You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by dr...@apache.org on 2006/06/20 13:15:18 UTC
svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Author: dreid
Date: Tue Jun 20 04:15:17 2006
New Revision: 415611
URL: http://svn.apache.org/viewvc?rev=415611&view=rev
Log:
Address the problems of earlier patch and add new flag, --with-ssl which can be used
to enable/disable all ssl detection routines.
I've defaulted this to be 'ON' so we get reports of problems.
No use of package foo logic yet, but I'll look into that next following
Joe's comments.
Modified:
apr/apr-util/trunk/build/ssl.m4
Modified: apr/apr-util/trunk/build/ssl.m4
URL: http://svn.apache.org/viewvc/apr/apr-util/trunk/build/ssl.m4?rev=415611&r1=415610&r2=415611&view=diff
==============================================================================
--- apr/apr-util/trunk/build/ssl.m4 (original)
+++ apr/apr-util/trunk/build/ssl.m4 Tue Jun 20 04:15:17 2006
@@ -24,9 +24,19 @@
AC_DEFUN([APU_FIND_SSL], [
apu_have_ssl=0
- APU_CHECK_OPENSSL
- dnl add checks for other varieties of ssl here
-
+ AC_ARG_WITH([ssl], [
+ --with-ssl
+ ], [
+ if test "$withval" = "no"; then
+ ap_have_ssl=0
+ else
+ APU_CHECK_OPENSSL
+ dnl add checks for other varieties of ssl here
+ fi
+ ], [
+ APU_CHECK_OPENSSL
+ dnl add checks for other varieties of ssl here
+ ])
if test "$apu_have_ssl" = "1"; then
AC_DEFINE([APU_HAVE_SSL], 1, [Define that we have SSL capability])
@@ -44,26 +54,11 @@
--with-openssl=DIR
], [
if test "$withval" = "yes"; then
- old_cppflags="$CPPFLAGS"
- old_ldflags="$LDFLAGS"
-
- openssl_CPPFLAGS="-I$withval/include"
- openssl_LDFLAGS="-L$withval/lib "
-
- APR_ADDTO(CPPFLAGS, [$openssl_CPPFLAGS])
- APR_ADDTO(LDFLAGS, [$openssl_LDFLAGS])
-
- AC_MSG_NOTICE(checking for openssl in $withval)
AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1]))
if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
apu_have_openssl=1
- APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
- APR_ADDTO(APRUTIL_INCLUDES, [-I$withval/include])
fi
-
- CPPFLAGS="$old_cppflags"
- LDFLAGS="$old_ldflags"
elif test "$withval" = "no"; then
apu_have_openssl=0
else
@@ -99,19 +94,11 @@
LDFLAGS="$old_ldflags"
fi
], [
- old_cppflags="$CPPFLAGS"
- old_ldflags="$LDFLAGS"
-
AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1]))
if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
apu_have_openssl=1
- APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
- APR_ADDTO(APRUTIL_INCLUDES, [-I$withval/include])
fi
-
- CPPFLAGS="$old_cppflags"
- LDFLAGS="$old_ldflags"
])
@@ -120,8 +107,8 @@
dnl Add the libraries we will need now that we have set apu_have_openssl correctly
if test "$apu_have_openssl" = "1"; then
AC_DEFINE([APU_HAVE_OPENSSL], 1, [Define that we have OpenSSL available])
- APR_ADDTO(APRUTIL_EXPORT_LIBS,[-lcrypto -lssl])
- APR_ADDTO(APRUTIL_LIBS,[-lcrypto -lssl])
+ APR_ADDTO(APRUTIL_EXPORT_LIBS,[-lssl -lcrypto])
+ APR_ADDTO(APRUTIL_LIBS,[-lssl -lcrypto])
apu_have_ssl=1
fi
])
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
dreid@apache.org wrote:
> Author: dreid
> Date: Tue Jun 20 04:15:17 2006
> New Revision: 415611
>
> URL: http://svn.apache.org/viewvc?rev=415611&view=rev
> Log:
> Address the problems of earlier patch and add new flag, --with-ssl which can be used
> to enable/disable all ssl detection routines.
>
> I've defaulted this to be 'ON' so we get reports of problems.
From the crypto/munitions POV, doesn't it make more sense to default to off,
with --with-ssl (w/wo path) to enable this for folks who want it (read: most.)
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
dreid@apache.org wrote:
> Author: dreid
> Date: Tue Jun 20 04:15:17 2006
> New Revision: 415611
>
> URL: http://svn.apache.org/viewvc?rev=415611&view=rev
> Log:
> Address the problems of earlier patch and add new flag, --with-ssl which can be used
> to enable/disable all ssl detection routines.
>
> I've defaulted this to be 'ON' so we get reports of problems.
From the crypto/munitions POV, doesn't it make more sense to default to off,
with --with-ssl (w/wo path) to enable this for folks who want it (read: most.)
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On 6/20/06, Garrett Rooney <ro...@electricjellyfish.net> wrote:
> > > Wow, that sounds like "fun"...
> >
> > Does Neon?
>
> I believe Neon defaults to off, or at least I recall having to tell it
> to use ssl even when it should have been able to find it on its own...
Correct. Neon requires passing --with-ssl explicitly too. -- justin
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by Garrett Rooney <ro...@electricjellyfish.net>.
On 6/20/06, david reid <da...@jetnet.co.uk> wrote:
> Garrett Rooney wrote:
> > On 6/20/06, Justin Erenkrantz <ju...@erenkrantz.com> wrote:
> >> On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
> >> > I've defaulted this to be 'ON' so we get reports of problems.
> >>
> >> I would prefer that we don't turn SSL factories on by default just
> >> yet. (httpd doesn't enable mod_ssl either unless explicitly requested
> >> too.)
> >>
> >> FWIW, by bundling code that uses/links OpenSSL, we're likely going to
> >> have to also follow httpd in providing BXA notifications - which may
> >> means that all of our downstream APR-util users will have to file too
> >> - oh joy! Garrett should check up with Roy on that. =) -- justin
> >
> > Wow, that sounds like "fun"...
>
> Does Neon?
I believe Neon defaults to off, or at least I recall having to tell it
to use ssl even when it should have been able to find it on its own...
-garrett
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by david reid <da...@jetnet.co.uk>.
Garrett Rooney wrote:
> On 6/20/06, Justin Erenkrantz <ju...@erenkrantz.com> wrote:
>> On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
>> > I've defaulted this to be 'ON' so we get reports of problems.
>>
>> I would prefer that we don't turn SSL factories on by default just
>> yet. (httpd doesn't enable mod_ssl either unless explicitly requested
>> too.)
>>
>> FWIW, by bundling code that uses/links OpenSSL, we're likely going to
>> have to also follow httpd in providing BXA notifications - which may
>> means that all of our downstream APR-util users will have to file too
>> - oh joy! Garrett should check up with Roy on that. =) -- justin
>
> Wow, that sounds like "fun"...
Does Neon?
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by Garrett Rooney <ro...@electricjellyfish.net>.
On 6/20/06, Justin Erenkrantz <ju...@erenkrantz.com> wrote:
> On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
> > I've defaulted this to be 'ON' so we get reports of problems.
>
> I would prefer that we don't turn SSL factories on by default just
> yet. (httpd doesn't enable mod_ssl either unless explicitly requested
> too.)
>
> FWIW, by bundling code that uses/links OpenSSL, we're likely going to
> have to also follow httpd in providing BXA notifications - which may
> means that all of our downstream APR-util users will have to file too
> - oh joy! Garrett should check up with Roy on that. =) -- justin
Wow, that sounds like "fun"...
-garrett
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Justin Erenkrantz wrote:
> On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
>> I've defaulted this to be 'ON' so we get reports of problems.
>
> I would prefer that we don't turn SSL factories on by default just
> yet. (httpd doesn't enable mod_ssl either unless explicitly requested
> too.)
>
> FWIW, by bundling code that uses/links OpenSSL, we're likely going to
> have to also follow httpd in providing BXA notifications - which may
> means that all of our downstream APR-util users will have to file too
> - oh joy! Garrett should check up with Roy on that. =) -- justin
See http://www.apache.org/dev/crypto.html for the fundementals, still evolving.
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Justin Erenkrantz wrote:
> On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
>> I've defaulted this to be 'ON' so we get reports of problems.
>
> I would prefer that we don't turn SSL factories on by default just
> yet. (httpd doesn't enable mod_ssl either unless explicitly requested
> too.)
>
> FWIW, by bundling code that uses/links OpenSSL, we're likely going to
> have to also follow httpd in providing BXA notifications - which may
> means that all of our downstream APR-util users will have to file too
> - oh joy! Garrett should check up with Roy on that. =) -- justin
See http://www.apache.org/dev/crypto.html for the fundementals, still evolving.
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
> I've defaulted this to be 'ON' so we get reports of problems.
I would prefer that we don't turn SSL factories on by default just
yet. (httpd doesn't enable mod_ssl either unless explicitly requested
too.)
FWIW, by bundling code that uses/links OpenSSL, we're likely going to
have to also follow httpd in providing BXA notifications - which may
means that all of our downstream APR-util users will have to file too
- oh joy! Garrett should check up with Roy on that. =) -- justin
Re: svn commit: r415611 - /apr/apr-util/trunk/build/ssl.m4
Posted by Justin Erenkrantz <ju...@erenkrantz.com>.
On 6/20/06, dreid@apache.org <dr...@apache.org> wrote:
> I've defaulted this to be 'ON' so we get reports of problems.
I would prefer that we don't turn SSL factories on by default just
yet. (httpd doesn't enable mod_ssl either unless explicitly requested
too.)
FWIW, by bundling code that uses/links OpenSSL, we're likely going to
have to also follow httpd in providing BXA notifications - which may
means that all of our downstream APR-util users will have to file too
- oh joy! Garrett should check up with Roy on that. =) -- justin