sysmocom
/
pjproject
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Re #2185: Darwin SSL backend 

* Security framework availability will be automatically detected for Mac OS and iOS, and if found, Darwin SSL will be the default SSL backend.
* OpenSSL availability will still be checked regardless of the above result, as it may be needed for DTLS.
* Add configure option --disable-darwin-ssl to disable the automatic detection



git-svn-id: https://svn.pjsip.org/repos/pjproject/trunk@5959 74dad513-b988-da41-8d7b-12977e46ad98
This commit is contained in:
Sauw Ming 2019-03-26 07:25:57 +00:00
parent 6fcec7b8eb
commit 6814d38f53
2 changed files with 80 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
aconfigure
View File

@ -820,6 +820,7 @@ with_ipp_samples
with_ipp_arch
with_ssl
with_gnutls
enable_darwin_ssl
enable_ssl
with_opencore_amrnb
with_opencore_amr
@ -1488,6 +1489,7 @@ Optional Features:
package and samples location using IPPROOT and
IPPSAMPLES env var or with --with-ipp and
--with-ipp-samples options
--disable-darwin-ssl Exclude Darwin SSL (default: autodetect)
--disable-ssl Exclude SSL support the build (default: autodetect)
--disable-opencore-amr Exclude OpenCORE AMR support from the build
@ -1542,12 +1544,7 @@ Optional Packages:
--with-ipp-samples=DIR Specify the Intel IPP samples location
--with-ipp-arch=ARCH Specify the Intel IPP ARCH suffix, e.g. "64" or
"em64t. Default is blank for IA32"
--with-ssl=SSL_BACKEND/DIR
Specify alternate SSL library prefix or SSL
native-backend. You can specify "darwin" as the
native iOS/MacOS backend using Security framework,
or you can specify an alternate SSL library prefix
directory. If a directory is specified, this option
--with-ssl=DIR Specify alternate SSL library prefix. This option
will try to find OpenSSL first, then if not found,
GnuTLS. To skip OpenSSL finding, use --with-gnutls
option instead.
@ -7945,18 +7942,17 @@ fi
ac_ssl_has_aes_gcm=0
# Check whether --enable-ssl was given.
if test "${enable_ssl+set}" = set; then :
enableval=$enable_ssl;
if test "$enable_ssl" = "no"; then
ac_no_ssl=1
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if SSL support is disabled... yes" >&5
$as_echo "Checking if SSL support is disabled... yes" >&6; }
fi
# Check whether --enable-darwin-ssl was given.
if test "${enable_darwin_ssl+set}" = set; then :
enableval=$enable_darwin_ssl; if test "$enable_darwin_ssl" = "no"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if Darwin SSL support is disabled... yes" >&5
$as_echo "Checking if Darwin SSL support is disabled... yes" >&6; }
fi
else
if test "x$with_ssl" = "xdarwin"; then
case $target in
*darwin*)
SAVED_LIBS="$LIBS"
LIBS="-framework Security"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@ -7982,16 +7978,30 @@ rm -f core conftest.err conftest.$ac_objext \
$as_echo "#define PJ_SSL_SOCK_IMP PJ_SSL_SOCK_IMP_DARWIN" >>confdefs.h
LIBS="$LIBS -framework Security"
ac_ssl_backend="darwin"
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if Security framework for Darwin SSL is available... yes" >&5
$as_echo "Checking if Security framework for Darwin SSL is available... yes" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if Security framework for Darwin SSL is available... no" >&5
$as_echo "Checking if Security framework for Darwin SSL is available... no" >&6; }
fi
fi
;;
esac
if test "x$ac_ssl_backend" = "x" -a "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
fi
# Check whether --enable-ssl was given.
if test "${enable_ssl+set}" = set; then :
enableval=$enable_ssl;
if test "$enable_ssl" = "no"; then
ac_no_ssl=1
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Checking if SSL support is disabled... yes" >&5
$as_echo "Checking if SSL support is disabled... yes" >&6; }
fi
else
if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
CFLAGS="$CFLAGS -I$with_ssl/include"
CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
LDFLAGS="$LDFLAGS -L$with_ssl/lib"
@ -7999,8 +8009,9 @@ $as_echo "Checking if Security framework for Darwin SSL is available... no" >&6;
$as_echo "Using SSL prefix... $with_ssl" >&6; }
fi
if test "x$ac_ssl_backend" = "x" -a "x$with_gnutls" = "xno"; then
if test "x$with_gnutls" = "xno"; then
# We still need to check for OpenSSL installations even if
# we find Darwin SSL above since DTLS requires OpenSSL.
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: checking for OpenSSL installations.." >&5
$as_echo "checking for OpenSSL installations.." >&6; }
@ -8164,13 +8175,15 @@ $as_echo "OpenSSL has AES GCM support, SRTP will use OpenSSL" >&6; }
$as_echo "OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos" >&6; }
fi
# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
$as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h
if test "x$ac_ssl_backend" = "x"; then
# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
$as_echo "#define PJ_HAS_SSL_SOCK 1" >>confdefs.h
$as_echo "#define PJ_SSL_SOCK_IMP PJ_SSL_SOCK_IMP_OPENSSL" >>confdefs.h
$as_echo "#define PJ_SSL_SOCK_IMP PJ_SSL_SOCK_IMP_OPENSSL" >>confdefs.h
ac_ssl_backend="openssl"
ac_ssl_backend="openssl"
fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ** OpenSSL libraries not found **" >&5
$as_echo "** OpenSSL libraries not found **" >&6; }

75
aconfigure.ac
View File

@ -1541,14 +1541,10 @@ dnl #
dnl # SSL alt prefix
AC_ARG_WITH(ssl,
AS_HELP_STRING([--with-ssl=SSL_BACKEND/DIR],
[Specify alternate SSL library prefix or SSL native-backend.
You can specify "darwin" as the native iOS/MacOS backend
using Security framework, or you can specify an alternate
SSL library prefix directory. If a directory
is specified, this option will try to find OpenSSL first,
then if not found, GnuTLS. To skip OpenSSL finding, use
--with-gnutls option instead.]),
AS_HELP_STRING([--with-ssl=DIR],
[Specify alternate SSL library prefix. This option will try
to find OpenSSL first, then if not found, GnuTLS. To skip
OpenSSL finding, use --with-gnutls option instead.]),
[],
[with_ssl=no]
)
@ -1570,6 +1566,33 @@ dnl # Include SSL support
AC_SUBST(ac_no_ssl)
AC_SUBST(ac_ssl_has_aes_gcm,0)
AC_SUBST(ac_ssl_backend)
AC_ARG_ENABLE(darwin-ssl,
AS_HELP_STRING([--disable-darwin-ssl],
[Exclude Darwin SSL (default: autodetect)]),
[if test "$enable_darwin_ssl" = "no"; then
AC_MSG_RESULT([Checking if Darwin SSL support is disabled... yes])
fi],
[
case $target in
*darwin*)
SAVED_LIBS="$LIBS"
LIBS="-framework Security"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [])],
[ac_ssl_backend=darwin],)
LIBS="$SAVED_LIBS"
if test "x$ac_ssl_backend" = "xdarwin"; then
AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_DARWIN)
LIBS="$LIBS -framework Security"
AC_MSG_RESULT([Checking if Security framework for Darwin SSL is available... yes])
else
AC_MSG_RESULT([Checking if Security framework for Darwin SSL is available... no])
fi
;;
esac
])
AC_ARG_ENABLE(ssl,
AS_HELP_STRING([--disable-ssl],
[Exclude SSL support the build (default: autodetect)])
@ -1581,32 +1604,16 @@ AC_ARG_ENABLE(ssl,
fi
],
[
if test "x$with_ssl" = "xdarwin"; then
SAVED_LIBS="$LIBS"
LIBS="-framework Security"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [])],
[ac_ssl_backend=darwin],)
LIBS="$SAVED_LIBS"
if test "x$ac_ssl_backend" = "xdarwin"; then
AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_DARWIN)
LIBS="$LIBS -framework Security"
ac_ssl_backend="darwin"
AC_MSG_RESULT([Checking if Security framework for Darwin SSL is available... yes])
else
AC_MSG_RESULT([Checking if Security framework for Darwin SSL is available... no])
fi
fi
if test "x$ac_ssl_backend" = "x" -a "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
CFLAGS="$CFLAGS -I$with_ssl/include"
CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
LDFLAGS="$LDFLAGS -L$with_ssl/lib"
AC_MSG_RESULT([Using SSL prefix... $with_ssl])
fi
if test "x$ac_ssl_backend" = "x" -a "x$with_gnutls" = "xno"; then
if test "x$with_gnutls" = "xno"; then
# We still need to check for OpenSSL installations even if
# we find Darwin SSL above since DTLS requires OpenSSL.
AC_MSG_RESULT([checking for OpenSSL installations..])
AC_SUBST(openssl_h_present)
AC_SUBST(libssl_present)
@ -1632,11 +1639,13 @@ AC_ARG_ENABLE(ssl,
AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
fi
# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_OPENSSL)
ac_ssl_backend="openssl"
if test "x$ac_ssl_backend" = "x"; then
# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_OPENSSL)
ac_ssl_backend="openssl"
fi
else
AC_MSG_RESULT([** OpenSSL libraries not found **])
fi