PHPC-888: Support additional TLS libraries for bundled libmongoc

jmikola · jmikola · commit d679bfe152fa · 2018-01-22T12:01:47.000-05:00
diff --git a/config.m4 b/config.m4
@@ -1,10 +1,6 @@
 dnl config.m4 for extension mongodb
 PHP_ARG_ENABLE(mongodb, whether to enable mongodb support,
 [  --enable-mongodb           Enable mongodb support])
-PHP_ARG_WITH(openssl-dir, OpenSSL dir for mongodb,
-[  --with-openssl-dir[=DIR]  openssl install prefix], yes, no)
-PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
-[  --with-system-ciphers   OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
 
 dnl borrowed from libmongoc configure.ac
 dnl AS_VAR_COPY is available in AC 2.64 and on, but we only require 2.60.
@@ -297,44 +293,23 @@ if test "$PHP_MONGODB" != "no"; then
 
     PHP_ADD_SOURCES_X(PHP_EXT_DIR(mongodb)[src/libmongoc/src/mongoc], $PHP_MONGODB_MONGOC_SOURCES, $PHP_MONGODB_MONGOC_CFLAGS, shared_objects_mongodb, yes)
 
-    AC_SUBST(MONGOC_ENABLE_CRYPTO, 0)
-    AC_SUBST(MONGOC_ENABLE_SSL, 0)
-    AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
-    AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
-    AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 0)
+    m4_include(scripts/build/autotools/m4/pkg.m4)
 
-    PHP_SETUP_OPENSSL(MONGODB_SHARED_LIBADD, [
-      AC_SUBST(MONGOC_ENABLE_CRYPTO, 1)
-      AC_SUBST(MONGOC_ENABLE_SSL, 1)
-      AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
-      AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 1)
-
-      AC_CHECK_DECLS([ASN1_STRING_get0_data], [AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 1)], [AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 0)], [[#include <openssl/asn1.h>]])
-    ])
+    m4_include(scripts/build/autotools/CheckHost.m4)
+    m4_include(scripts/build/autotools/CheckSSL.m4)
 
     if test "$PHP_SYSTEM_CIPHERS" != "no"; then
       AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 1)
     else
       AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 0)
     fi
 
-    dnl TODO: Support building with Secure Transport on OSX
-    AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
-    AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
-
-    dnl Secure Channel only applies to Windows
-    AC_SUBST(MONGOC_ENABLE_SSL_SECURE_CHANNEL, 0)
-    AC_SUBST(MONGOC_ENABLE_CRYPTO_CNG, 0)
-
-    AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
-
     AC_SUBST(MONGOC_NO_AUTOMATIC_GLOBALS, 1)
 
     AC_CHECK_TYPE([socklen_t], [AC_SUBST(MONGOC_HAVE_SOCKLEN, 1)], [AC_SUBST(MONGOC_HAVE_SOCKLEN, 0)], [#include <sys/socket.h>])
 
     with_snappy=auto
     with_zlib=auto
-    m4_include(src/libmongoc/build/autotools/m4/pkg.m4)
     m4_include(src/libmongoc/build/autotools/CheckSnappy.m4)
     m4_include(src/libmongoc/build/autotools/CheckZlib.m4)
 
diff --git a/scripts/build/autotools/CheckHost.m4 b/scripts/build/autotools/CheckHost.m4
@@ -0,0 +1,54 @@
+AC_CANONICAL_HOST
+
+os_win32=no
+os_netbsd=no
+os_freebsd=no
+os_openbsd=no
+os_hpux=no
+os_linux=no
+os_solaris=no
+os_darwin=no
+os_gnu=no
+
+case "$host" in
+    *-mingw*|*-*-cygwin*)
+        os_win32=yes
+        TARGET_OS=windows
+        ;;
+    *-*-*netbsd*)
+        os_netbsd=yes
+        ARGET_OS=unix
+        ;;
+    *-*-*freebsd*)
+        os_freebsd=yes
+        TARGET_OS=unix
+        ;;
+    *-*-*openbsd*)
+        os_openbsd=yes
+        TARGET_OS=unix
+        ;;
+    *-*-hpux*)
+        os_hpux=yes
+        TARGET_OS=unix
+        ;;
+    *-*-linux*)
+        os_linux=yes
+        os_gnu=yes
+        TARGET_OS=unix
+        ;;
+    *-*-solaris*)
+        os_solaris=yes
+        TARGET_OS=unix
+        ;;
+    *-*-darwin*)
+        os_darwin=yes
+        TARGET_OS=unix
+        ;;
+    gnu*|k*bsd*-gnu*)
+        os_gnu=yes
+        TARGET_OS=unix
+        ;;
+    *)
+        AC_MSG_WARN([*** Please add $host to configure.ac checks!])
+        ;;
+esac
diff --git a/scripts/build/autotools/CheckSSL.m4 b/scripts/build/autotools/CheckSSL.m4
@@ -0,0 +1,215 @@
+PHP_ARG_WITH([mongodb-ssl],
+             [whether to enable crypto and TLS],
+             [AS_HELP_STRING([--with-mongodb-ssl=@<:@auto/no/openssl/libressl/darwin@:>@],
+                             [MongoDB: Enable TLS connections and SCRAM-SHA-1 authentication [default=auto]])],
+             [auto],
+             [no])
+
+PHP_ARG_ENABLE([mongodb-crypto-system-profile],
+               [whether to use system crypto profile],
+               [AC_HELP_STRING([--enable-mongodb-crypto-system-profile],
+                               [MongoDB: Use system crypto profile (OpenSSL only) [default=no]])],
+               [no],
+               [no])
+
+PHP_ARG_WITH([openssl-dir],
+             [deprecated option for OpenSSL library path],
+             [AC_HELP_STRING([--with-openssl-dir=@<:@auto/DIR@:>@],
+                             [MongoDB: OpenSSL library path (deprecated for pkg-config) [default=auto]])],
+             [auto],
+             [no])
+
+PHP_ARG_WITH([system-ciphers],
+             [deprecated option for whether to use system crypto profile],
+             AC_HELP_STRING([--enable-system-ciphers],
+                            [MongoDB: whether to use system crypto profile (deprecated for --enable-mongodb-crypto-system-profile) [default=no]]),
+             [no],
+             [no])
+
+AS_IF([test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "auto"],[
+  found_openssl="no"
+
+  PKG_CHECK_MODULES([PHP_MONGODB_SSL],[openssl],[
+    PHP_EVAL_INCLINE([$PHP_MONGODB_SSL_CFLAGS])
+    PHP_EVAL_LIBLINE([$PHP_MONGODB_SSL_LIBS],[MONGODB_SHARED_LIBADD])
+    PHP_MONGODB_SSL="openssl"
+    found_openssl="yes"
+
+    old_CFLAGS="$CFLAGS"
+    CFLAGS="$PHP_MONGODB_SSL_CFLAGS $CFLAGS"
+
+    AC_CHECK_DECLS([ASN1_STRING_get0_data],
+                   [have_ASN1_STRING_get0_data="yes"],
+                   [have_ASN1_STRING_get0_data="no"],
+                   [[#include <openssl/asn1.h>]])
+
+    CFLAGS="$old_CFLAGS"
+  ],[
+    unset OPENSSL_INCDIR
+    unset OPENSSL_LIBDIR
+
+    dnl Use a list of directories from PHP_SETUP_OPENSSL by default.
+    dnl Support documented "auto" and older, undocumented "yes" options
+    if test "$PHP_OPENSSL_DIR" = "auto" -o "$PHP_OPENSSL_DIR" = "yes"; then
+      PHP_OPENSSL_DIR="/usr/local/ssl /usr/local /usr /usr/local/openssl"
+    fi
+
+    for i in $PHP_OPENSSL_DIR; do
+      if test -r $i/include/openssl/evp.h; then
+        OPENSSL_INCDIR="$i/include"
+      fi
+      if test -r $i/$PHP_LIBDIR/libssl.a -o -r $i/$PHP_LIBDIR/libssl.$SHLIB_SUFFIX_NAME; then
+        OPENSSL_LIBDIR="$i/$PHP_LIBDIR"
+      fi
+      test -n "$OPENSSL_INCDIR" && test -n "$OPENSSL_LIBDIR" && break
+    done
+
+    if test -n "$OPENSSL_LIBDIR"; then
+      OPENSSL_LIBDIR_LDFLAG="-L$OPENSSL_LIBDIR"
+    fi
+
+    PHP_CHECK_LIBRARY([crypto],
+                      [EVP_DigestInit_ex],
+                      [have_crypto_lib="yes"],
+                      [have_crypto_lib="no"],
+                      [$OPENSSL_LIBDIR_LDFLAG])
+    PHP_CHECK_LIBRARY([ssl],
+                      [SSL_library_init],
+                      [have_ssl_lib="yes"],
+                      [have_ssl_lib="no"],
+                      [$OPENSSL_LIBDIR_LDFLAG -lcrypto])
+
+    if test "$have_ssl_lib" = "yes" -a "$have_crypto_lib" = "yes"; then
+      PHP_ADD_LIBRARY([ssl],,[MONGODB_SHARED_LIBADD])
+      PHP_ADD_LIBRARY([crypto],,[MONGODB_SHARED_LIBADD])
+
+      if test -n "$OPENSSL_LIBDIR"; then
+        PHP_ADD_LIBPATH([$OPENSSL_LIBDIR],[MONGODB_SHARED_LIBADD])
+      fi
+
+      if test -n "$OPENSSL_INCDIR"; then
+        PHP_ADD_INCLUDE($OPENSSL_INCDIR)
+      fi
+
+      old_CFLAGS="$CFLAGS"
+      CFLAGS="-I$OPENSSL_INCDIR $CFLAGS"
+
+      AC_CHECK_DECLS([ASN1_STRING_get0_data],
+                     [have_ASN1_STRING_get0_data="yes"],
+                     [have_ASN1_STRING_get0_data="no"],
+                     [[#include <openssl/asn1.h>]])
+
+      CFLAGS="$old_CFLAGS"
+
+      PHP_MONGODB_SSL="openssl"
+      found_openssl="yes"
+    fi
+  ])
+
+  if test "$PHP_MONGODB_SSL" = "openssl" -a "$found_openssl" != "yes"; then
+    AC_MSG_ERROR([OpenSSL libraries and development headers could not be found])
+  fi
+])
+
+AS_IF([test "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "auto"],[
+  found_libressl="no"
+
+  PKG_CHECK_MODULES([PHP_MONGODB_SSL],[libtls libcrypto],[
+    PHP_EVAL_INCLINE([$PHP_MONGODB_SSL_CFLAGS])
+    PHP_EVAL_LIBLINE([$PHP_MONGODB_SSL_LIBS],[MONGODB_SHARED_LIBADD])
+    PHP_MONGODB_SSL="libressl"
+    found_libressl="yes"
+  ],[
+    PHP_CHECK_LIBRARY([crypto],
+                      [EVP_DigestInit_ex],
+                      [have_crypto_lib="yes"],
+                      [have_crypto_lib="no"])
+    PHP_CHECK_LIBRARY([tls],
+                      [tls_init],
+                      [have_ssl_lib="yes"],
+                      [have_ssl_lib="no"],
+                      [-lcrypto])
+
+    if test "$have_ssl_lib" = "yes" -a "$have_crypto_lib" = "yes"; then
+      PHP_ADD_LIBRARY([tls],,[MONGODB_SHARED_LIBADD])
+      PHP_ADD_LIBRARY([crypto],,[MONGODB_SHARED_LIBADD])
+      PHP_MONGODB_SSL="libressl"
+      found_libressl="yes"
+    fi
+  ])
+
+  if test "$PHP_MONGODB_SSL" = "libressl" -a "$found_libressl" != "yes"; then
+    AC_MSG_ERROR([LibreSSL libraries and development headers could not be found])
+  fi
+])
+
+AS_IF([test "$PHP_MONGODB_SSL" = "darwin" -o \( "$PHP_MONGODB_SSL" = "auto" -a "$os_darwin" = "yes" \)],[
+  dnl PHP_FRAMEWORKS is only used for SAPI builds, so use MONGODB_SHARED_LIBADD for shared builds
+  if test "$ext_shared" = "yes"; then
+    MONGODB_SHARED_LIBADD="-framework Security -framework CoreFoundation $MONGODB_SHARED_LIBADD"
+  else
+    PHP_ADD_FRAMEWORK([Security])
+    PHP_ADD_FRAMEWORK([CoreFoundation])
+  fi
+  PHP_MONGODB_SSL="darwin"
+])
+
+AS_IF([test "$PHP_MONGODB_SSL" = "auto"],[
+  PHP_MONGODB_SSL="no"
+])
+
+AC_MSG_CHECKING([which TLS library to use])
+AC_MSG_RESULT([$PHP_MONGODB_SSL])
+
+dnl Disable Windows SSL and crypto
+AC_SUBST(MONGOC_ENABLE_SSL_SECURE_CHANNEL, 0)
+AC_SUBST(MONGOC_ENABLE_CRYPTO_CNG, 0)
+
+if test "$PHP_MONGODB_SSL" = "openssl" -o "$PHP_MONGODB_SSL" = "libressl" -o "$PHP_MONGODB_SSL" = "darwin"; then
+  AC_SUBST(MONGOC_ENABLE_SSL, 1)
+  AC_SUBST(MONGOC_ENABLE_CRYPTO, 1)
+  if test "$PHP_MONGODB_SSL" = "darwin"; then
+    AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
+    AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
+    AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 1)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 1)
+  elif test "$PHP_MONGODB_SSL" = "openssl"; then
+    AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 1)
+    AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
+    AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
+  elif test "$PHP_MONGODB_SSL" = "libressl"; then
+    AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
+    AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 1)
+    AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 1)
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
+  fi
+else
+  AC_SUBST(MONGOC_ENABLE_SSL, 0)
+  AC_SUBST(MONGOC_ENABLE_SSL_LIBRESSL, 0)
+  AC_SUBST(MONGOC_ENABLE_SSL_OPENSSL, 0)
+  AC_SUBST(MONGOC_ENABLE_SSL_SECURE_TRANSPORT, 0)
+  AC_SUBST(MONGOC_ENABLE_CRYPTO, 0)
+  AC_SUBST(MONGOC_ENABLE_CRYPTO_LIBCRYPTO, 0)
+  AC_SUBST(MONGOC_ENABLE_CRYPTO_COMMON_CRYPTO, 0)
+fi
+
+if test "x$have_ASN1_STRING_get0_data" = "xyes"; then
+  AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 1)
+else
+  AC_SUBST(MONGOC_HAVE_ASN1_STRING_GET0_DATA, 0)
+fi
+
+dnl Also consider the deprecated --enable-system-ciphers option
+if test "$PHP_MONGODB_CRYPTO_SYSTEM_PROFILE" = "yes" -o "$PHP_SYSTEM_CIPHERS" = "yes"; then
+  if test "$PHP_MONGODB_SSL" = "openssl"; then
+    AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 1)
+  else
+    AC_MSG_ERROR([System crypto profile is only available with OpenSSL])
+  fi
+else
+  AC_SUBST(MONGOC_ENABLE_CRYPTO_SYSTEM_PROFILE, 0)
+fi
diff --git a/scripts/build/autotools/m4/pkg.m4 b/scripts/build/autotools/m4/pkg.m4
