[git] GnuPG - branch, master, updated. gnupg-2.1.0-beta834-20-gf2361e6
by Werner Koch
cvs at cvs.gnupg.org
Thu Oct 2 17:34:34 CEST 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via f2361e6d582d4343d71d294ed1da654afe7750ee (commit)
via 6bc0cd6202033be113999dbf27be4014bdf2c784 (commit)
from edd191e5b006dc6ace1d41672e7201cbe58c41c9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit f2361e6d582d4343d71d294ed1da654afe7750ee
Author: Werner Koch <wk at gnupg.org>
Date: Thu Oct 2 17:33:57 2014 +0200
First changes for future use of NTBTLS.
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New. Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--
This is only the configure stuff. If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
diff --git a/common/Makefile.am b/common/Makefile.am
index 03bc5eb..87d6820 100644
--- a/common/Makefile.am
+++ b/common/Makefile.am
@@ -226,8 +226,9 @@ t_zb32_LDADD = $(t_common_ldadd)
# http tests
t_http_SOURCES = t-http.c
-t_http_CFLAGS = $(t_common_cflags) $(LIBGNUTLS_CFLAGS)
-t_http_LDADD = libcommontls.a $(t_common_ldadd) $(LIBGNUTLS_LIBS) $(DNSLIBS)
+t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
+t_http_LDADD = libcommontls.a $(t_common_ldadd) \
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
# All programs should depend on the created libs.
$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a
diff --git a/common/http.c b/common/http.c
index 7e3bb57..413efd8 100644
--- a/common/http.c
+++ b/common/http.c
@@ -39,7 +39,7 @@
- fixme: list other requirements.
- - With HTTP_USE_GNUTLS or HTTP_USE_POLARSSL support for https is
+ - With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
provided (this also requires estream).
- With HTTP_NO_WSASTARTUP the socket initialization is not done
@@ -82,17 +82,16 @@
# include <npth.h>
#endif
-#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_POLARSSL)
-# error Both, HTTP_USE_GNUTLS and HTTP_USE_POLARSSL, are defined.
+#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
+# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
#endif
-#ifdef HTTP_USE_GNUTLS
+#ifdef HTTP_USE_NTBTLS
+# include <ntbtls.h>
+#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h>
# include <gnutls/x509.h>
#endif /*HTTP_USE_GNUTLS*/
-#ifdef HTTP_USE_POLARSSL
-# error Support for PolarSSL has not yet been added
-#endif
#include "util.h"
@@ -156,8 +155,15 @@ typedef unsigned long longcounter_t;
# define counter_strtoul(a) strtoul ((a), NULL, 10)
#endif
-#ifndef HTTP_USE_GNUTLS
-typedef void * gnutls_session_t;
+#if HTTP_USE_NTBTLS
+typedef ntbtls_t tls_session_t;
+# define USE_TLS 1
+#elif HTTP_USE_GNUTLS
+typedef gnutls_session_t tls_session_t;
+# define USE_TLS 1
+#else
+typedef void *tls_session_t;
+# undef USE_TLS
#endif
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
@@ -226,14 +232,16 @@ struct http_session_s
int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
- gnutls_session_t tls_session;
+#endif /*HTTP_USE_GNUTLS*/
+#ifdef USE_TLS
+ tls_session_t tls_session;
struct {
int done; /* Verifciation has been done. */
- int rc; /* GnuTLS verification return code. */
+ int rc; /* TLS verification return code. */
unsigned int status; /* Verification status. */
} verify;
char *servername; /* Malloced server name. */
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
@@ -522,7 +530,8 @@ session_unref (int lnr, http_session_t sess)
if (sess->refcount)
return;
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
+# ifdef HTTP_USE_GNUTLS
if (sess->tls_session)
{
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
@@ -531,8 +540,9 @@ session_unref (int lnr, http_session_t sess)
}
if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred);
+# endif /*HTTP_USE_GNUTLS*/
xfree (sess->servername);
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
xfree (sess);
}
@@ -560,7 +570,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
return gpg_error_from_syserror ();
sess->refcount = 1;
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ {
+ (void)tls_priority;
+
+ err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
+ if (err)
+ {
+ log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
+ goto leave;
+ }
+ }
+#elif HTTP_USE_GNUTLS
{
const char *errpos;
int rc;
@@ -616,17 +637,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
goto leave;
}
}
-
#else /*!HTTP_USE_GNUTLS*/
- (void)tls_priority;
+ {
+ (void)tls_priority;
+ }
#endif /*!HTTP_USE_GNUTLS*/
/* log_debug ("http.c:session_new: sess %p created\n", sess); */
err = 0;
-#ifdef HTTP_USE_GNUTLS
+#if USE_TLS
leave:
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
if (err)
http_session_unref (sess);
else
@@ -1067,7 +1089,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->port = 11371;
uri->is_http = 1;
}
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp"))))
@@ -1076,7 +1098,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->is_http = 1;
uri->use_tls = 1;
}
-#endif
+#endif /*USE_TLS*/
else if (!no_scheme_check)
return GPG_ERR_INV_URI; /* Unsupported scheme */
@@ -1393,22 +1415,24 @@ send_request (http_t hd, const char *httphost, const char *auth,
log_error ("TLS requested but no session object provided\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
if (hd->uri->use_tls && !hd->session->tls_session)
{
log_error ("TLS requested but no GNUTLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
/* Try to use SNI. */
-#ifdef HTTP_USE_GNUTLS
+#ifdef USE_TLS
if (hd->uri->use_tls)
{
+# if HTTP_USE_GNUTLS
int rc;
+# endif
xfree (hd->session->servername);
hd->session->servername = xtrystrdup (httphost? httphost : server);
@@ -1418,13 +1442,22 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err;
}
+# if HTTP_USE_NTBTLS
+ err = ntbtls_set_hostname (hd->session->tls_session, server);
+ if (err)
+ {
+ log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
+ return err;
+ }
+# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
server, strlen (server));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
+# endif /*HTTP_USE_GNUTLS*/
}
-#endif /*HTTP_USE_GNUTLS*/
+#endif /*USE_TLS*/
if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY)
@@ -1490,7 +1523,37 @@ send_request (http_t hd, const char *httphost, const char *auth,
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ if (hd->uri->use_tls)
+ {
+ my_socket_ref (hd->sock);
+
+ while ((err = ntbtls_handshake (hd->session->tls_session)))
+ {
+ switch (err)
+ {
+ default:
+ log_info ("TLS handshake failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+
+ hd->session->verify.done = 0;
+ if (tls_callback)
+ err = tls_callback (hd, hd->session, 0);
+ else
+ err = http_verify_server_credentials (hd->session);
+ if (err)
+ {
+ log_info ("TLS connection authentication failed: %s <%s>\n",
+ gpg_strerror (err), gpg_strsource (err));
+ xfree (proxy_authstr);
+ return err;
+ }
+ }
+#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
{
int rc;
@@ -2423,7 +2486,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
static void
send_gnutls_bye (void *opaque)
{
- gnutls_session_t tls_session = opaque;
+ tls_session_t tls_session = opaque;
int ret;
again:
@@ -2473,7 +2536,10 @@ cookie_close (void *cookie)
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ (void)sess;
+ return 0; /* FIXME!! */
+#elif HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;
diff --git a/common/t-http.c b/common/t-http.c
index 9872f9a..e031ef9 100644
--- a/common/t-http.c
+++ b/common/t-http.c
@@ -42,7 +42,9 @@
#include "http.h"
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+# include <ntbtls.h>
+#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
#endif /*HTTP_USE_GNUTLS*/
@@ -97,6 +99,7 @@ static int no_verify;
+#if HTTP_USE_GNUTLS
static gpg_error_t
verify_callback (http_t hd, http_session_t session, int reserved)
{
@@ -104,14 +107,15 @@ verify_callback (http_t hd, http_session_t session, int reserved)
(void)reserved;
return no_verify? 0 : http_verify_server_credentials (session);
}
+#endif
-
+#if HTTP_USE_GNUTLS
static void
my_gnutls_log (int level, const char *text)
{
fprintf (stderr, "gnutls:L%d: %s", level, text);
}
-
+#endif
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
@@ -233,7 +237,14 @@ main (int argc, char **argv)
if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem");
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+
+ (void)err;
+
+ ntbtls_set_debug (tls_dbg, NULL, NULL);
+
+#elif HTTP_USE_GNUTLS
+
rc = gnutls_global_init ();
if (rc)
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
diff --git a/configure.ac b/configure.ac
index daca838..46a0aad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -61,9 +61,13 @@ NEED_LIBASSUAN_VERSION=2.1.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.2.0
+NEED_NTBTLS_API=1
+NEED_NTBTLS_VERSION=0.1.0
+
NEED_NPTH_API=1
NEED_NPTH_VERSION=0.91
+
NEED_GNUTLS_VERSION=3.0
@@ -88,6 +92,7 @@ have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
+have_ntbtls=no
have_npth=no
have_libusb=no
have_adns=no
@@ -101,6 +106,7 @@ card_support=yes
use_ccid_driver=yes
use_standard_socket=yes
dirmngr_auto_start=yes
+use_tls_library=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
@@ -126,6 +132,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba])
+AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
+ [Required version of NTBTLS])
@@ -841,27 +849,37 @@ else
***]])
fi
+
#
-# Check whether GNUTLS is available
+# NTBTLS is our TLS library. If it is not available fallback to
+# GNUTLS.
#
-PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
- [have_gnutls=yes],
- [have_gnutls=no])
-if test "$have_gnutls" = "yes"; then
- AC_SUBST([LIBGNUTLS_CFLAGS])
- AC_SUBST([LIBGNUTLS_LIBS])
- AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
+ [have_ntbtls=yes],[have_ntbtls=no])
+
+if test "$have_ntbtls" = yes ; then
+ use_tls_library=ntbtls
+ AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
else
- tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
- AC_MSG_WARN([[
+ PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
+ [have_gnutls=yes],
+ [have_gnutls=no])
+ if test "$have_gnutls" = "yes"; then
+ AC_SUBST([LIBGNUTLS_CFLAGS])
+ AC_SUBST([LIBGNUTLS_LIBS])
+ use_tls_library=gnutls
+ AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
+ else
+ tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
+ AC_MSG_WARN([[
***
-*** Building without GNUTLS - no TLS access to keyservers.
+*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
***
*** $tmp]])
+ fi
fi
-
AC_MSG_NOTICE([checking for networking options])
#
@@ -1788,7 +1806,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
DNS SRV support: $use_dns_srv
- TLS support: $have_gnutls
+ TLS support: $use_tls_library
"
if test x"$use_regex" != xyes ; then
echo "
diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
index 7e2449f..d0226a3 100644
--- a/dirmngr/Makefile.am
+++ b/dirmngr/Makefile.am
@@ -63,7 +63,7 @@ endif
dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
- $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER
dirmngr_LDADD += $(LDAPLIBS)
endif
diff --git a/dirmngr/dirmngr.c b/dirmngr/dirmngr.c
index 48fa80b..8110df2 100644
--- a/dirmngr/dirmngr.c
+++ b/dirmngr/dirmngr.c
@@ -40,7 +40,12 @@
# include <signal.h>
#endif
#include <npth.h>
-#ifdef HTTP_USE_GNUTLS
+
+#include "dirmngr-err.h"
+
+#if HTTP_USE_NTBTLS
+# include <ntbtls.h>
+#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h>
#endif /*HTTP_USE_GNUTLS*/
@@ -210,6 +215,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_p_u (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
+ ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
@@ -244,7 +250,7 @@ static char *current_logfile;
/* Helper to implement --debug-level. */
static const char *debug_level;
-/* Helper to set the GNUTLS log level. */
+/* Helper to set the NTBTLS or GNUTLS log level. */
static int opt_gnutls_debug = -1;
/* Flag indicating that a shutdown has been requested. */
@@ -410,7 +416,12 @@ set_debug (void)
if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
-#ifdef HTTP_USE_GNUTLS
+#if HTTP_USE_NTBTLS
+ if (opt_gnutls_debug >= 0)
+ {
+ ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
+ }
+#elif HTTP_USE_GNUTLS
if (opt_gnutls_debug >= 0)
{
gnutls_global_set_log_function (my_gnutls_log);
@@ -669,8 +680,12 @@ main (int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
- /* Init GNUTLS. */
-#ifdef HTTP_USE_GNUTLS
+ /* Init TLS library. */
+#if HTTP_USE_NTBTLS
+ if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
+ log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
+ NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
+#elif HTTP_USE_GNUTLS
rc = gnutls_global_init ();
if (rc)
log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));
diff --git a/m4/Makefile.am b/m4/Makefile.am
index 05a2be3..f1b8df9 100644
--- a/m4/Makefile.am
+++ b/m4/Makefile.am
@@ -4,7 +4,7 @@ EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gnupg-pth.m4
-EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
+EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4
EXTRA_DIST += autobuild.m4
diff --git a/m4/ntbtls.m4 b/m4/ntbtls.m4
new file mode 100644
index 0000000..85c8ee9
--- /dev/null
+++ b/m4/ntbtls.m4
@@ -0,0 +1,137 @@
+dnl Autoconf macros for NTBTLS
+dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
+dnl
+dnl This file is free software; as a special exception the author gives
+dnl unlimited permission to copy and/or distribute it, with or without
+dnl modifications, as long as this notice is preserved.
+dnl
+dnl This file is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+
+dnl AM_PATH_NTBTLS([MINIMUM-VERSION,
+dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
+dnl
+dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS.
+dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl with the API version to also check the API compatibility. Example:
+dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
+dnl this features allows to prevent build against newer versions of libgcrypt
+dnl with a changed API.
+dnl
+AC_DEFUN([AM_PATH_NTBTLS],
+[ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_ARG_WITH(ntbtls-prefix,
+ AC_HELP_STRING([--with-ntbtls-prefix=PFX],
+ [prefix where NTBTLS is installed (optional)]),
+ ntbtls_config_prefix="$withval", ntbtls_config_prefix="")
+ if test x"${NTBTLS_CONFIG}" = x ; then
+ if test x"${ntbtls_config_prefix}" != x ; then
+ NTBTLS_CONFIG="${ntbtls_config_prefix}/bin/ntbtls-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/ntbtls-config" ; then
+ NTBTLS_CONFIG="${SYSROOT}/bin/ntbtls-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
+ fi
+ fi
+
+ AC_PATH_PROG(NTBTLS_CONFIG, ntbtls-config, no)
+ tmp=ifelse([$1], ,1:1.0.0,$1)
+ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
+ req_ntbtls_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
+ min_ntbtls_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
+ else
+ req_ntbtls_api=0
+ min_ntbtls_version="$tmp"
+ fi
+
+ AC_MSG_CHECKING(for NTBTLS - version >= $min_ntbtls_version)
+ ok=no
+ if test "$NTBTLS_CONFIG" != "no" ; then
+ req_major=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+ req_minor=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+ req_micro=`echo $min_ntbtls_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
+ ntbtls_config_version=`$NTBTLS_CONFIG --version`
+ major=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+ minor=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+ micro=`echo $ntbtls_config_version | \
+ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
+ if test "$major" -gt "$req_major"; then
+ ok=yes
+ else
+ if test "$major" -eq "$req_major"; then
+ if test "$minor" -gt "$req_minor"; then
+ ok=yes
+ else
+ if test "$minor" -eq "$req_minor"; then
+ if test "$micro" -ge "$req_micro"; then
+ ok=yes
+ fi
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ AC_MSG_RESULT([yes ($ntbtls_config_version)])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ if test $ok = yes; then
+ # If we have a recent ntbtls, we should also check that the
+ # API is compatible
+ if test "$req_ntbtls_api" -gt 0 ; then
+ tmp=`$NTBTLS_CONFIG --api-version 2>/dev/null || echo 0`
+ if test "$tmp" -gt 0 ; then
+ AC_MSG_CHECKING([NTBTLS API version])
+ if test "$req_ntbtls_api" -eq "$tmp" ; then
+ AC_MSG_RESULT([okay])
+ else
+ ok=no
+ AC_MSG_RESULT([does not match. want=$req_ntbtls_api got=$tmp])
+ fi
+ fi
+ fi
+ fi
+ if test $ok = yes; then
+ NTBTLS_CFLAGS=`$NTBTLS_CONFIG --cflags`
+ NTBTLS_LIBS=`$NTBTLS_CONFIG --libs`
+ ifelse([$2], , :, [$2])
+ ntbtls_config_host=`$NTBTLS_CONFIG --host 2>/dev/null || echo none`
+ if test x"$ntbtls_config_host" != xnone ; then
+ if test x"$ntbtls_config_host" != x"$host" ; then
+ AC_MSG_WARN([[
+***
+*** The config script $NTBTLS_CONFIG was
+*** built for $ntbtls_config_host and thus may not match the
+*** used host $host.
+*** You may want to use the configure option --with-ntbtls-prefix
+*** to specify a matching config script or use \$SYSROOT.
+***]])
+ gpg_config_script_warn="$gpg_config_script_warn ntbtls"
+ fi
+ fi
+ else
+ NTBTLS_CFLAGS=""
+ NTBTLS_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(NTBTLS_CFLAGS)
+ AC_SUBST(NTBTLS_LIBS)
+])
commit 6bc0cd6202033be113999dbf27be4014bdf2c784
Author: Werner Koch <wk at gnupg.org>
Date: Thu Oct 2 16:17:45 2014 +0200
build: Update m4 scripts
* m4/gpg-error.m4: Update from Libgpg-error git master.
* m4/libgcrypt.m4: Update from Libgcrypt git master.
* configure.ac: Declare SYSROOT a precious variable. Add extra error
message for library configuration mismatches.
diff --git a/configure.ac b/configure.ac
index c627c27..daca838 100644
--- a/configure.ac
+++ b/configure.ac
@@ -528,6 +528,7 @@ AH_BOTTOM([
AM_MAINTAINER_MODE
+AC_ARG_VAR(SYSROOT,[locate config scripts also below that directory])
# Checks for programs.
AC_MSG_NOTICE([checking for programs])
@@ -1796,3 +1797,12 @@ echo "
gpg-check-pattern will not be build.
"
fi
+if test "x${gpg_config_script_warn}" != x; then
+cat <<G10EOF
+ Warning: Mismatches between the target platform and the
+ to be used libraries have been detected for:
+ ${gpg_config_script_warn}
+ Please check above for more warning messages.
+
+G10EOF
+fi
diff --git a/m4/gpg-error.m4 b/m4/gpg-error.m4
index 35cbc78..1362709 100644
--- a/m4/gpg-error.m4
+++ b/m4/gpg-error.m4
@@ -1,5 +1,5 @@
# gpg-error.m4 - autoconf macro to detect libgpg-error.
-# Copyright (C) 2002, 2003, 2004, 2011 g10 Code GmbH
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
@@ -8,10 +8,21 @@
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
+
dnl AM_PATH_GPG_ERROR([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
-dnl Test for libgpg-error and define GPG_ERROR_CFLAGS and GPG_ERROR_LIBS
+dnl
+dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS,
+dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS. The _MT_ variants are
+dnl used for programs requireing real multi thread support.
+dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
dnl
AC_DEFUN([AM_PATH_GPG_ERROR],
[ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -29,13 +40,26 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
AC_ARG_WITH(gpg-error-prefix,,
gpg_error_config_prefix="$withval", gpg_error_config_prefix="")
- if test x$gpg_error_config_prefix != x ; then
- if test x${GPG_ERROR_CONFIG+set} != xset ; then
- GPG_ERROR_CONFIG=$gpg_error_config_prefix/bin/gpg-error-config
+ if test x"${GPG_ERROR_CONFIG}" = x ; then
+ if test x"${gpg_error_config_prefix}" != x ; then
+ GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/gpg-error-config" ; then
+ GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(GPG_ERROR_CONFIG, gpg-error-config, no)
+ AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no)
min_gpg_error_version=ifelse([$1], ,0.0,$1)
AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
ok=no
@@ -62,6 +86,8 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
if test $ok = yes; then
GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+ GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --cflags 2>/dev/null`
+ GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs 2>/dev/null`
AC_MSG_RESULT([yes ($gpg_error_config_version)])
ifelse([$2], , :, [$2])
gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host 2>/dev/null || echo none`
@@ -73,16 +99,21 @@ AC_DEFUN([AM_PATH_GPG_ERROR],
*** built for $gpg_error_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-gpg-error-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgpg-error"
fi
fi
else
GPG_ERROR_CFLAGS=""
GPG_ERROR_LIBS=""
+ GPG_ERROR_MT_CFLAGS=""
+ GPG_ERROR_MT_LIBS=""
AC_MSG_RESULT(no)
ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
AC_SUBST(GPG_ERROR_LIBS)
+ AC_SUBST(GPG_ERROR_MT_CFLAGS)
+ AC_SUBST(GPG_ERROR_MT_LIBS)
])
diff --git a/m4/libgcrypt.m4 b/m4/libgcrypt.m4
index 6cf482f..c67cfec 100644
--- a/m4/libgcrypt.m4
+++ b/m4/libgcrypt.m4
@@ -1,13 +1,15 @@
-dnl Autoconf macros for libgcrypt
-dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
-dnl
-dnl This file is free software; as a special exception the author gives
-dnl unlimited permission to copy and/or distribute it, with or without
-dnl modifications, as long as this notice is preserved.
-dnl
-dnl This file is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
-dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# libgcrypt.m4 - Autoconf macros to detect libgcrypt
+# Copyright (C) 2002, 2003, 2004, 2011, 2014 g10 Code GmbH
+#
+# This file is free software; as a special exception the author gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
+# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Last-changed: 2014-10-02
dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION,
@@ -20,19 +22,37 @@ dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
+dnl If a prefix option is not used, the config script is first
+dnl searched in $SYSROOT/bin and then along $PATH. If the used
+dnl config script does not match the host specification the script
+dnl is added to the gpg_config_script_warn variable.
+dnl
AC_DEFUN([AM_PATH_LIBGCRYPT],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(libgcrypt-prefix,
AC_HELP_STRING([--with-libgcrypt-prefix=PFX],
[prefix where LIBGCRYPT is installed (optional)]),
libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="")
- if test x$libgcrypt_config_prefix != x ; then
- if test x${LIBGCRYPT_CONFIG+set} != xset ; then
- LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config
+ if test x"${LIBGCRYPT_CONFIG}" = x ; then
+ if test x"${libgcrypt_config_prefix}" != x ; then
+ LIBGCRYPT_CONFIG="${libgcrypt_config_prefix}/bin/libgcrypt-config"
+ else
+ case "${SYSROOT}" in
+ /*)
+ if test -x "${SYSROOT}/bin/libgcrypt-config" ; then
+ LIBGCRYPT_CONFIG="${SYSROOT}/bin/libgcrypt-config"
+ fi
+ ;;
+ '')
+ ;;
+ *)
+ AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+ ;;
+ esac
fi
fi
- AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no)
+ AC_PATH_PROG(LIBGCRYPT_CONFIG, libgcrypt-config, no)
tmp=ifelse([$1], ,1:1.2.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
@@ -108,8 +128,9 @@ AC_DEFUN([AM_PATH_LIBGCRYPT],
*** built for $libgcrypt_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-libgcrypt-prefix
-*** to specify a matching config script.
+*** to specify a matching config script or use \$SYSROOT.
***]])
+ gpg_config_script_warn="$gpg_config_script_warn libgcrypt"
fi
fi
else
-----------------------------------------------------------------------
Summary of changes:
common/Makefile.am | 5 +-
common/http.c | 122 ++++++++++++++++++++++++++++++++++-----------
common/t-http.c | 19 +++++--
configure.ac | 54 +++++++++++++++-----
dirmngr/Makefile.am | 2 +-
dirmngr/dirmngr.c | 25 ++++++++--
m4/Makefile.am | 2 +-
m4/gpg-error.m4 | 45 ++++++++++++++---
m4/libgcrypt.m4 | 51 +++++++++++++------
m4/ntbtls.m4 | 137 +++++++++++++++++++++++++++++++++++++++++++++++++++
10 files changed, 386 insertions(+), 76 deletions(-)
create mode 100644 m4/ntbtls.m4
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list