method is used to * establish a client certificate before starting an encrypted session. */ -@class GSUnixSSLHandle; @interface NSFileHandle (GNUstepOpenSSL) ++ (Class) sslClass; - (BOOL) sslConnect; - (void) sslDisconnect; - (void) sslSetCertificate: (NSString*)certFile diff --git a/Headers/gnustep/base/UnixFileHandle.h b/Headers/gnustep/base/UnixFileHandle.h index 5b3adbd9f..21051178d 100644 --- a/Headers/gnustep/base/UnixFileHandle.h +++ b/Headers/gnustep/base/UnixFileHandle.h @@ -91,12 +91,11 @@ type: (RunLoopEventType)type extra: (void*)extra forMode: (NSString*)mode; +- (void) setAddr: (struct sockaddr_in *)sin; - (NSDate*) timedOutEvent: (void*)data type: (RunLoopEventType)type forMode: (NSString*)mode; -#ifndef NO_GNUSTEP - (BOOL) useCompression; -#endif - (void) watchReadDescriptorForModes: (NSArray*)modes; - (void) watchWriteDescriptor; diff --git a/Source/GNUmakefile b/Source/GNUmakefile index c1ccb9a41..1955149dc 100644 --- a/Source/GNUmakefile +++ b/Source/GNUmakefile @@ -40,6 +40,21 @@ LIBRARY_VAR = GNUSTEP_BASE # The library to be compiled LIBRARY_NAME=libgnustep-base +ifeq ($(HAVE_OPENSSL), yes) + +# The bundles to be compiled +BUNDLE_NAME=SSL + +# The bundle Objective-C source files to be compiled +SSL_OBJC_FILES = GSUnixSSLHandle.m + +# The principal class in the bundle +SSL_PRINCIPAL_CLASS = GSUnixSSLHandle + +SSL_BUNDLE_LIBS = $(SSLLIBS) + +endif + # GNUSTEP_INSTALL_PREFIX must be defined here and not in config.h because # the installing person may set it on the `make' command line. @@ -413,5 +428,6 @@ libgnustep-base_HEADER_FILES = $(FOUNDATION_HEADERS) -include GNUmakefile.local include $(GNUSTEP_MAKEFILES)/library.make +include $(GNUSTEP_MAKEFILES)/bundle.make -include Makefile.postamble diff --git a/Source/GSHTTPURLHandle.m b/Source/GSHTTPURLHandle.m index c9fcde33a..18a83460f 100644 --- a/Source/GSHTTPURLHandle.m +++ b/Source/GSHTTPURLHandle.m @@ -81,6 +81,8 @@ char emp[64] = { static NSMutableDictionary *urlCache = nil; static NSLock *urlLock = nil; +static Class sslClass = 0; + static NSLock *debugLock = nil; static char debugFile[128]; @@ -143,6 +145,9 @@ static void debugWrite(NSData *data) urlLock = [NSLock new]; debugLock = [NSLock new]; sprintf(debugFile, "/tmp/GSHTTP.%d", getpid()); +#ifndef __MINGW__ + sslClass = [NSFileHandle sslClass]; +#endif } } @@ -307,12 +312,16 @@ static void debugWrite(NSData *data) { if ([[url scheme] isEqualToString: @"https"]) { -#ifndef __MINGW__ - sock = [GSUnixSSLHandle + if (sslClass == 0) + { + [self backgroundLoadDidFailWithReason: + @"https not supported ... needs SSL bundle"]; + return; + } + sock = [sslClass fileHandleAsClientInBackgroundAtAddress: [url host] service: [url scheme] protocol: @"tcp"]; -#endif } else { @@ -330,14 +339,18 @@ static void debugWrite(NSData *data) } if ([[url scheme] isEqualToString: @"https"]) { -#ifndef __MINGW__ - sock = [GSUnixSSLHandle + if (sslClass == 0) + { + [self backgroundLoadDidFailWithReason: + @"https not supported ... needs SSL bundle"]; + return; + } + sock = [sslClass fileHandleAsClientInBackgroundAtAddress: [request objectForKey: GSHTTPPropertyProxyHostKey] service: [request objectForKey: GSHTTPPropertyProxyPortKey] protocol: @"tcp"]; -#endif } else { diff --git a/Source/GSUnixSSLHandle.m b/Source/GSUnixSSLHandle.m new file mode 100644 index 000000000..8b5525748 --- /dev/null +++ b/Source/GSUnixSSLHandle.m @@ -0,0 +1,619 @@ +/* Implementation for GSUnixSSLHandle for GNUStep + Copyright (C) 1997-1999 Free Software Foundation, Inc. + + Written by: Richard Frith-Macdonald + Date: 1997 + + This file is part of the GNUstep Base Library. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA. + */ + + +#include + + /* Because openssl uses `id' as variable name sometime, + while it is an Objective-C reserved keyword. */ + #define id id_x_ + #include + #undef id + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if defined(__MINGW__) +#include +#else +#include +#include +#include +#include +#include +#include +#include +#endif /* __MINGW__ */ + +#include +#include +#include +#include +#ifdef __svr4__ +#include +#endif +#include +#include +#include +#include + +// Maximum data in single I/O operation +#define NETBUF_SIZE 4096 + +// Key to info dictionary for operation mode. +static NSString* NotificationKey = @"NSFileHandleNotificationKey"; + + + +@interface GSUnixSSLHandle : UnixFileHandle +{ + SSL_CTX *ctx; + SSL *ssl; + BOOL connected; +} +- (BOOL) sslConnect; +- (void) sslDisconnect; +- (void) sslSetCertificate: (NSString*)certFile + privateKey: (NSString*)privateKey + PEMpasswd: (NSString*)PEMpasswd; +@end + +@implementation GSUnixSSLHandle ++ (void) initialize +{ + if (self == [GSUnixSSLHandle class]) + { + SSL_library_init(); + } +} + +- (NSData*) availableData +{ + char buf[NETBUF_SIZE]; + NSMutableData *d; + int len; + + [self checkRead]; + if (isNonBlocking == YES) + [self setNonBlocking: NO]; + d = [NSMutableData dataWithCapacity: 0]; + if (isStandardFile) + { + while ((len = read(descriptor, buf, sizeof(buf))) > 0) + { + [d appendBytes: buf length: len]; + } + } + else + { + if (connected) + { + if ((len = SSL_read(ssl, buf, sizeof(buf))) > 0) + { + [d appendBytes: buf length: len]; + } + } + else + { + if ((len = read(descriptor, buf, sizeof(buf))) > 0) + { + [d appendBytes: buf length: len]; + } + } + } + if (len < 0) + { + [NSException raise: NSFileHandleOperationException + format: @"unable to read from descriptor - %s", + GSLastErrorStr(errno)]; + } + return d; +} + +- (void) closeFile +{ + [self sslDisconnect]; + [super closeFile]; +} + +- (void) gcFinalize +{ + [self sslDisconnect]; + [super gcFinalize]; +} + +- (NSData*) readDataOfLength: (unsigned)len +{ + NSMutableData *d; + int got; + + [self checkRead]; + if (isNonBlocking == YES) + [self setNonBlocking: NO]; + if (len <= 65536) + { + char *buf; + + buf = NSZoneMalloc(NSDefaultMallocZone(), len); + d = [NSMutableData dataWithBytesNoCopy: buf length: len]; + if ((got = SSL_read(ssl, [d mutableBytes], len)) < 0) + { + [NSException raise: NSFileHandleOperationException + format: @"unable to read from descriptor - %s", + GSLastErrorStr(errno)]; + } + [d setLength: got]; + } + else + { + char buf[NETBUF_SIZE]; + + d = [NSMutableData dataWithCapacity: 0]; + do + { + int chunk = len > sizeof(buf) ? sizeof(buf) : len; + + if (connected) + { + got = SSL_read(ssl, buf, chunk); + } + else + { + got = read(descriptor, buf, chunk); + } + if (got > 0) + { + [d appendBytes: buf length: got]; + len -= got; + } + else if (got < 0) + { + [NSException raise: NSFileHandleOperationException + format: @"unable to read from descriptor - %s", + GSLastErrorStr(errno)]; + } + } + while (len > 0 && got > 0); + } + return d; +} + +- (NSData*) readDataToEndOfFile +{ + char buf[NETBUF_SIZE]; + NSMutableData *d; + int len; + + [self checkRead]; + if (isNonBlocking == YES) + [self setNonBlocking: NO]; + d = [NSMutableData dataWithCapacity: 0]; + if (connected) + { + while ((len = SSL_read(ssl, buf, sizeof(buf))) > 0) + { + [d appendBytes: buf length: len]; + } + } + else + { + while ((len = read(descriptor, buf, sizeof(buf))) > 0) + { + [d appendBytes: buf length: len]; + } + } + if (len < 0) + { + [NSException raise: NSFileHandleOperationException + format: @"unable to read from descriptor - %s", + GSLastErrorStr(errno)]; + } + return d; +} + +- (void) receivedEvent: (void*)data + type: (RunLoopEventType)type + extra: (void*)extra + forMode: (NSString*)mode +{ + NSString *operation; + + if (isNonBlocking == NO) + [self setNonBlocking: YES]; + if (type == ET_RDESC) + { + operation = [readInfo objectForKey: NotificationKey]; + if (operation == NSFileHandleConnectionAcceptedNotification) + { + struct sockaddr_in buf; + int desc; + int blen = sizeof(buf); + + desc = accept(descriptor, (struct sockaddr*)&buf, &blen); + if (desc < 0) + { + NSString *s; + + s = [NSString stringWithFormat: @"Accept attempt failed - %s", + GSLastErrorStr(errno)]; + [readInfo setObject: s forKey: GSFileHandleNotificationError]; + } + else + { // Accept attempt completed. + UnixFileHandle *h; + struct sockaddr_in sin; + int size = sizeof(sin); + + h = [[GSUnixSSLHandle alloc] initWithFileDescriptor: desc + closeOnDealloc: YES]; + getpeername(desc, (struct sockaddr*)&sin, &size); + [h setAddr: &sin]; + [readInfo setObject: h + forKey: NSFileHandleNotificationFileHandleItem]; + RELEASE(h); + } + [self postReadNotification]; + } + else if (operation == NSFileHandleDataAvailableNotification) + { + [self postReadNotification]; + } + else + { + NSMutableData *item; + int length; + int received = 0; + char buf[NETBUF_SIZE]; + + item = [readInfo objectForKey: NSFileHandleNotificationDataItem]; + length = [item length]; + + if (connected) + { + received = SSL_read(ssl, buf, sizeof(buf)); + } + else + { + received = read(descriptor, buf, sizeof(buf)); + } + if (received == 0) + { // Read up to end of file. + [self postReadNotification]; + } + else if (received < 0) + { + if (errno != EAGAIN && errno != EINTR) + { + NSString *s; + + s = [NSString stringWithFormat: @"Read attempt failed - %s", + GSLastErrorStr(errno)]; + [readInfo setObject: s forKey: GSFileHandleNotificationError]; + [self postReadNotification]; + } + } + else + { + [item appendBytes: buf length: received]; + if (operation == NSFileHandleReadCompletionNotification) + { + // Read a single chunk of data + [self postReadNotification]; + } + } + } + } + else if (type == ET_WDESC) + { + NSMutableDictionary *info; + + info = [writeInfo objectAtIndex: 0]; + operation = [info objectForKey: NotificationKey]; + if (operation == GSFileHandleWriteCompletionNotification) + { + NSData *item; + int length; + const void *ptr; + + item = [info objectForKey: NSFileHandleNotificationDataItem]; + length = [item length]; + ptr = [item bytes]; + if (writePos < length) + { + int written; + + if (connected) + { + written = SSL_write(ssl, (char*)ptr + writePos, + length - writePos); + } + else + { + written = write(descriptor, (char*)ptr + writePos, + length - writePos); + } + if (written <= 0) + { + if (written < 0 && errno != EAGAIN && errno != EINTR) + { + NSString *s; + + s = [NSString stringWithFormat: + @"Write attempt failed - %s", GSLastErrorStr(errno)]; + [info setObject: s forKey: GSFileHandleNotificationError]; + [self postWriteNotification]; + } + } + else + { + writePos += written; + } + } + if (writePos >= length) + { // Write operation completed. + [self postWriteNotification]; + } + } + else + { // Connection attempt completed. + int result; + int len = sizeof(result); + + if (getsockopt(descriptor, SOL_SOCKET, SO_ERROR, + (char*)&result, &len) == 0 && result != 0) + { + NSString *s; + + s = [NSString stringWithFormat: @"Connect attempt failed - %s", + GSLastErrorStr(result)]; + [info setObject: s forKey: GSFileHandleNotificationError]; + } + else + { + readOK = YES; + writeOK = YES; + } + connectOK = NO; + [self postWriteNotification]; + } + } +} + +- (BOOL) sslConnect +{ + int ret; + int err; + NSRunLoop *loop; + + if (connected == YES) + { + return YES; /* Already connected. */ + } + if (isStandardFile == YES) + { + NSLog(@"Attempt to make ssl connection to a standard file"); + return NO; + } + + /* + * Ensure we have a context and handle to connect with. + */ + if (ctx == 0) + { + ctx = SSL_CTX_new(SSLv23_client_method()); + } + if (ssl == 0) + { + ssl = SSL_new(ctx); + } + + ret = SSL_set_fd(ssl, descriptor); + loop = [NSRunLoop currentRunLoop]; + [loop runUntilDate: [NSDate dateWithTimeIntervalSinceNow: 0.01]]; + ret = SSL_connect(ssl); + if (ret != 1) + { + int e = errno; + NSDate *final; + NSDate *when; + NSTimeInterval last = 0.0; + NSTimeInterval limit = 0.1; + + final = [[NSDate alloc] initWithTimeIntervalSinceNow: 20.0]; + when = [NSDate alloc]; + + err = SSL_get_error(ssl, ret); + while ((err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) + && [final timeIntervalSinceNow] > 0.0) + { + NSTimeInterval tmp = limit; + + limit += last; + last = tmp; + when = [when initWithTimeIntervalSinceNow: limit]; + [loop runUntilDate: when]; + ret = SSL_connect(ssl); + if (ret != 1) + { + e = errno; + err = SSL_get_error(ssl, ret); + } + else + { + err = SSL_ERROR_NONE; + } + } + RELEASE(when); + RELEASE(final); + if (err != SSL_ERROR_NONE) + { + NSString *str; + + switch (err) + { + case SSL_ERROR_NONE: + str = @"No error: really helpful"; + break; + case SSL_ERROR_ZERO_RETURN: + str = @"Zero Return error"; + break; + case SSL_ERROR_WANT_READ: + str = @"Want Read Error"; + break; + case SSL_ERROR_WANT_WRITE: + str = @"Want Write Error"; + break; + case SSL_ERROR_WANT_X509_LOOKUP: + str = @"Want X509 Lookup Error"; + break; + case SSL_ERROR_SYSCALL: + str = [NSString stringWithFormat: @"Syscall error %d - %s", + e, GSLastErrorStr(e)]; + break; + case SSL_ERROR_SSL: + str = @"SSL Error: really helpful"; + break; + default: + str = @"Standard Unix Error: really helpful"; + break; + } + NSLog(@"unable to make SSL connection to %@:%@ - %@", + address, service, str); + return NO; + } + } + connected = YES; + return YES; +} + +- (void) sslDisconnect +{ + if (ssl != 0) + { + if (connected == YES) + { + SSL_shutdown(ssl); + } + SSL_clear(ssl); + SSL_free(ssl); + ssl = 0; + } + if (ctx != 0) + { + SSL_CTX_free(ctx); + ctx = 0; + } + connected = NO; +} + +- (void) sslSetCertificate: (NSString*)certFile + privateKey: (NSString*)privateKey + PEMpasswd: (NSString*)PEMpasswd +{ + if (isStandardFile == YES) + { + NSLog(@"Attempt to set ssl certificate for a standard file"); + return; + } + /* + * Ensure we have a context to set the certificate for. + */ + if (ctx == 0) + { + ctx = SSL_CTX_new(SSLv23_client_method()); + } + if ([PEMpasswd length] > 0) + { + SSL_CTX_set_default_passwd_cb_userdata(ctx, (char*)[PEMpasswd cString]); + } + if ([certFile length] > 0) + { + SSL_CTX_use_certificate_file(ctx, [certFile cString], X509_FILETYPE_PEM); + } + if ([privateKey length] > 0) + { + SSL_CTX_use_PrivateKey_file(ctx, [privateKey cString], X509_FILETYPE_PEM); + } +} + +- (void) writeData: (NSData*)item +{ + int rval = 0; + const void *ptr = [item bytes]; + unsigned int len = [item length]; + unsigned int pos = 0; + + [self checkWrite]; + if (isNonBlocking == YES) + { + [self setNonBlocking: NO]; + } + while (pos < len) + { + int toWrite = len - pos; + + if (toWrite > NETBUF_SIZE) + { + toWrite = NETBUF_SIZE; + } + if (connected) + { + rval = SSL_write(ssl, (char*)ptr+pos, toWrite); + } + else + { + rval = write(descriptor, (char*)ptr+pos, toWrite); + } + if (rval < 0) + { + if (errno == EAGAIN == errno == EINTR) + { + rval = 0; + } + else + { + break; + } + } + pos += rval; + } + if (rval < 0) + { + [NSException raise: NSFileHandleOperationException + format: @"unable to write to descriptor - %s", + GSLastErrorStr(errno)]; + } +} +@end + diff --git a/Source/Makefile.preamble b/Source/Makefile.preamble index 4126a387e..3aba2f298 100644 --- a/Source/Makefile.preamble +++ b/Source/Makefile.preamble @@ -42,7 +42,7 @@ ADDITIONAL_CPPFLAGS = $(DEFS) $(CONFIG_SYSTEM_DEFS) -Wall # Additional flags to pass to the Objective-C compiler -ADDITIONAL_OBJCFLAGS = +ADDITIONAL_OBJCFLAGS = $(SSLFLAGS) # Additional flags to pass to the C compiler ADDITIONAL_CFLAGS = diff --git a/Source/NSFileHandle.m b/Source/NSFileHandle.m index 0f8451e02..44e68631d 100644 --- a/Source/NSFileHandle.m +++ b/Source/NSFileHandle.m @@ -27,6 +27,8 @@ #include #include #include +#include +#include #ifdef __MINGW__ #include #else @@ -35,10 +37,11 @@ static Class NSFileHandle_abstract_class = nil; static Class NSFileHandle_concrete_class = nil; +static Class NSFileHandle_ssl_class = nil; @implementation NSFileHandle -+ (void)initialize ++ (void) initialize { if (self == [NSFileHandle class]) { @@ -47,6 +50,17 @@ static Class NSFileHandle_concrete_class = nil; NSFileHandle_concrete_class = [WindowsFileHandle class]; #else NSFileHandle_concrete_class = [UnixFileHandle class]; + { + NSBundle *bundle; + NSString *path; + + path = [NSSearchPathForDirectoriesInDomains(NSLibraryDirectory, + NSSystemDomainMask, NO) lastObject]; + path = [path stringByAppendingPathComponent: @"Bundles"]; + path = [path stringByAppendingPathComponent: @"SSL.bundle"]; + bundle = [NSBundle bundleWithPath: path]; + NSFileHandle_ssl_class = [bundle principalClass]; + } #endif } } @@ -338,6 +352,11 @@ NSString* NSFileHandleOperationException = protocol: protocol]); } ++ (Class) sslClass +{ + return NSFileHandle_ssl_class; +} + - (BOOL) readInProgress { [self subclassResponsibility: _cmd]; diff --git a/Source/UnixFileHandle.m b/Source/UnixFileHandle.m index 23589a91a..676e75322 100644 --- a/Source/UnixFileHandle.m +++ b/Source/UnixFileHandle.m @@ -24,14 +24,6 @@ #include -#if HAVE_OPENSSL - /* Because openssl uses `id' as variable name sometime, - while it is an Objective-C reserved keyword. */ - #define id id_x_ - #include - #undef id -#endif - #include #include #include @@ -101,10 +93,6 @@ static UnixFileHandle* fh_stderr = nil; // Key to info dictionary for operation mode. static NSString* NotificationKey = @"NSFileHandleNotificationKey"; -@interface UnixFileHandle (Private) -- (void) setAddr: (struct sockaddr_in *)sin; -@end - @implementation UnixFileHandle static BOOL @@ -1589,578 +1577,3 @@ getAddr(NSString* name, NSString* svc, NSString* pcl, struct sockaddr_in *sin) } @end - - -#if HAVE_OPENSSL -@interface GSUnixSSLHandle : UnixFileHandle -{ - SSL_CTX *ctx; - SSL *ssl; - BOOL connected; -} -- (BOOL) sslConnect; -- (void) sslDisconnect; -- (void) sslSetCertificate: (NSString*)certFile - privateKey: (NSString*)privateKey - PEMpasswd: (NSString*)PEMpasswd; -@end - -@implementation GSUnixSSLHandle -+ (void) initialize -{ - if (self == [GSUnixSSLHandle class]) - { - SSL_library_init(); - } -} - -- (NSData*) availableData -{ - char buf[NETBUF_SIZE]; - NSMutableData *d; - int len; - - [self checkRead]; - if (isNonBlocking == YES) - [self setNonBlocking: NO]; - d = [NSMutableData dataWithCapacity: 0]; - if (isStandardFile) - { - while ((len = read(descriptor, buf, sizeof(buf))) > 0) - { - [d appendBytes: buf length: len]; - } - } - else - { - if (connected) - { - if ((len = SSL_read(ssl, buf, sizeof(buf))) > 0) - { - [d appendBytes: buf length: len]; - } - } - else - { - if ((len = read(descriptor, buf, sizeof(buf))) > 0) - { - [d appendBytes: buf length: len]; - } - } - } - if (len < 0) - { - [NSException raise: NSFileHandleOperationException - format: @"unable to read from descriptor - %s", - GSLastErrorStr(errno)]; - } - return d; -} - -- (void) closeFile -{ - [self sslDisconnect]; - [super closeFile]; -} - -- (void) gcFinalize -{ - [self sslDisconnect]; - [super gcFinalize]; -} - -- (NSData*) readDataOfLength: (unsigned)len -{ - NSMutableData *d; - int got; - - [self checkRead]; - if (isNonBlocking == YES) - [self setNonBlocking: NO]; - if (len <= 65536) - { - char *buf; - - buf = NSZoneMalloc(NSDefaultMallocZone(), len); - d = [NSMutableData dataWithBytesNoCopy: buf length: len]; - if ((got = SSL_read(ssl, [d mutableBytes], len)) < 0) - { - [NSException raise: NSFileHandleOperationException - format: @"unable to read from descriptor - %s", - GSLastErrorStr(errno)]; - } - [d setLength: got]; - } - else - { - char buf[NETBUF_SIZE]; - - d = [NSMutableData dataWithCapacity: 0]; - do - { - int chunk = len > sizeof(buf) ? sizeof(buf) : len; - - if (connected) - { - got = SSL_read(ssl, buf, chunk); - } - else - { - got = read(descriptor, buf, chunk); - } - if (got > 0) - { - [d appendBytes: buf length: got]; - len -= got; - } - else if (got < 0) - { - [NSException raise: NSFileHandleOperationException - format: @"unable to read from descriptor - %s", - GSLastErrorStr(errno)]; - } - } - while (len > 0 && got > 0); - } - return d; -} - -- (NSData*) readDataToEndOfFile -{ - char buf[NETBUF_SIZE]; - NSMutableData *d; - int len; - - [self checkRead]; - if (isNonBlocking == YES) - [self setNonBlocking: NO]; - d = [NSMutableData dataWithCapacity: 0]; - if (connected) - { - while ((len = SSL_read(ssl, buf, sizeof(buf))) > 0) - { - [d appendBytes: buf length: len]; - } - } - else - { - while ((len = read(descriptor, buf, sizeof(buf))) > 0) - { - [d appendBytes: buf length: len]; - } - } - if (len < 0) - { - [NSException raise: NSFileHandleOperationException - format: @"unable to read from descriptor - %s", - GSLastErrorStr(errno)]; - } - return d; -} - -- (void) receivedEvent: (void*)data - type: (RunLoopEventType)type - extra: (void*)extra - forMode: (NSString*)mode -{ - NSString *operation; - - if (isNonBlocking == NO) - [self setNonBlocking: YES]; - if (type == ET_RDESC) - { - operation = [readInfo objectForKey: NotificationKey]; - if (operation == NSFileHandleConnectionAcceptedNotification) - { - struct sockaddr_in buf; - int desc; - int blen = sizeof(buf); - - desc = accept(descriptor, (struct sockaddr*)&buf, &blen); - if (desc < 0) - { - NSString *s; - - s = [NSString stringWithFormat: @"Accept attempt failed - %s", - GSLastErrorStr(errno)]; - [readInfo setObject: s forKey: GSFileHandleNotificationError]; - } - else - { // Accept attempt completed. - UnixFileHandle *h; - struct sockaddr_in sin; - int size = sizeof(sin); - - h = [[GSUnixSSLHandle alloc] initWithFileDescriptor: desc - closeOnDealloc: YES]; - getpeername(desc, (struct sockaddr*)&sin, &size); - [h setAddr: &sin]; - [readInfo setObject: h - forKey: NSFileHandleNotificationFileHandleItem]; - RELEASE(h); - } - [self postReadNotification]; - } - else if (operation == NSFileHandleDataAvailableNotification) - { - [self postReadNotification]; - } - else - { - NSMutableData *item; - int length; - int received = 0; - char buf[NETBUF_SIZE]; - - item = [readInfo objectForKey: NSFileHandleNotificationDataItem]; - length = [item length]; - - if (connected) - { - received = SSL_read(ssl, buf, sizeof(buf)); - } - else - { - received = read(descriptor, buf, sizeof(buf)); - } - if (received == 0) - { // Read up to end of file. - [self postReadNotification]; - } - else if (received < 0) - { - if (errno != EAGAIN && errno != EINTR) - { - NSString *s; - - s = [NSString stringWithFormat: @"Read attempt failed - %s", - GSLastErrorStr(errno)]; - [readInfo setObject: s forKey: GSFileHandleNotificationError]; - [self postReadNotification]; - } - } - else - { - [item appendBytes: buf length: received]; - if (operation == NSFileHandleReadCompletionNotification) - { - // Read a single chunk of data - [self postReadNotification]; - } - } - } - } - else if (type == ET_WDESC) - { - NSMutableDictionary *info; - - info = [writeInfo objectAtIndex: 0]; - operation = [info objectForKey: NotificationKey]; - if (operation == GSFileHandleWriteCompletionNotification) - { - NSData *item; - int length; - const void *ptr; - - item = [info objectForKey: NSFileHandleNotificationDataItem]; - length = [item length]; - ptr = [item bytes]; - if (writePos < length) - { - int written; - - if (connected) - { - written = SSL_write(ssl, (char*)ptr + writePos, - length - writePos); - } - else - { - written = write(descriptor, (char*)ptr + writePos, - length - writePos); - } - if (written <= 0) - { - if (written < 0 && errno != EAGAIN && errno != EINTR) - { - NSString *s; - - s = [NSString stringWithFormat: - @"Write attempt failed - %s", GSLastErrorStr(errno)]; - [info setObject: s forKey: GSFileHandleNotificationError]; - [self postWriteNotification]; - } - } - else - { - writePos += written; - } - } - if (writePos >= length) - { // Write operation completed. - [self postWriteNotification]; - } - } - else - { // Connection attempt completed. - int result; - int len = sizeof(result); - - if (getsockopt(descriptor, SOL_SOCKET, SO_ERROR, - (char*)&result, &len) == 0 && result != 0) - { - NSString *s; - - s = [NSString stringWithFormat: @"Connect attempt failed - %s", - GSLastErrorStr(result)]; - [info setObject: s forKey: GSFileHandleNotificationError]; - } - else - { - readOK = YES; - writeOK = YES; - } - connectOK = NO; - [self postWriteNotification]; - } - } -} - -- (BOOL) sslConnect -{ - int ret; - int err; - NSRunLoop *loop; - - if (connected == YES) - { - return YES; /* Already connected. */ - } - if (isStandardFile == YES) - { - NSLog(@"Attempt to make ssl connection to a standard file"); - return NO; - } - - /* - * Ensure we have a context and handle to connect with. - */ - if (ctx == 0) - { - ctx = SSL_CTX_new(SSLv23_client_method()); - } - if (ssl == 0) - { - ssl = SSL_new(ctx); - } - - ret = SSL_set_fd(ssl, descriptor); - loop = [NSRunLoop currentRunLoop]; - [loop runUntilDate: [NSDate dateWithTimeIntervalSinceNow: 0.01]]; - ret = SSL_connect(ssl); - if (ret != 1) - { - int e = errno; - NSDate *final; - NSDate *when; - NSTimeInterval last = 0.0; - NSTimeInterval limit = 0.1; - - final = [[NSDate alloc] initWithTimeIntervalSinceNow: 20.0]; - when = [NSDate alloc]; - - err = SSL_get_error(ssl, ret); - while ((err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) - && [final timeIntervalSinceNow] > 0.0) - { - NSTimeInterval tmp = limit; - - limit += last; - last = tmp; - when = [when initWithTimeIntervalSinceNow: limit]; - [loop runUntilDate: when]; - ret = SSL_connect(ssl); - if (ret != 1) - { - e = errno; - err = SSL_get_error(ssl, ret); - } - else - { - err = SSL_ERROR_NONE; - } - } - RELEASE(when); - RELEASE(final); - if (err != SSL_ERROR_NONE) - { - NSString *str; - - switch (err) - { - case SSL_ERROR_NONE: - str = @"No error: really helpful"; - break; - case SSL_ERROR_ZERO_RETURN: - str = @"Zero Return error"; - break; - case SSL_ERROR_WANT_READ: - str = @"Want Read Error"; - break; - case SSL_ERROR_WANT_WRITE: - str = @"Want Write Error"; - break; - case SSL_ERROR_WANT_X509_LOOKUP: - str = @"Want X509 Lookup Error"; - break; - case SSL_ERROR_SYSCALL: - str = [NSString stringWithFormat: @"Syscall error %d - %s", - e, GSLastErrorStr(e)]; - break; - case SSL_ERROR_SSL: - str = @"SSL Error: really helpful"; - break; - default: - str = @"Standard Unix Error: really helpful"; - break; - } - NSLog(@"unable to make SSL connection to %@:%@ - %@", - address, service, str); - return NO; - } - } - connected = YES; - return YES; -} - -- (void) sslDisconnect -{ - if (ssl != 0) - { - if (connected == YES) - { - SSL_shutdown(ssl); - } - SSL_clear(ssl); - SSL_free(ssl); - ssl = 0; - } - if (ctx != 0) - { - SSL_CTX_free(ctx); - ctx = 0; - } - connected = NO; -} - -- (void) sslSetCertificate: (NSString*)certFile - privateKey: (NSString*)privateKey - PEMpasswd: (NSString*)PEMpasswd -{ - if (isStandardFile == YES) - { - NSLog(@"Attempt to set ssl certificate for a standard file"); - return; - } - /* - * Ensure we have a context to set the certificate for. - */ - if (ctx == 0) - { - ctx = SSL_CTX_new(SSLv23_client_method()); - } - if ([PEMpasswd length] > 0) - { - SSL_CTX_set_default_passwd_cb_userdata(ctx, (char*)[PEMpasswd cString]); - } - if ([certFile length] > 0) - { - SSL_CTX_use_certificate_file(ctx, [certFile cString], X509_FILETYPE_PEM); - } - if ([privateKey length] > 0) - { - SSL_CTX_use_PrivateKey_file(ctx, [privateKey cString], X509_FILETYPE_PEM); - } -} - -- (void) writeData: (NSData*)item -{ - int rval = 0; - const void *ptr = [item bytes]; - unsigned int len = [item length]; - unsigned int pos = 0; - - [self checkWrite]; - if (isNonBlocking == YES) - { - [self setNonBlocking: NO]; - } - while (pos < len) - { - int toWrite = len - pos; - - if (toWrite > NETBUF_SIZE) - { - toWrite = NETBUF_SIZE; - } - if (connected) - { - rval = SSL_write(ssl, (char*)ptr+pos, toWrite); - } - else - { - rval = write(descriptor, (char*)ptr+pos, toWrite); - } - if (rval < 0) - { - if (errno == EAGAIN == errno == EINTR) - { - rval = 0; - } - else - { - break; - } - } - pos += rval; - } - if (rval < 0) - { - [NSException raise: NSFileHandleOperationException - format: @"unable to write to descriptor - %s", - GSLastErrorStr(errno)]; - } -} -@end - -#else - -@interface GSUnixSSLHandle : UnixFileHandle -{ -} -- (BOOL) sslConnect; -- (void) sslDisconnect; -- (void) sslSetCertificate: (NSString*)certFile - privateKey: (NSString*)privateKey - PEMpasswd: (NSString*)PEMpasswd; -@end - -@implementation GSUnixSSLHandle -- (BOOL) sslConnect -{ - NSLog(@"SSL method called on system built without OpenSSL"); - return NO; -} -- (void) sslDisconnect -{ - NSLog(@"SSL method called on system built without OpenSSL"); -} -- (void) sslSetCertificate: (NSString*)certFile - privateKey: (NSString*)privateKey - PEMpasswd: (NSString*)PEMpasswd -{ - NSLog(@"SSL method called on system built without OpenSSL"); -} -@end -#endif /* HAVE_OPENSSL */ - diff --git a/config.mak.in b/config.mak.in index e2d9d936b..5ae929e5f 100644 --- a/config.mak.in +++ b/config.mak.in @@ -8,6 +8,10 @@ DYNAMIC_LINKER=@DYNAMIC_LINKER@ HAVE_LIBXML=@HAVE_LIBXML@ +HAVE_OPENSSL=@HAVE_OPENSSL@ +SSLLIBS=@SSLLIBS@ +SSLFLAGS=@SSLFLAGS@ + WITH_FFI=@WITH_FFI@ HAVE_PTHREAD_H=@HAVE_PTHREAD_H@ diff --git a/configure b/configure index 6a0a51e19..6143f7737 100755 --- a/configure +++ b/configure @@ -5246,7 +5246,7 @@ if test "${enable_openssl+set}" = set; then enableval="$enable_openssl" : else - enable_openssl=no + enable_openssl=yes fi # Check whether --with-openssl-include or --without-openssl-include was given. @@ -5271,9 +5271,16 @@ libs_temp=$LIBS if test "$openssl_incdir" != "no"; then CPPFLAGS="$CPPFLAGS -I$openssl_incdir" + SSLFLAGS="-I$openssl_incdir" +else + SSLFLAGS= fi + if test "$openssl_libdir" != "no"; then LIBS="$LIBS -L$openssl_libdir" + SSLLIBS="-L$openssl_libdir" +else + SSLLIBS= fi if test $enable_openssl = yes; then @@ -5281,17 +5288,17 @@ if test $enable_openssl = yes; then do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:5285: checking for $ac_hdr" >&5 +echo "configure:5292: checking for $ac_hdr" >&5 if eval "test \"\${ac_cv_header_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5295: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:5302: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -5320,11 +5327,13 @@ done if test $ac_cv_header_openssl_ssl_h = no; then echo "Could not find openssl headers" echo "Check to make sure you have a recent version of openssl installed" + echo "The SSL bundle will not be built" echo "configure: warning: Could not find openssl headers" 1>&2 + echo "configure: warning: The SSL bundle will not be built" 1>&2 ssl_ok=no else echo $ac_n "checking for CRYPTO_malloc in -lcrypto""... $ac_c" 1>&6 -echo "configure:5328: checking for CRYPTO_malloc in -lcrypto" >&5 +echo "configure:5337: checking for CRYPTO_malloc in -lcrypto" >&5 ac_lib_var=`echo crypto'_'CRYPTO_malloc | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5332,7 +5341,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypto $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5368,7 +5377,7 @@ fi base_libs="$LIBS" LIBS="$LIBS -lcrypto" echo $ac_n "checking for ssl2_clear in -lssl""... $ac_c" 1>&6 -echo "configure:5372: checking for ssl2_clear in -lssl" >&5 +echo "configure:5381: checking for ssl2_clear in -lssl" >&5 ac_lib_var=`echo ssl'_'ssl2_clear | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5376,7 +5385,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lssl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5411,18 +5420,18 @@ fi if test "$ssl_ok" = yes; then echo "found openssl" LIBS="$base_libs -lssl -lcrypto" - cat >> confdefs.h <<\EOF -#define HAVE_OPENSSL 1 -EOF - + SSLLIBS="$SSLLIBS -lssl -lcrypto" else + SSLLIBS="$SSLLIBS -lcrypto" echo "Could not find openssl crypto library" echo "Check to make sure you have a recent version of openssl installed" - echo "configure: warning: Could not find openssl headers" 1>&2 + echo "The SSL bundle will not be built" + echo "configure: warning: Could not find openssl libraries" 1>&2 + echo "configure: warning: The SSL bundle will not be built" 1>&2 fi echo $ac_n "checking for des_setkey in -lcipher""... $ac_c" 1>&6 -echo "configure:5426: checking for des_setkey in -lcipher" >&5 +echo "configure:5435: checking for des_setkey in -lcipher" >&5 ac_lib_var=`echo cipher'_'des_setkey | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5430,7 +5439,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcipher $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5454: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5465,19 +5474,29 @@ fi if test "$cipher_ok" = yes; then echo "found cipher" LIBS="$LIBS -lcipher" + SSLLIBS="$SSLLIBS -lcipher" fi else echo "Could not find openssl library" echo "Check to make sure you have a recent version of openssl installed" - echo "configure: warning: Could not find openssl headers" 1>&2 + echo "The SSL bundle will not be built" + echo "configure: warning: Could not find openssl libraries" 1>&2 + echo "configure: warning: The SSL bundle will not be built" 1>&2 fi fi +else + echo "The use of openssl was disabled" + echo "The SSL bundle will not be built" + echo "configure: warning: The use of openssl was disabled" 1>&2 + echo "configure: warning: The SSL bundle will not be built" 1>&2 fi +HAVE_OPENSSL=$ssl_ok -if test "$ssl_ok" = "no"; then - CPPFLAGS="$cppflags_temp"; - LIBS="$libs_temp"; -fi + + + +CPPFLAGS="$cppflags_temp"; +LIBS="$libs_temp"; #-------------------------------------------------------------------- # Check GMP for NSDecimal @@ -5515,17 +5534,17 @@ for ac_hdr in gmp.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:5519: checking for $ac_hdr" >&5 +echo "configure:5538: checking for $ac_hdr" >&5 if eval "test \"\${ac_cv_header_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:5529: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:5548: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -5553,7 +5572,7 @@ done if test $ac_cv_header_gmp_h = yes; then echo $ac_n "checking for mpf_abs in -lgmp""... $ac_c" 1>&6 -echo "configure:5557: checking for mpf_abs in -lgmp" >&5 +echo "configure:5576: checking for mpf_abs in -lgmp" >&5 ac_lib_var=`echo gmp'_'mpf_abs | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5561,7 +5580,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgmp $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5595: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5595,7 +5614,7 @@ fi if test "$gmp_ok" = no; then echo $ac_n "checking for __gmpf_abs in -lgmp""... $ac_c" 1>&6 -echo "configure:5599: checking for __gmpf_abs in -lgmp" >&5 +echo "configure:5618: checking for __gmpf_abs in -lgmp" >&5 ac_lib_var=`echo gmp'_'__gmpf_abs | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5603,7 +5622,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lgmp $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5637: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5656,12 +5675,12 @@ fi for ac_func in iconv do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:5660: checking for $ac_func" >&5 +echo "configure:5679: checking for $ac_func" >&5 if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -5727,7 +5746,7 @@ fi # BSDs install this lib as libgiconv echo $ac_n "checking for main in -lgiconv""... $ac_c" 1>&6 -echo "configure:5731: checking for main in -lgiconv" >&5 +echo "configure:5750: checking for main in -lgiconv" >&5 ac_lib_var=`echo giconv'_'main | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5735,14 +5754,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lgiconv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5765: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5780,7 +5799,7 @@ EOF else echo $ac_n "checking for main in -liconv""... $ac_c" 1>&6 -echo "configure:5784: checking for main in -liconv" >&5 +echo "configure:5803: checking for main in -liconv" >&5 ac_lib_var=`echo iconv'_'main | sed 'y%./+-:%__p__%'` if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -5788,14 +5807,14 @@ else ac_save_LIBS="$LIBS" LIBS="-liconv $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:5818: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -5841,7 +5860,7 @@ subdirs="Source/mframe" # Record the version #-------------------------------------------------------------------- echo $ac_n "checking for the version of gnustep-base we are compiling""... $ac_c" 1>&6 -echo "configure:5845: checking for the version of gnustep-base we are compiling" >&5 +echo "configure:5864: checking for the version of gnustep-base we are compiling" >&5 if test -f "Version"; then . ./Version fi @@ -6048,6 +6067,9 @@ s%@XML_CONFIG@%$XML_CONFIG%g s%@XML_CFLAGS@%$XML_CFLAGS%g s%@XML_LIBS@%$XML_LIBS%g s%@HAVE_LIBXML@%$HAVE_LIBXML%g +s%@HAVE_OPENSSL@%$HAVE_OPENSSL%g +s%@SSLFLAGS@%$SSLFLAGS%g +s%@SSLLIBS@%$SSLLIBS%g s%@HAVE_GMP@%$HAVE_GMP%g s%@SYSTEM_DEFS@%$SYSTEM_DEFS%g s%@subdirs@%$subdirs%g diff --git a/configure.in b/configure.in index bd700e7f1..b1a17b238 100644 --- a/configure.in +++ b/configure.in @@ -855,7 +855,7 @@ AC_SUBST(HAVE_LIBXML) #-------------------------------------------------------------------- AC_ARG_ENABLE(openssl, [ --enable-openssl Enable support for openssl in URL classes],, - enable_openssl=no) + enable_openssl=yes) AC_ARG_WITH(openssl-include, [ --with-openssl-include=PATH include path for openssl headers], openssl_incdir="$withval", openssl_incdir="no") @@ -868,9 +868,16 @@ libs_temp=$LIBS if test "$openssl_incdir" != "no"; then CPPFLAGS="$CPPFLAGS -I$openssl_incdir" + SSLFLAGS="-I$openssl_incdir" +else + SSLFLAGS= fi + if test "$openssl_libdir" != "no"; then LIBS="$LIBS -L$openssl_libdir" + SSLLIBS="-L$openssl_libdir" +else + SSLLIBS= fi if test $enable_openssl = yes; then @@ -878,7 +885,9 @@ if test $enable_openssl = yes; then if test $ac_cv_header_openssl_ssl_h = no; then echo "Could not find openssl headers" echo "Check to make sure you have a recent version of openssl installed" + echo "The SSL bundle will not be built" AC_MSG_WARN(Could not find openssl headers) + AC_MSG_WARN(The SSL bundle will not be built) ssl_ok=no else AC_CHECK_LIB(crypto, CRYPTO_malloc, ssl_ok=yes, ssl_ok=no) @@ -889,30 +898,43 @@ if test $enable_openssl = yes; then if test "$ssl_ok" = yes; then echo "found openssl" LIBS="$base_libs -lssl -lcrypto" - AC_DEFINE(HAVE_OPENSSL) + SSLLIBS="$SSLLIBS -lssl -lcrypto" else + SSLLIBS="$SSLLIBS -lcrypto" echo "Could not find openssl crypto library" echo "Check to make sure you have a recent version of openssl installed" - AC_MSG_WARN(Could not find openssl headers) + echo "The SSL bundle will not be built" + AC_MSG_WARN(Could not find openssl libraries) + AC_MSG_WARN(The SSL bundle will not be built) fi AC_CHECK_LIB(cipher,des_setkey,cipher_ok=yes,cipher_ok=no) if test "$cipher_ok" = yes; then echo "found cipher" LIBS="$LIBS -lcipher" + SSLLIBS="$SSLLIBS -lcipher" fi else echo "Could not find openssl library" echo "Check to make sure you have a recent version of openssl installed" - AC_MSG_WARN(Could not find openssl headers) + echo "The SSL bundle will not be built" + AC_MSG_WARN(Could not find openssl libraries) + AC_MSG_WARN(The SSL bundle will not be built) fi fi +else + echo "The use of openssl was disabled" + echo "The SSL bundle will not be built" + AC_MSG_WARN(The use of openssl was disabled) + AC_MSG_WARN(The SSL bundle will not be built) fi +HAVE_OPENSSL=$ssl_ok +AC_SUBST(HAVE_OPENSSL) +AC_SUBST(SSLFLAGS) +AC_SUBST(SSLLIBS) -if test "$ssl_ok" = "no"; then - CPPFLAGS="$cppflags_temp"; - LIBS="$libs_temp"; -fi +CPPFLAGS="$cppflags_temp"; +LIBS="$libs_temp"; #-------------------------------------------------------------------- # Check GMP for NSDecimal