diff options
| author | Rodrigo Arias Mallo <rodarima@gmail.com> | 2025-06-30 21:35:24 +0200 |
|---|---|---|
| committer | Rodrigo Arias Mallo <rodarima@gmail.com> | 2025-07-02 22:31:15 +0200 |
| commit | cc3f49392384fa02de9c754a3fec069aa24a4843 (patch) | |
| tree | b6437c2c575b7fc6321e3ddc15ec1a8ad336f75c /configure.ac | |
| parent | 2da3e913291c39bca3e1342161be6885ca48e333 (diff) | |
Don't change CFLAGS or LDFLAGS for custom Mbed TLS
Adding the extra flags to search Mbed TLS in CFLAGS and LDFLAGS directly
inhibits AC_PROG_CC from injecting the usual -O2 and -g flags. Instead,
we add them to MBEDTLS_* set of variables which are only used to locate
Mbed TLS. Then we pass them to the Makefile via AC_SUBSTAC_SUBST().
We also move the LIBSSL_* flags to be early on the order of dillo_LDADD,
so that extra -L flags which can be injected from fltk-config or other
programs, don't accidentally point to /usr/lib or a similar location
where it could race with another installation of Mbed TLS.
This mechanism won't work for cases in which Mbed TLS has libraries
installed in a location other than the default search path, but works
for Arch Linux and Gentoo because the symlink them to the default search
path, even if they are installed in a different location.
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/configure.ac b/configure.ac index ead7080a..74cb1141 100644 --- a/configure.ac +++ b/configure.ac @@ -23,11 +23,11 @@ AC_ARG_WITH([jpeg-inc], AC_ARG_WITH([mbedtls-lib], [AS_HELP_STRING([--with-mbedtls-lib=DIR], [Specify where to find MbedTLS libraries])], - [LDFLAGS="$LDFLAGS -L$withval"]) + [MBEDTLS_LIBDIR=$withval]) AC_ARG_WITH([mbedtls-inc], [AS_HELP_STRING([--with-mbedtls-inc=DIR], [Specify where to find MbedTLS headers])], - [CFLAGS="$CFLAGS -I$withval" CXXFLAGS="$CXXFLAGS -I$withval"]) + [MBEDTLS_INCDIR=$withval]) AC_ARG_ENABLE([efence], [AS_HELP_STRING([--enable-efence], [Try to compile and run with Electric Fence])], @@ -491,15 +491,29 @@ if test "x$enable_tls" = "xyes"; then dnl Try to find mbedTLS if OpenSSL failed or is disabled if test "x$enable_mbedtls" = "xyes"; then if test "x$openssl_ok" != "xyes"; then + + if test -n "$MBEDTLS_LIBDIR"; then + MBEDTLS_LDFLAGS="-L$MBEDTLS_LIBDIR" + fi + if test -n "$MBEDTLS_INCDIR"; then + MBEDTLS_CPPFLAGS="-I$MBEDTLS_INCDIR" + fi + + old_cppflags="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $MBEDTLS_CPPFLAGS" dnl In mbed TLS 2.3.0, ssl.h needs platform.h but fails to include it. AC_CHECK_HEADER(mbedtls/ssl.h, mbedtls_ok=yes, mbedtls_ok=no, [#include <mbedtls/platform.h>]) + CPPFLAGS="$old_cppflags" dnl If the headers are found, try to link with mbedTLS if test "x$mbedtls_ok" = "xyes"; then old_libs="$LIBS" + old_ldflags="$LDFLAGS" + LDFLAGS="$LDFLAGS $MBEDTLS_LDFLAGS" AC_SEARCH_LIBS(mbedtls_ssl_init, [mbedtls-3 mbedtls], mbedtls_ok=yes, mbedtls_ok=no) AC_SEARCH_LIBS(mbedtls_pk_get_name, [mbedcrypto-3 mbedcrypto], mbedcrypto_ok=yes, mbedcrypto_ok=no) AC_SEARCH_LIBS(mbedtls_x509_crt_init, [mbedx509-3 mbedx509], mbedx509_ok=yes, mbedx509_ok=no) + LDFLAGS="$old_ldflags" LIBS="$old_libs" fi @@ -509,6 +523,8 @@ if test "x$enable_tls" = "xyes"; then tls_impl="mbedTLS" AC_DEFINE([HAVE_MBEDTLS], [1], [mbedTLS works]) LIBSSL_LIBS="$ac_cv_search_mbedtls_ssl_init $ac_cv_search_mbedtls_pk_get_name $ac_cv_search_mbedtls_x509_crt_init" + LIBSSL_LDFLAGS="$MBEDTLS_LDFLAGS" + LIBSSL_CPPFLAGS="$MBEDTLS_CPPFLAGS" else mbedtls_ok=no AC_MSG_NOTICE([Cannot find mbedTLS]) @@ -787,6 +803,8 @@ AC_SUBST(LIBWEBP_LIBS) AC_SUBST(LIBZ_LIBS) AC_SUBST(BROTLI_LIBS) AC_SUBST(LIBSSL_LIBS) +AC_SUBST(LIBSSL_LDFLAGS) +AC_SUBST(LIBSSL_CPPFLAGS) AC_SUBST(LIBPTHREAD_LIBS) AC_SUBST(LIBPTHREAD_LDFLAGS) AC_SUBST(LIBFLTK_CXXFLAGS) |