From 46ade8f03ff2a53a710beacc438f875dd3610969 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Sun, 21 Feb 2016 20:54:45 -0300 Subject: [PATCH 1/5] fixes ocsp dependency check on asn during configure. --- configure.ac | 80 +++++++++++++++++++++++----------------------------- 1 file changed, 35 insertions(+), 45 deletions(-) diff --git a/configure.ac b/configure.ac index b99a9de1d..ff961d687 100644 --- a/configure.ac +++ b/configure.ac @@ -1430,35 +1430,6 @@ fi AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"]) -# OCSP -AC_ARG_ENABLE([ocsp], - [ --enable-ocsp Enable OCSP (default: disabled)], - [ ENABLED_OCSP=$enableval ], - [ ENABLED_OCSP=no ], - ) - -if test "$ENABLED_OCSP" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" -fi - -AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) - - -if test "$ENABLED_OCSP" = "yes" -then - # check openssl command tool for testing ocsp - AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) - - if test "$HAVE_OPENSSL_CMD" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" - else - AC_MSG_WARN([openssl command line tool not available for testing ocsp]) - fi -fi - - # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], @@ -1469,18 +1440,11 @@ AC_ARG_ENABLE([ocspstapling], if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST" - - # Requires OCSP make sure on - if test "x$ENABLED_OCSP" = "xno" - then - ENABLED_OCSP="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" - AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) - fi fi AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) + # Certificate Status Request v2 : a.k.a. OCSP stapling v2 AC_ARG_ENABLE([ocspstapling2], [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])], @@ -1491,18 +1455,44 @@ AC_ARG_ENABLE([ocspstapling2], if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2" - - # Requires OCSP make sure on - if test "x$ENABLED_OCSP" = "xno" - then - ENABLED_OCSP="yes" - AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" - AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) - fi fi AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) + +# OCSP +AC_ARG_ENABLE([ocsp], + [AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])], + [ ENABLED_OCSP=$enableval ], + [ ENABLED_OCSP=no ], + ) + +AS_IF([test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"], [ENABLED_OCSP="yes"]) +AS_IF([test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"], [ENABLED_OCSP="yes"]) + +if test "$ENABLED_OCSP" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + + # check openssl command tool for testing ocsp + AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) + + if test "$HAVE_OPENSSL_CMD" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" + else + AC_MSG_WARN([openssl command line tool not available for testing ocsp]) + fi + + if test "x$ENABLED_ASN" = "xno" + then + AC_MSG_ERROR([please enable asn if enabling ocsp.]) + fi +fi + +AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + + # CRL AC_ARG_ENABLE([crl], [ --enable-crl Enable CRL (default: disabled)], From a92d2d582f2659a5e042ba2ef02fe290713a3f89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 23 Feb 2016 14:13:52 -0300 Subject: [PATCH 2/5] Revert "fixes ocsp dependency check on asn during configure." This reverts commit 46ade8f03ff2a53a710beacc438f875dd3610969. --- configure.ac | 80 +++++++++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 35 deletions(-) diff --git a/configure.ac b/configure.ac index ff961d687..b99a9de1d 100644 --- a/configure.ac +++ b/configure.ac @@ -1430,6 +1430,35 @@ fi AM_CONDITIONAL([BUILD_INLINE], [test "x$ENABLED_INLINE" = "xyes"]) +# OCSP +AC_ARG_ENABLE([ocsp], + [ --enable-ocsp Enable OCSP (default: disabled)], + [ ENABLED_OCSP=$enableval ], + [ ENABLED_OCSP=no ], + ) + +if test "$ENABLED_OCSP" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" +fi + +AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + + +if test "$ENABLED_OCSP" = "yes" +then + # check openssl command tool for testing ocsp + AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) + + if test "$HAVE_OPENSSL_CMD" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" + else + AC_MSG_WARN([openssl command line tool not available for testing ocsp]) + fi +fi + + # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], [AS_HELP_STRING([--enable-ocspstapling],[Enable OCSP Stapling (default: disabled)])], @@ -1440,11 +1469,18 @@ AC_ARG_ENABLE([ocspstapling], if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi fi AM_CONDITIONAL([BUILD_OCSP_STAPLING], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"]) - # Certificate Status Request v2 : a.k.a. OCSP stapling v2 AC_ARG_ENABLE([ocspstapling2], [AS_HELP_STRING([--enable-ocspstapling2],[Enable OCSP Stapling v2 (default: disabled)])], @@ -1455,44 +1491,18 @@ AC_ARG_ENABLE([ocspstapling2], if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST_V2" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi fi AM_CONDITIONAL([BUILD_OCSP_STAPLING_V2], [test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"]) - -# OCSP -AC_ARG_ENABLE([ocsp], - [AS_HELP_STRING([--enable-ocsp],[Enable OCSP (default: disabled)])], - [ ENABLED_OCSP=$enableval ], - [ ENABLED_OCSP=no ], - ) - -AS_IF([test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xyes"], [ENABLED_OCSP="yes"]) -AS_IF([test "x$ENABLED_CERTIFICATE_STATUS_REQUEST_V2" = "xyes"], [ENABLED_OCSP="yes"]) - -if test "$ENABLED_OCSP" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" - - # check openssl command tool for testing ocsp - AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) - - if test "$HAVE_OPENSSL_CMD" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" - else - AC_MSG_WARN([openssl command line tool not available for testing ocsp]) - fi - - if test "x$ENABLED_ASN" = "xno" - then - AC_MSG_ERROR([please enable asn if enabling ocsp.]) - fi -fi - -AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) - - # CRL AC_ARG_ENABLE([crl], [ --enable-crl Enable CRL (default: disabled)], From 143b9fda1b8e68e4ad431d1600ca5aa2ba2724b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Tue, 23 Feb 2016 15:19:04 -0300 Subject: [PATCH 3/5] adds build dependency check for OCSP --- configure.ac | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index b99a9de1d..b598e4d90 100644 --- a/configure.ac +++ b/configure.ac @@ -2501,13 +2501,21 @@ AM_CONDITIONAL([BUILD_MCAPI], [test "x$ENABLED_MCAPI" = "xyes"]) # check if PSK was enabled for conditionally running psk.test script AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"]) -# Check for build-type conflicts +################################################################################ +# Check for build-type conflicts # +################################################################################ + AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_LEANPSK" = "xyes"], [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])]) +AS_IF([test "x$ENABLED_ASN" = "xno"], + [AC_MSG_ERROR([please enable asn if enabling ocsp.])]) + +################################################################################ +# Update CFLAGS based on options # +################################################################################ -# Update CFLAGS based on options AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MAX_STRENGTH"]) @@ -2520,6 +2528,7 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_SSLV3" = "xyes"], [AC_MSG_ERROR([Cannot use Max Strength and SSLv3 at the same time.])]) +################################################################################ # OPTIMIZE FLAGS if test "$GCC" = "yes" From 1824a494d1e5746ab93988c54e15756232cb0929 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 24 Feb 2016 16:45:07 -0300 Subject: [PATCH 4/5] adds missing ENABLED_OCSP test --- configure.ac | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b598e4d90..2a36c3ab3 100644 --- a/configure.ac +++ b/configure.ac @@ -2509,7 +2509,8 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ test "x$ENABLED_LEANPSK" = "xyes"], [AC_MSG_ERROR([Cannot use Max Strength and Lean PSK at the same time.])]) -AS_IF([test "x$ENABLED_ASN" = "xno"], +AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ + test "x$ENABLED_ASN" = "xno"], [AC_MSG_ERROR([please enable asn if enabling ocsp.])]) ################################################################################ From fb9697bda6ff807e097fcb47925e7538ece5e2ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= Date: Wed, 24 Feb 2016 18:57:16 -0300 Subject: [PATCH 5/5] adds check for missing rsa and ecc at the same time --- configure.ac | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configure.ac b/configure.ac index 2a36c3ab3..2301a64ce 100644 --- a/configure.ac +++ b/configure.ac @@ -2513,6 +2513,11 @@ AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ test "x$ENABLED_ASN" = "xno"], [AC_MSG_ERROR([please enable asn if enabling ocsp.])]) +AS_IF([test "x$ENABLED_OCSP" = "xyes" && \ + test "x$ENABLED_RSA" = "xno" && \ + test "x$ENABLED_ECC" = "xno"], + [AC_MSG_ERROR([please enable rsa or ecc if enabling ocsp.])]) + ################################################################################ # Update CFLAGS based on options # ################################################################################