admin/mongo-php-driver
1
0
Fork 0
mirror of https://github.com/macintoshplus/mongo-php-driver.git synced 2026-03-24 17:02:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
v1.x
mongo-php-driver/scripts/autotools/libmongoc/CheckSSL.m4
Jeremy Mikola 7da337fcb2 PHPC-2452: Warn if --with-openssl-dir is used (#1677)
2024-09-23 11:17:54 -04:00

274 lines
10 KiB
Plaintext
Raw Permalink Blame History

PHP_ARG_WITH([mongodb-ssl],
[whether to enable crypto and TLS],
[AS_HELP_STRING([--with-mongodb-ssl=@<:@auto/openssl/libressl/darwin/no@:>@],
[MongoDB: Enable TLS connections and SCRAM-SHA-1 authentication [default=auto]])],
[auto],
[no])
if test "$PHP_MONGODB_SSL" = "auto" -o "$PHP_MONGODB_SSL" = "no"; then
crypto_required="no"
else
crypto_required="yes"
dnl PHP_ARG_WITH without a value assigns "yes". Treat it like "auto" but
dnl require a crypto library.
if test "$PHP_MONGODB_SSL" = "yes"; then
PHP_MONGODB_SSL="auto"
fi
fi
PHP_MONGODB_VALIDATE_ARG([PHP_MONGODB_SSL], [auto openssl libressl darwin no])
PHP_ARG_WITH([openssl-dir],
[deprecated option for OpenSSL library path],
[AS_HELP_STRING([--with-openssl-dir=@<:@auto/DIR@:>@],
[MongoDB: OpenSSL library path (deprecated for pkg-config) [default=auto]])],
[auto],
[no])
if test "$PHP_OPENSSL_DIR" != "auto"; then
AC_MSG_WARN([Using --with-openssl-dir is deprecated and will be removed in a future version.])
fi
AS_IF([test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "auto"],[
found_openssl="no"
dnl OpenSSL 1.0.1 is required for libmongoc 1.24+ (CDRIVER-3562). This can be
dnl enforced through pkg-config but not the PHP_CHECK_LIBRARY fallback.
PKG_CHECK_MODULES([PHP_MONGODB_SSL],[openssl >= 1.0.1],[
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS $PHP_MONGODB_SSL_CFLAGS"
PHP_EVAL_LIBLINE([$PHP_MONGODB_SSL_LIBS],[MONGODB_SHARED_LIBADD])
PHP_MONGODB_SSL="openssl"
found_openssl="yes"
old_CFLAGS="$CFLAGS"
CFLAGS="$PHP_MONGODB_SSL_CFLAGS $CFLAGS"
AC_CHECK_DECLS([ASN1_STRING_get0_data],
[have_ASN1_STRING_get0_data="yes"],
[have_ASN1_STRING_get0_data="no"],
[[#include <openssl/asn1.h>]])
CFLAGS="$old_CFLAGS"
],[
unset OPENSSL_INCDIR
unset OPENSSL_LIBDIR
dnl Use a list of directories from PHP_SETUP_OPENSSL by default.
dnl Support documented "auto" and older, undocumented "yes" options
if test "$PHP_OPENSSL_DIR" = "auto" -o "$PHP_OPENSSL_DIR" = "yes"; then
PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl"
fi
for i in $PHP_OPENSSL_DIR; do
if test -r $i/include/openssl/evp.h; then
OPENSSL_INCDIR="$i/include"
fi
if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then
OPENSSL_LIBDIR="$i/$PHP_LIBDIR"
fi
test -n "$OPENSSL_INCDIR" && test -n "$OPENSSL_LIBDIR" && break
done
if test -n "$OPENSSL_LIBDIR"; then
OPENSSL_LIBDIR_LDFLAG="-L$OPENSSL_LIBDIR"
fi
PHP_CHECK_LIBRARY([crypto],
[EVP_DigestInit_ex],
[have_crypto_lib="yes"],
[have_crypto_lib="no"],
[$OPENSSL_LIBDIR_LDFLAG])
dnl Check whether OpenSSL >= 1.1.0 is available
PHP_CHECK_LIBRARY([ssl],
[OPENSSL_init_ssl],
[have_ssl_lib="yes"],
[have_ssl_lib="no"],
[$OPENSSL_LIBDIR_LDFLAG -lcrypto])
dnl If necessary, check whether OpenSSL < 1.1.0 is available
if test "$have_ssl_lib" = "no"; then
PHP_CHECK_LIBRARY([ssl],
[SSL_library_init],
[have_ssl_lib="yes"],
[have_ssl_lib="no"],
[$OPENSSL_LIBDIR_LDFLAG -lcrypto])
fi
if test "$have_ssl_lib" = "yes" -a "$have_crypto_lib" = "yes"; then
PHP_ADD_LIBRARY([ssl],,[MONGODB_SHARED_LIBADD])
PHP_ADD_LIBRARY([crypto],,[MONGODB_SHARED_LIBADD])
if test -n "$OPENSSL_LIBDIR"; then
PHP_ADD_LIBPATH([$OPENSSL_LIBDIR],[MONGODB_SHARED_LIBADD])
fi
if test -n "$OPENSSL_INCDIR"; then
PHP_ADD_INCLUDE($OPENSSL_INCDIR)
fi
old_CFLAGS="$CFLAGS"
CFLAGS="-I$OPENSSL_INCDIR $CFLAGS"
AC_CHECK_DECLS([ASN1_STRING_get0_data],
[have_ASN1_STRING_get0_data="yes"],
[have_ASN1_STRING_get0_data="no"],
[[#include <openssl/asn1.h>]])
CFLAGS="$old_CFLAGS"
PHP_MONGODB_SSL="openssl"
found_openssl="yes"
fi
])
if test "$PHP_MONGODB_SSL" = "openssl" -a "$found_openssl" != "yes"; then
AC_MSG_ERROR([OpenSSL libraries and development headers could not be found])
fi
])
AS_IF([test "$PHP_MONGODB_SSL" = "darwin" -o \( "$PHP_MONGODB_SSL" = "auto" -a "$os_darwin" = "yes" \)],[
if test "$os_darwin" = "no"; then
AC_MSG_ERROR([Darwin SSL is only supported on macOS])
fi
dnl PHP_FRAMEWORKS is only used for SAPI builds, so use MONGODB_SHARED_LIBADD for shared builds
if test "$ext_shared" = "yes"; then
MONGODB_SHARED_LIBADD="-framework Security -framework CoreFoundation $MONGODB_SHARED_LIBADD"
else
PHP_ADD_FRAMEWORK([Security])
PHP_ADD_FRAMEWORK([CoreFoundation])
fi
PHP_MONGODB_SSL="darwin"
])
AS_IF([test "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "auto"],[
found_libressl="no"
PKG_CHECK_MODULES([PHP_MONGODB_SSL],[libtls libcrypto],[
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS $PHP_MONGODB_SSL_CFLAGS"
PHP_EVAL_LIBLINE([$PHP_MONGODB_SSL_LIBS],[MONGODB_SHARED_LIBADD])
PHP_MONGODB_SSL="libressl"
found_libressl="yes"
],[
PHP_CHECK_LIBRARY([crypto],
[EVP_DigestInit_ex],
[have_crypto_lib="yes"],
[have_crypto_lib="no"])
PHP_CHECK_LIBRARY([tls],
[tls_init],
[have_ssl_lib="yes"],
[have_ssl_lib="no"],
[-lcrypto])
if test "$have_ssl_lib" = "yes" -a "$have_crypto_lib" = "yes"; then
PHP_ADD_LIBRARY([tls],,[MONGODB_SHARED_LIBADD])
PHP_ADD_LIBRARY([crypto],,[MONGODB_SHARED_LIBADD])
PHP_MONGODB_SSL="libressl"
found_libressl="yes"
fi
])
if test "$PHP_MONGODB_SSL" = "libressl" -a "$found_libressl" != "yes"; then
AC_MSG_ERROR([LibreSSL libraries and development headers could not be found])
fi
])
AS_IF([test "$PHP_MONGODB_SSL" = "auto"],[
if test "$crypto_required" = "yes"; then
AC_MSG_ERROR([crypto and TLS libraries not found])
fi
PHP_MONGODB_SSL="no"
])
AC_MSG_CHECKING([which TLS library to use])
AC_MSG_RESULT([$PHP_MONGODB_SSL])
dnl Disable Windows SSL and crypto
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_CHANNEL, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_CNG, 0)
AC_SUBST(MONGOC_HAVE_BCRYPT_PBKDF2, 0)
if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "darwin"; then
AC_SUBST(MONGOC_ENABLE_SSL, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO, 1)
if test "$PHP_MONGODB_SSL" = "darwin"; then
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 1)
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS -DKMS_MESSAGE_ENABLE_CRYPTO=1 -DKMS_MESSAGE_ENABLE_CRYPTO_COMMON_CRYPTO=1"
elif test "$PHP_MONGODB_SSL" = "openssl"; then
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 1)
AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS -DKMS_MESSAGE_ENABLE_CRYPTO=1 -DKMS_MESSAGE_ENABLE_CRYPTO_LIBCRYPTO=1"
elif test "$PHP_MONGODB_SSL" = "libressl"; then
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 1)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
PHP_MONGODB_BUNDLED_CFLAGS="$PHP_MONGODB_BUNDLED_CFLAGS -DKMS_MESSAGE_ENABLE_CRYPTO=1 -DKMS_MESSAGE_ENABLE_CRYPTO_LIBCRYPTO=1"
fi
else
AC_SUBST(MONGOC_ENABLE_SSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
fi
if test "$have_ASN1_STRING_get0_data" = "yes"; then
AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 1)
else
AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 0)
fi
PHP_ARG_ENABLE([mongodb-crypto-system-profile],
[whether to use system crypto profile],
[AS_HELP_STRING([--enable-mongodb-crypto-system-profile],
[MongoDB: Use system crypto profile (OpenSSL only) [default=no]])],
[no],
[no])
PHP_MONGODB_VALIDATE_ARG([PHP_MONGODB_CRYPTO_SYSTEM_PROFILE], [yes no])
PHP_ARG_WITH([system-ciphers],
[deprecated option for whether to use system crypto profile],
AS_HELP_STRING([--enable-system-ciphers],
[MongoDB: whether to use system crypto profile (deprecated for --enable-mongodb-crypto-system-profile) [default=no]]),
[no],
[no])
dnl Do not validate PHP_SYSTEM_CIPHERS for static builds, since it is also used
dnl by the OpenSSL extension, which checks for values other than "no".
if test "$ext_shared" = "yes"; then
PHP_MONGODB_VALIDATE_ARG([PHP_SYSTEM_CIPHERS], [yes no])
if test "$PHP_SYSTEM_CIPHERS" != "no"; then
AC_MSG_WARN([Using --enable-system-ciphers is deprecated and will be removed in a future version. Please use --enable-mongodb-crypto-system-profile instead])
fi
fi
dnl Also consider the deprecated --enable-system-ciphers option
if test "$PHP_MONGODB_CRYPTO_SYSTEM_PROFILE" = "yes" -o "$PHP_SYSTEM_CIPHERS" = "yes"; then
if test "$PHP_MONGODB_SSL" = "openssl"; then
AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 1)
else
AC_MSG_ERROR([System crypto profile is only available with OpenSSL])
fi
else
AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 0)
fi
Reference in New Issue View Git Blame Copy Permalink