diff --git a/Makefile.am b/Makefile.am index 30f49ec1..c2d34520 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,15 @@ openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c openconnect_CFLAGS = $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) openconnect_LDADD = libopenconnect.la $(SSL_LIBS) $(DTLS_SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(LIBINTL) -library_srcs = ssl.c http.c auth.c library.c compat.c @SSL_LIBRARY@.c +library_srcs = ssl.c http.c auth.c library.c compat.c +lib_srcs_gnutls = gnutls.c gnutls_pkcs12.c +lib_srcs_openssl = openssl.c +if OPENCONNECT_GNUTLS +library_srcs += $(lib_srcs_gnutls) +endif +if OPENCONNECT_OPENSSL +library_srcs += $(lib_srcs_openssl) +endif libopenconnect_la_SOURCES = version.c $(library_srcs) libopenconnect_la_CFLAGS = $(SSL_CFLAGS) $(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(P11KIT_CFLAGS) $(TSS_CFLAGS) libopenconnect_la_LIBADD = $(SSL_LIBS) $(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(LIBINTL) $(P11KIT_LIBS) $(TSS_LIBS) @@ -31,13 +39,13 @@ endif pkgconfig_DATA = openconnect.pc -EXTRA_DIST = version.sh COPYING.LGPL gnutls_pkcs12.c gnutls.c openssl.c +EXTRA_DIST = version.sh COPYING.LGPL $(lib_srcs_openssl) $(lib_srcs_gnutls) DISTCLEANFILES = $(pkgconfig_DATA) -gnutls.o: gnutls_pkcs12.c main.o: version.c -version.c: $(library_srcs) $(openconnect_SOURCES) Makefile.am configure.ac \ +version.c: $(library_srcs) $(lib_openssl_srcs) $(lib_gnutls_srcs) \ + $(openconnect_SOURCES) Makefile.am configure.ac \ openconnect.h openconnect-internal.h version.sh @GITVERSIONDEPS@ @cd $(srcdir) && ./version.sh $(abs_builddir)/version.c diff --git a/configure.ac b/configure.ac index 6c5f6936..8216fe04 100644 --- a/configure.ac +++ b/configure.ac @@ -328,6 +328,8 @@ case "$ssl_library" in AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.]) ;; esac +AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" != "openssl" ]) +AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "openssl" ]) # Needs to happen after we default to static/shared libraries based on OpenSSL AC_PROG_LIBTOOL diff --git a/gnutls.c b/gnutls.c index 7e3ab083..be40ddab 100644 --- a/gnutls.c +++ b/gnutls.c @@ -64,6 +64,7 @@ static P11KitPin *pin_callback(const char *pin_source, P11KitUri *pin_uri, void *_vpninfo); #endif +#include "gnutls.h" #include "openconnect-internal.h" /* Helper functions for reading/writing lines over SSL. @@ -286,12 +287,6 @@ static int load_datum(struct openconnect_info *vpninfo, return 0; } -#ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE -/* If we're using a version of GnuTLS from before this was - exported, pull in our local copy. */ -#include "gnutls_pkcs12.c" -#endif - /* A non-zero, non-error return to make load_certificate() continue and interpreting the file as other types */ #define NOT_PKCS12 1 diff --git a/gnutls.h b/gnutls.h new file mode 100644 index 00000000..ab34dc5e --- /dev/null +++ b/gnutls.h @@ -0,0 +1,45 @@ +/* + * OpenConnect (SSL + DTLS) VPN client + * + * Copyright © 2008-2012 Intel Corporation. + * + * Author: David Woodhouse + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * version 2.1, as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to: + * + * Free Software Foundation, Inc. + * 51 Franklin Street, Fifth Floor, + * Boston, MA 02110-1301 USA + */ + +#ifndef __OPENCONNECT_GNUTLS_H__ +#define __OPENCONNECT_GNUTLS_H__ + +#include +#include + +#ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE +/* If we're using a version of GnuTLS from before this was + exported, pull in our local copy. */ +int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password, + gnutls_x509_privkey_t * key, + gnutls_x509_crt_t ** chain, + unsigned int * chain_len, + gnutls_x509_crt_t ** extra_certs, + unsigned int * extra_certs_len, + gnutls_x509_crl_t * crl, + unsigned int flags); + +#endif /* !HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */ + +#endif /* __OPENCONNECT_GNUTLS_H__ */ diff --git a/gnutls_pkcs12.c b/gnutls_pkcs12.c index 543f4abe..c2e76659 100644 --- a/gnutls_pkcs12.c +++ b/gnutls_pkcs12.c @@ -7,6 +7,11 @@ * explicit permission. */ +#ifndef HAVE_GNUTLS_PKCS12_SIMPLE_PARSE + +#include +#include "gnutls.h" + #define opaque unsigned char #define gnutls_assert() do {} while(0) #define gnutls_assert_val(x) (x) @@ -124,7 +129,7 @@ unsigned int i; * * Since: 3.1 **/ -static int +int gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, const char *password, gnutls_x509_privkey_t * key, @@ -519,3 +524,5 @@ gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12, return ret; } + +#endif /* HAVE_GNUTLS_PKCS12_SIMPLE_PARSE */