Introduce --with-ssl={openssl} as a configure option

This is a replacement for the existing --with-openssl, extending the logic to make easier the addition of new SSL libraries. The grammar is chosen to be similar to --with-uuid, where multiple values can be chosen, with "openssl" as the only supported value for now. The original switch, --with-openssl, is kept for compatibility. Author: Daniel Gustafsson, Michael Paquier Reviewed-by: Jacob Champion Discussion: https://postgr.es/m/FAB21FC8-0F62-434F-AA78-6BD9336D630A@yesql.se
2025-07-30 11:03:19 +03:00 · 2021-02-01 19:19:44 +09:00
parent 7c5d57caed
commit fe61df7f82
22 changed files with 137 additions and 82 deletions
--- a/configure.ac
+++ b/configure.ac
@ -852,15 +852,6 @@ PGAC_ARG_BOOL(with, bonjour, no,
 AC_MSG_RESULT([$with_bonjour])


-#
-# OpenSSL
-#
-AC_MSG_CHECKING([whether to build with OpenSSL support])
-PGAC_ARG_BOOL(with, openssl, no, [build with OpenSSL support],
-              [AC_DEFINE([USE_OPENSSL], 1, [Define to build with OpenSSL support. (--with-openssl)])])
-AC_MSG_RESULT([$with_openssl])
-AC_SUBST(with_openssl)
-
 #
 # SELinux
 #
@ -1205,7 +1196,21 @@ if test "$with_gssapi" = yes ; then
  fi
 fi

+#
+# SSL Library
+#
+# There is currently only one supported SSL/TLS library: OpenSSL.
+#
+PGAC_ARG_REQ(with, ssl, [LIB], [use LIB for SSL/TLS support (openssl)])
+if test x"$with_ssl" = x"" ; then
+  with_ssl=no
+fi
+PGAC_ARG_BOOL(with, openssl, no, [obsolete spelling of --with-ssl=openssl])
 if test "$with_openssl" = yes ; then
+  with_ssl=openssl
+fi
+
+if test "$with_ssl" = openssl ; then
  dnl Order matters!
  # Minimum required OpenSSL version is 1.0.1
  AC_DEFINE(OPENSSL_API_COMPAT, [0x10001000L],
@ -1229,7 +1234,11 @@ if test "$with_openssl" = yes ; then
  # thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
  # function was removed.
  AC_CHECK_FUNCS([CRYPTO_lock])
+  AC_DEFINE([USE_OPENSSL], 1, [Define to 1 if you have OpenSSL support.])
+elif test "$with_ssl" != no ; then
+  AC_MSG_ERROR([--with-ssl must specify openssl])
 fi
+AC_SUBST(with_ssl)

 if test "$with_pam" = yes ; then
  AC_CHECK_LIB(pam,    pam_start, [], [AC_MSG_ERROR([library 'pam' is required for PAM])])
@ -1402,7 +1411,7 @@ if test "$with_gssapi" = yes ; then
 	[AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])])
 fi

-if test "$with_openssl" = yes ; then
+if test "$with_ssl" = openssl ; then
  AC_CHECK_HEADER(openssl/ssl.h, [], [AC_MSG_ERROR([header file <openssl/ssl.h> is required for OpenSSL])])
  AC_CHECK_HEADER(openssl/err.h, [], [AC_MSG_ERROR([header file <openssl/err.h> is required for OpenSSL])])
 fi
@ -2159,7 +2168,7 @@ fi
 # first choice, else the native platform sources (Windows API or /dev/urandom)
 # will be used.
 AC_MSG_CHECKING([which random number source to use])
-if test x"$with_openssl" = x"yes" ; then
+if test x"$with_ssl" = x"openssl" ; then
  AC_MSG_RESULT([OpenSSL])
 elif test x"$PORTNAME" = x"win32" ; then
  AC_MSG_RESULT([Windows native])