[PATCH] neon: honor --disable-openssl and use GNUTLS

Andres Gomez (via Code Review) gerrit at gerrit.libreoffice.org
Thu Apr 11 05:15:45 PDT 2013 

Hi,

I have submitted a patch for review:

    https://gerrit.libreoffice.org/3330

To pull it, you can do:

    git pull ssh://gerrit.libreoffice.org:29418/core refs/changes/30/3330/1

neon: honor --disable-openssl and use GNUTLS

On --disable-openssl, the bundled neon library
will link against GNUTLS + gcrypt instead of
OpenSSL.

Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4
---
M config_host.mk.in
M configure.ac
M neon/Library_neon.mk
M neon/UnpackedTarball_neon.mk
M neon/configs/config.h
A neon/neon_with_gnutls.patch
6 files changed, 87 insertions(+), 7 deletions(-)



diff --git a/config_host.mk.in b/config_host.mk.in
index d794d16..a0f4675 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -182,6 +182,8 @@
 export GIT_NEEDED_SUBMODULES=@GIT_NEEDED_SUBMODULES@
 export GNOMEVFS_CFLAGS=$(gb_SPACE)@GNOMEVFS_CFLAGS@
 export GNOMEVFS_LIBS=$(gb_SPACE)@GNOMEVFS_LIBS@
+export GNUTLS_CFLAGS=$(gb_SPACE)@GNUTLS_CFLAGS@
+export GNUTLS_LIBS=$(gb_SPACE)@GNUTLS_LIBS@
 export PARALLELISM?=@PARALLELISM@
 @x_GNUCP@ export GNUCOPY=@GNUCP@
 export GNUMAKE=@GNUMAKE@
@@ -289,6 +291,8 @@
 export LIBEXTTEXTCAT_LIBS=$(gb_SPACE)@LIBEXTTEXTCAT_LIBS@
 export LIBFONTS_JAR=@LIBFONTS_JAR@
 export LIBFORMULA_JAR=@LIBFORMULA_JAR@
+export LIBGCRYPT_CFLAGS=@LIBGCRYPT_CFLAGS@
+export LIBGCRYPT_LIBS=@LIBGCRYPT_LIBS@
 export LIBLANGTAG_CFLAGS=$(gb_SPACE)@LIBLANGTAG_CFLAGS@
 export LIBLANGTAG_LIBS=$(gb_SPACE)@LIBLANGTAG_LIBS@
 export LIBLAYOUT_JAR=@LIBLAYOUT_JAR@
diff --git a/configure.ac b/configure.ac
index 9c1f2e9..2c852f2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -8562,6 +8562,21 @@
 AC_SUBST([DISABLE_OPENSSL])
 
 dnl ===================================================================
+dnl Check for building gnutls
+dnl ===================================================================
+AC_MSG_CHECKING([whether to use gnutls])
+if test "$enable_neon" != "no" && test "$enable_openssl" = "no"; then
+    AC_MSG_RESULT([yes])
+    AM_PATH_LIBGCRYPT()
+    PKG_CHECK_MODULES(GNUTLS, [gnutls],,
+        AC_MSG_ERROR([Disabling OpenSSL was requested, but GNUTLS is not
+                      available in the system to use as replacement.]))
+fi
+
+AC_SUBST([LIBGCRYPT_CFLAGS])
+AC_SUBST([LIBGCRYPT_LIBS])
+
+dnl ===================================================================
 dnl Check for system redland
 dnl ===================================================================
 dnl versions before 1.0.8 write RDF/XML that is useless for ODF (@xml:base)
diff --git a/neon/Library_neon.mk b/neon/Library_neon.mk
index bc5fe25..0ea887f 100644
--- a/neon/Library_neon.mk
+++ b/neon/Library_neon.mk
@@ -13,10 +13,15 @@
 
 $(eval $(call gb_Library_use_externals,neon,\
 	libxml2 \
-	openssl \
-	openssl_headers \
 	zlib \
 ))
+
+ifneq ($(DISABLE_OPENSSL),YES)
+$(eval $(call gb_Library_use_externals,neon,\
+	openssl \
+	openssl_headers \
+))
+endif
 
 $(eval $(call gb_Library_set_visibility_default,neon))
 
@@ -56,8 +61,28 @@
 	UnpackedTarball/neon/src/ne_utils \
 	UnpackedTarball/neon/src/ne_xml \
 	UnpackedTarball/neon/src/ne_xmlreq \
+))
+
+
+ifneq ($(DISABLE_OPENSSL),YES)
+$(eval $(call gb_Library_add_generated_cobjects,neon,\
 	UnpackedTarball/neon/src/ne_openssl \
 ))
+else
+$(eval $(call gb_Library_add_generated_cobjects,neon,\
+	UnpackedTarball/neon/src/ne_gnutls \
+))
+$(eval $(call gb_Library_add_cflags,neon,\
+	-DDISABLE_OPENSSL \
+	$(LIBGCRYPT_CFLAGS) \
+	$(GNUTLS_CFLAGS) \
+))
+$(eval $(call gb_Library_add_libs,neon,\
+	$(LIBGCRYPT_LIBS) \
+	$(GNUTLS_LIBS) \
+))
+endif
+
 
 ifeq ($(OS),WNT)
 $(eval $(call gb_Library_use_system_win32_libs,neon,\
@@ -76,9 +101,11 @@
 ))
 
 else
+ifneq ($(DISABLE_OPENSSL),YES)
 $(eval $(call gb_Library_add_generated_cobjects,neon,\
 	UnpackedTarball/neon/src/ne_ntlm \
 ))
+endif
 
 endif
 
diff --git a/neon/UnpackedTarball_neon.mk b/neon/UnpackedTarball_neon.mk
index a099718..a6cb87b 100644
--- a/neon/UnpackedTarball_neon.mk
+++ b/neon/UnpackedTarball_neon.mk
@@ -20,6 +20,7 @@
 $(eval $(call gb_UnpackedTarball_add_patches,neon,\
 	neon/neon.patch \
 	neon/neon_ne_set_request_flag.patch \
+	neon/neon_with_gnutls.patch \
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git a/neon/configs/config.h b/neon/configs/config.h
index db68aa2..b0fdf22 100644
--- a/neon/configs/config.h
+++ b/neon/configs/config.h
@@ -79,23 +79,25 @@
 #define HAVE_GETSOCKOPT 1
 #endif
 
+#ifdef DISABLE_OPENSSL
 /* Define if GnuTLS support is enabled */
-/* #undef HAVE_GNUTLS */
+#define HAVE_GNUTLS
 
 /* Define to 1 if you have the `gnutls_certificate_get_x509_cas' function. */
 /* #undef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS */
 
 /* Define to 1 if you have the `gnutls_certificate_verify_peers2' function. */
-/* #undef HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2 */
+#define HAVE_GNUTLS_CERTIFICATE_VERIFY_PEERS2
 
 /* Define to 1 if you have the `gnutls_session_get_data2' function. */
-/* #undef HAVE_GNUTLS_SESSION_GET_DATA2 */
+#define HAVE_GNUTLS_SESSION_GET_DATA2
 
 /* Define to 1 if you have the `gnutls_sign_callback_set' function. */
-/* #undef HAVE_GNUTLS_SIGN_CALLBACK_SET */
+#define HAVE_GNUTLS_SIGN_CALLBACK_SET
 
 /* Define to 1 if you have the `gnutls_x509_dn_get_rdn_ava' function. */
-/* #undef HAVE_GNUTLS_X509_DN_GET_RDN_AVA */
+#define HAVE_GNUTLS_X509_DN_GET_RDN_AVA
+#endif /* DISABLE_OPENSSL */
 
 /* Define if GSSAPI support is enabled */
 /* #undef HAVE_GSSAPI */
@@ -179,6 +181,7 @@
 #define HAVE_NETINET_TCP_H 1
 #endif
 
+#ifndef DISABLE_OPENSSL
 /* Define if NTLM is supported */
 #ifndef WIN32
 #define HAVE_NTLM 1
@@ -192,6 +195,7 @@
 
 /* Define to 1 if you have the <openssl/ssl.h> header file. */
 #define HAVE_OPENSSL_SSL_H 1
+#endif /* !DISABLE_OPENSSL */
 
 /* Define if pakchois library supported */
 /* #undef HAVE_PAKCHOIS */
diff --git a/neon/neon_with_gnutls.patch b/neon/neon_with_gnutls.patch
new file mode 100644
index 0000000..ed8b7fa
--- /dev/null
+++ b/neon/neon_with_gnutls.patch
@@ -0,0 +1,29 @@
+--- src/ne_gnutls.c	2009-12-02 23:40:41.000000000 +0200
++++ src/ne_gnutls.c	2013-03-29 13:41:00.429857276 +0200
+@@ -48,6 +48,26 @@
+ #include <iconv.h>
+ #endif
+ 
++
++/* GnuTLS removed these symbols from 2.99.0.
++ *
++ * This is a dodgy solution to avoid further patching of neon
++ * sources */
++#if LIBGNUTLS_VERSION_NUMBER >= 0x026300
++# define gnutls_pkcs12          gnutls_pkcs12_t
++# define gnutls_pkcs12_bag      gnutls_pkcs12_bag_t
++# define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
++# define gnutls_certificate_verify_peers(_ssl) ({ \
++    int __status_ ## __LINE__ = 0; \
++    gnutls_certificate_verify_peers2((_ssl), &__status_ ## __LINE__) == 0 \
++        ? __status_ ## __LINE__ : -1; \
++  })
++#elif LIBGNUTLS_VERSION_NUMBER >= 0x020303
++/* GnuTLS had these symbols since 2.3.3. */
++# define HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS
++#endif /* LIBGNUTLS_VERSION_NUMBER */
++
++
+ #include "ne_ssl.h"
+ #include "ne_string.h"
+ #include "ne_session.h"

-- 
To view, visit https://gerrit.libreoffice.org/3330
To unsubscribe, visit https://gerrit.libreoffice.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5b3f09cd1003aefde0478aaab026536c962212c4
Gerrit-PatchSet: 1
Gerrit-Project: core
Gerrit-Branch: master
Gerrit-Owner: Andres Gomez <agomez at igalia.com>

More information about the LibreOffice mailing list