diff options
| author |   beck <beck@openbsd.org> | 1999-03-01 04:27:46 +0000 |
|---|---|---|
| committer | beck <beck@openbsd.org> | 1999-03-01 04:27:46 +0000 |
| commit | da4e2a805b85b1e03ee77f85b14e50055c16e437 (patch) | |
| tree | 1b45eae4a3a05003ba7cf157f7388b789dfae8bc /usr.sbin/httpd/src/modules/ssl/libssl.module | |
| parent | tweak for 2.5 (diff) | |
| download | wireguard-openbsd-da4e2a805b85b1e03ee77f85b14e50055c16e437.tar.xz wireguard-openbsd-da4e2a805b85b1e03ee77f85b14e50055c16e437.zip | |
mod_ssl-2.2.3-1.3.4 (will require libssl-1.1 for https to work, but
mostly harmless otherwise).
Diffstat (limited to 'usr.sbin/httpd/src/modules/ssl/libssl.module')
| -rw-r--r-- | usr.sbin/httpd/src/modules/ssl/libssl.module | 513 |
1 files changed, 513 insertions, 0 deletions
diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.module b/usr.sbin/httpd/src/modules/ssl/libssl.module new file mode 100644 index 00000000000..a9bb26c49a8 --- /dev/null +++ b/usr.sbin/httpd/src/modules/ssl/libssl.module @@ -0,0 +1,513 @@ +## _ _ +## _ __ ___ ___ __| | ___ ___| | +## | '_ ` _ \ / _ \ / _` | / __/ __| | +## | | | | | | (_) | (_| | \__ \__ \ | mod_ssl - Apache Interface to SSLeay +## |_| |_| |_|\___/ \__,_|___|___/___/_| http://www.engelschall.com/sw/mod_ssl/ +## |_____| +## libssl.module +## Apache 1.3 Configuration mechanism module stub +## + +## +## ==================================================================== +## Copyright (c) 1998-1999 Ralf S. Engelschall. All rights reserved. +## +## Redistribution and use in source and binary forms, with or without +## modification, are permitted provided that the following conditions +## are met: +## +## 1. Redistributions of source code must retain the above copyright +## notice, this list of conditions and the following disclaimer. +## +## 2. Redistributions in binary form must reproduce the above copyright +## notice, this list of conditions and the following +## disclaimer in the documentation and/or other materials +## provided with the distribution. +## +## 3. All advertising materials mentioning features or use of this +## software must display the following acknowledgment: +## "This product includes software developed by +## Ralf S. Engelschall <rse@engelschall.com> for use in the +## mod_ssl project (http://www.engelschall.com/sw/mod_ssl/)." +## +## 4. The names "mod_ssl" must not be used to endorse or promote +## products derived from this software without prior written +## permission. For written permission, please contact +## rse@engelschall.com. +## +## 5. Products derived from this software may not be called "mod_ssl" +## nor may "mod_ssl" appear in their names without prior +## written permission of Ralf S. Engelschall. +## +## 6. Redistributions of any form whatsoever must retain the following +## acknowledgment: +## "This product includes software developed by +## Ralf S. Engelschall <rse@engelschall.com> for use in the +## mod_ssl project (http://www.engelschall.com/sw/mod_ssl/)." +## +## THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY +## EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +## PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR +## HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +## SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +## NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +## HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +## STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +## ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +## OF THE POSSIBILITY OF SUCH DAMAGE. +## ==================================================================== +## + + # ``What you are missing, I suppose, is that I'm not + # prepared to give equal rights to Ralf on the basis + # that he's spent a few hours doing what he thinks is + # better than what I've spent the last 4 years on, + # and so he isn't prepared to cooperate with me.'' + # -- Ben Laurie, Apache-SSL author + +Name: ssl_module +ConfigStart + + # + # interface to the src/Configure script + # + my_dir="`echo ${modfile} | sed -e 's:/[^/]*$::'`" + my_version="$my_dir/libssl.version" + my_outfile="Makefile.config" + my_prefix=" +" + my_prefixe=" " + SSL_CFLAGS='' + SSL_LDFLAGS='' + SSL_LIBS='' + + # + # determine mod_ssl author version + # + A_ID=`cat $my_version | sed -e 's; .*;;'` + A_NAME=`echo $A_ID | sed -e 's;/.*;;'` + A_VER=`echo $A_ID | sed -e 's;.*/;;'` + A_VER_STR=`echo $A_VER | sed -e 's;-.*;;'` + case $A_VER_STR in + *.*b* ) + A_VER_HEX=`echo "$A_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' && + echo "$A_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'` + ;; + *.*.* ) + A_VER_HEX=`echo "$A_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'` + ;; + esac + echo "$my_prefix SSL interface: $A_NAME/$A_VER_STR" + SSL_VERSION="-DMOD_SSL_VERSION=\\\"$A_VER_STR\\\"" + + # + # determine optional mod_ssl product version + # + if [ ".`egrep '.*/.* .*/.*' $my_version`" != . ]; then + P_ID=`cat $my_version | sed -e 's;.* ;;'` + P_NAME=`echo $P_ID | sed -e 's;/.*;;'` + P_VER=`echo $P_ID | sed -e 's;.*/;;'` + P_VER_STR=`echo $P_VER | sed -e 's;-.*;;'` + case $P_VER_STR in + *.*b* ) + P_VER_HEX=`echo "$P_VER_STR" | sed -e 's/b.*//' | awk -F. '{ printf("%d%02d", $1, $2); }' && + echo "$P_VER_STR" | sed -e 's/.*b//' | awk '{ printf("0%02d", $1); }'` + ;; + *.*.* ) + P_VER_HEX=`echo "$P_VER_STR" | awk -F. '{ printf("%d%02d1%02d", $1, $2, $3); }'` + ;; + esac + echo "$my_prefix SSL product: $P_NAME/$P_VER_STR" + SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_NAME=\\\"$P_NAME\\\"" + SSL_VERSION="$SSL_VERSION -DSSL_PRODUCT_VERSION=\\\"$P_VER_STR\\\"" + fi + + # + # determine object build type + # + case $modfile in + *.so ) my_buildtype="DSO" ;; + * ) my_buildtype="OBJ" ;; + esac + echo "$my_prefix SSL interface build type: $my_buildtype" + + # + # determine SSL rules + # + if [ ".$APXS_MODE" = .YES ]; then + my_rule_SSL_COMPAT=$SSL_COMPAT + my_rule_SSL_SDBM=$SSL_SDBM + my_rule_SSL_EXPERIMENTAL=$SSL_EXPERIMENTAL + else + my_rule_SSL_COMPAT=`./helpers/CutRule SSL_COMPAT $file` + my_rule_SSL_SDBM=`./helpers/CutRule SSL_SDBM $file` + my_rule_SSL_EXPERIMENTAL=`./helpers/CutRule SSL_EXPERIMENTAL $file` + fi + + # + # determine compatibility mode + # + if [ ".$my_rule_SSL_COMPAT" = .yes ]; then + echo "$my_prefix SSL interface compatibility: enabled" + SSL_CFLAGS="$SSL_CFLAGS -DSSL_COMPAT" + else + echo "$my_prefix SSL interface compatibility: disabled" + fi + + # + # determine experimental mode + # + if [ ".$my_rule_SSL_EXPERIMENTAL" = .yes ]; then + echo "$my_prefix SSL interface experimental code: enabled" + SSL_CFLAGS="$SSL_CFLAGS -DSSL_EXPERIMENTAL" + else + echo "$my_prefix SSL interface experimental code: disabled" + fi + + # + # determine DBM support library + # (src/Configure has DBM_LIB predefined for some platforms) + # + if [ ".$APXS_MODE" != .YES ]; then + SSL_DBM_NAME='' + # 1. check for predefined DBM lib + if [ ".$DBM_LIB" != . ]; then + LIBS_ORIG="$LIBS" + LIBS="$LIBS $DBM_LIB" + if ./helpers/TestCompile func dbm_open; then + SSL_DBM_NAME="Configured DBM ($DBM_LIB)" + SSL_DBM_FLAG="$DBM_LIB" + fi + LIBS="$LIBS_ORIG" + fi + # 2. check for various vendor DBM libs + if [ ".$SSL_DBM_NAME" = . ]; then + if ./helpers/TestCompile func dbm_open; then + SSL_DBM_NAME='Vendor DBM (libc)' + SSL_DBM_FLAG='' + elif ./helpers/TestCompile lib dbm dbm_open; then + SSL_DBM_NAME='Vendor DBM (libdbm)' + SSL_DBM_FLAG='-ldbm' + elif ./helpers/TestCompile lib ndbm dbm_open; then + SSL_DBM_NAME='Vendor DBM (libndbm)' + SSL_DBM_FLAG='-lndbm' + fi + fi + # 3. let the SSL_SDBM rule override decisions + if [ ".$my_rule_SSL_SDBM" = .yes ]; then + # force us to fallback to SDBM + SSL_DBM_NAME='' + fi + if [ ".$my_rule_SSL_SDBM" = .no ]; then + # for us to never use SDBM, but be + # careful when no DBM was found at all + if [ ".$SSL_DBM_NAME" = . ]; then + echo "Error: SDBM is needed, because no custom or vendor DBM library available!" 1>&2 + echo "Hint: Allow us to choose SDBM by changing the rule SSL_SDBM, please." 1>&2 + exit 1 + fi + fi + # 4. finally configure the chosen DBM lib + if [ ".$SSL_DBM_NAME" != . ]; then + echo "$my_prefix SSL interface plugin: $SSL_DBM_NAME" + my_dbm_already_used=`echo $LIBS | grep -- " $SSL_DBM_FLAG"` + if [ ".$my_buildtype" = .OBJ -a ".$my_dbm_already_used" != . ]; then + : + else + SSL_LIBS="$SSL_LIBS $SSL_DBM_FLAG" + fi + else + echo "$my_prefix SSL interface plugin: Built-in SDBM" + SSL_CFLAGS="$SSL_CFLAGS -DSSL_USE_SDBM" + fi + fi + + # + # determine SSL_BASE + # + if [ ".$SSL_BASE" = . ]; then + SSL_BASE=`egrep '^SSL_BASE=' $file | tail -1 | awk -F= '{print $2}'` + if [ ".$SSL_BASE" = . ]; then + SSL_BASE="/usr/local/ssl" + fi + fi + case $SSL_BASE in + SYSTEM ) ;; + /* ) ;; + * ) SSL_BASE="`cd ../$SSL_BASE; pwd`" ;; + esac + if [ ".$SSL_BASE" = .SYSTEM ]; then + echo "$my_prefix SSL library path: [SYSTEM]" + else + if [ ! -d "$SSL_BASE" ]; then + echo "Error: Cannot find SSL installation in $SSL_BASE" 1>&2 + echo "Hint: Please provide us with the location of SSLeay" 1>&2 + echo " via the environment variable SSL_BASE." 1>&2 + exit 1 + fi + echo "$my_prefix SSL library path: $SSL_BASE" + fi + + # + # determine location of SSLeay binaries + # + SSL_BINDIR="" + if [ ".$SSL_BASE" = .SYSTEM ]; then + for name in openssl ssleay; do + for p in . `echo $PATH | sed -e 's/:/ /g'`; do + if [ -f "$p/$name" ]; then + SSL_PROGRAM="$p/$name" + SSL_BINDIR="$p" + break + fi + done + if [ ".$SSL_BINDIR" != . ]; then + break; + fi + done + if [ ".$SSL_BINDIR" = . ]; then + echo "Error: Cannot find SSL binaries in $PATH" 1>&2 + exit 1 + fi + else + for name in openssl ssleay; do + if [ -f "$SSL_BASE/bin/$name" ]; then + SSL_PROGRAM="$SSL_BASE/bin/$name" + SSL_BINDIR='$(SSL_BASE)/bin' + break; + fi + if [ -f "$SSL_BASE/apps/$name" ]; then + SSL_PROGRAM="$SSL_BASE/apps/$name" + SSL_BINDIR='$(SSL_BASE)/apps' + break; + fi + done + if [ ".$SSL_BINDIR" = . ]; then + echo "Error: Cannot find SSL binaries under $SSL_BASE" 1>&2 + exit 1 + fi + fi + + # + # determine location of SSLeay headers + # + if [ ".$SSL_BASE" = .SYSTEM ]; then + SSL_INCDIR="" + for p in . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl; do + if [ -f "$p/ssl.h" ]; then + SSL_INCDIR="$p" + break + fi + done + if [ ".$SSL_INCDIR" = . ]; then + echo "Error: Cannot find SSL header files in any of the following dirs:" 1>&2 + echo "Error: . /usr/include /usr/include/ssl/ /usr/local/include /usr/local/include/ssl" 1>&2 + exit 1 + fi + else + if [ -f "$SSL_BASE/include/ssl.h" ]; then + SSL_INCDIR='$(SSL_BASE)/include' + else + if [ -f "$SSL_BASE/ssl.h" ]; then + SSL_INCDIR='$(SSL_BASE)' + else + echo "Error: Cannot find SSL header files under $SSL_BASE" 1>&2 + exit 1 + fi + fi + fi + SSL_CFLAGS="$SSL_CFLAGS -I\$(SSL_INCDIR)" + + # + # determine location of SSLeay libraries + # + if [ ".$SSL_BASE" = .SYSTEM ]; then + SSL_LIBDIR="" + for p in . /lib /usr/lib /usr/local/lib; do + if [ -f "$p/libssl.a" -o -f "$p/libssl.so" ]; then + SSL_LIBDIR="$p" + my_real_ssl_libdir="$p" + break + fi + done + if [ ".$SSL_LIBDIR" = . ]; then + echo "Error: Cannot find SSL library files in any of the following dirs:" 1>&2 + echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2 + exit 1 + fi + else + if [ -f "$SSL_BASE/lib/libssl.a" ]; then + SSL_LIBDIR='$(SSL_BASE)/lib' + my_real_ssl_libdir="$SSL_BASE/lib" + else + if [ -f "$SSL_BASE/libssl.a" ]; then + SSL_LIBDIR='$(SSL_BASE)' + my_real_ssl_libdir="$SSL_BASE" + else + echo "Error: Cannot find SSL library files under $SSL_BASE" 1>&2 + exit 1 + fi + fi + fi + SSL_LDFLAGS="$SSL_LDFLAGS -L\$(SSL_LIBDIR)" + SSL_LIBS="$SSL_LIBS -lssl -lcrypto" + + # + # SSL installation type + # + case $SSL_BINDIR in + */apps ) my_type="source tree only" ;; + * ) my_type="installed package" ;; + esac + case $SSL_BASE in + SYSTEM ) my_note="(system-wide)" ;; + * ) my_note="(stand-alone)" ;; + esac + echo "$my_prefix SSL library type: $my_type $my_note" + + # + # SSL version + # + SSLEAY_VERSION="`$SSL_PROGRAM version`" + echo "$my_prefix SSL library version: $SSLEAY_VERSION" + case $SSLEAY_VERSION in + *0.[5678].* ) + echo "$my_prefixe WARNING: THE SSLeay VERSIONS BELOW 0.9.0 ARE NO LONGER SUPPORTED." + echo "$my_prefixe Hint: Use SSLeay version 0.9.0b or any OpenSSL version." + exit 1 + ;; + esac + + # + # support for RSAref library + # + if [ ".$RSA_BASE" = . ]; then + RSA_BASE=`egrep '^RSA_BASE=' $file | tail -1 | awk -F= '{print $2}'` + fi + if [ ".$RSA_BASE" != . ]; then + if [ ! -f "$my_real_ssl_libdir/libRSAglue.a" ]; then + echo "Error: Cannot find SSLeay's RSAglue library under $my_real_ssl_libdir" 1>&2 + exit 1 + else + SSL_LIBS="$SSL_LIBS -lRSAglue" + fi + case $RSA_BASE in + SYSTEM ) ;; + /* ) ;; + * ) RSA_BASE="`cd ../$RSA_BASE; pwd`" ;; + esac + echo "$my_prefix SSL library plugin mode: RSAref (explicitly configured)" + else + if [ -f "$my_real_ssl_libdir/libRSAglue.a" ]; then + if [ ".`$SSL_PROGRAM version -f | grep -- -DRSAref`" != . ]; then + SSL_LIBS="$SSL_LIBS -lRSAglue" + if [ -f "$SSL_BASE/Makefile.ssl" ]; then + if [ ".`egrep -- '-L[^ ]*/rsaref' $SSL_BASE/Makefile.ssl`" != . ]; then + RSA_BASE=`egrep -- '-L[^ ]*/rsaref' $SSL_BASE/Makefile.ssl |\ + head -1 | sed -e 's;.*-L\([^ ]*/rsaref[^ ]*\).*;\1;'` + fi + fi + if [ ".$RSA_BASE" = . ]; then + RSA_BASE='SYSTEM' + fi + fi + fi + if [ ".$RSA_BASE" != . ]; then + echo "$my_prefix SSL library plugin mode: RSAref (implicitly configured)" + else + echo "$my_prefix SSL library plugin mode: none" + fi + fi + if [ ".$RSA_BASE" != . ]; then + if [ ".$RSA_BASE" = .SYSTEM ]; then + my_found=no + for p in . /lib /usr/lib /usr/local/lib; do + if [ -f "$p/librsaref.a" -o -f "$p/librsaref.so" ]; then + SSL_LDFLAGS="$SSL_LDFLAGS -L$p" + SSL_LIBS="$SSL_LIBS -lrsaref" + echo "$my_prefix SSL library plugin path: $p/librsaref.a" + my_found=yes + break + fi + done + if [ .$my_found = .no ]; then + echo "Error: Cannot find RSAref library in any of the following dirs:" 1>&2 + echo "Error: . /lib /usr/lib /usr/local/lib" 1>&2 + exit 1 + fi + else + my_found=no + if [ -f "$RSA_BASE/librsaref.a" ]; then + SSL_LDFLAGS="$SSL_LDFLAGS -L$RSA_BASE" + SSL_LIBS="$SSL_LIBS -lrsaref" + echo "$my_prefix SSL library plugin path: $RSA_BASE/librsaref.a" + my_found=yes + else + if [ -f "$RSA_BASE/rsaref.a" ]; then + SSL_LIBS="$SSL_LIBS $RSA_BASE/rsaref.a" + echo "$my_prefix SSL library plugin path: $RSA_BASE/rsaref.a" + my_found=yes + else + wild="`echo $RSA_BASE/*/rsaref.a`" + if [ -f "$wild" ]; then + SSL_LIBS="$SSL_LIBS $wild" + echo "$my_prefix SSL library plugin path: $wild" + my_found=yes + fi + fi + fi + if [ .$my_found = .no ]; then + echo "Error: Cannot find RSAref library under $RSA_BASE" 1>&2 + exit 1 + fi + fi + fi + + # + # Special GCC/DSO support + # + # Under some platforms where GCC is used we have to link the DSO + # (libssl.so) explicitly against the GCC library (libgcc) to avoid + # problems with missing symbols like __umoddi3, etc. + # + # Notice: When GCC is installed as "cc" we assume it's really + # well incorporated into the system and no hack is + # needed (like on FreeBSD, Linux, etc.) + # + if [ ".$my_buildtype" = .DSO ]; then + case $CC in + gcc|*/gcc|egcs|*/egcs|egcc|*/egcc|pgcc|*/pgcc ) + gcclibdir="`$CC --print-libgcc-file-name | sed -e 's;/[^/]*$;;'`" + SSL_LIBS="$SSL_LIBS -L$gcclibdir -lgcc" + ;; + esac + fi + + # + # adjust the Apache build environment + # + echo "SSL_BASE=$SSL_BASE" >>$my_outfile + echo "SSL_BINDIR=$SSL_BINDIR" >>$my_outfile + echo "SSL_INCDIR=$SSL_INCDIR" >>$my_outfile + echo "SSL_LIBDIR=$SSL_LIBDIR" >>$my_outfile + echo "SSL_PROGRAM=$SSL_PROGRAM" >>$my_outfile + echo "SSL_VERSION=$SSL_VERSION" >>$my_outfile + echo "SSL_CFLAGS=$SSL_CFLAGS" >>$my_outfile + if [ ".$my_buildtype" = .DSO ]; then + # under DSO we link ourself + echo "SSL_LIBS=$SSL_LIBS" >>$my_outfile + echo "SSL_LDFLAGS=$SSL_LDFLAGS" >>$my_outfile + else + # else we are linked with httpd + LDFLAGS="$LDFLAGS $SSL_LDFLAGS" + LIBS="$LIBS $SSL_LIBS" + fi + CFLAGS="$CFLAGS -DMOD_SSL=$A_VER_HEX" + if [ ".$P_ID" != . ]; then + CFLAGS="$CFLAGS -DSSL_PRODUCT=$P_VER_HEX" + fi + RULE_EAPI=yes + +ConfigEnd + |