diff options
| author | Iwan Timmer <irtimmer@gmail.com> | 2018-07-26 22:47:50 +0100 |
|---|---|---|
| committer | Iwan Timmer <irtimmer@gmail.com> | 2018-07-27 21:23:17 +0100 |
| commit | 096cbdce13b811f34726533d1a569912adc7cbec (patch) | |
| tree | cdd10ccc2032850c291198a6e660cc1ddbe0a225 /meson.build | |
| parent | ba6aaf572774a49ec2ece32fff492ed814d60922 (diff) | |
| download | systemd-096cbdce13b811f34726533d1a569912adc7cbec.tar.gz systemd-096cbdce13b811f34726533d1a569912adc7cbec.tar.bz2 systemd-096cbdce13b811f34726533d1a569912adc7cbec.zip | |
resolved: basic OpenSSL support for DNS-over-TLS
This provides basic OpenSSL support without optimizations like TCP Fast Open and TLS Session Tickets.
Notice only a single SSL library can be enabled at a time and therefore journald functions provided by GnuTLS will be disabled when using OpenSSL.
Fixes #9531
Diffstat (limited to 'meson.build')
| -rw-r--r-- | meson.build | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/meson.build b/meson.build index a123940f10..5fcc57520a 100644 --- a/meson.build +++ b/meson.build @@ -1013,6 +1013,18 @@ else endif conf.set10('HAVE_GNUTLS', have) +want_openssl = get_option('openssl') +if want_openssl != 'false' and not fuzzer_build + libopenssl = dependency('openssl', + version : '>= 1.1.0', + required : want_openssl == 'true') + have = libopenssl.found() +else + have = false + libopenssl = [] +endif +conf.set10('HAVE_OPENSSL', have) + want_elfutils = get_option('elfutils') if want_elfutils != 'false' and not fuzzer_build libdw = dependency('libdw', @@ -1136,15 +1148,30 @@ substs.set('DEFAULT_DNSSEC_MODE', default_dnssec) dns_over_tls = get_option('dns-over-tls') if dns_over_tls != 'false' - have = (conf.get('HAVE_GNUTLS') == 1 and - libgnutls.version().version_compare('>=3.5.3')) - if dns_over_tls == 'true' and not have - error('DNS-over-TLS support was requested, but dependencies are not available') + if dns_over_tls == 'openssl' + have_gnutls = false + else + have_gnutls = (conf.get('HAVE_GNUTLS') == 1 and libgnutls.version().version_compare('>= 3.5.3')) + if dns_over_tls == 'gnutls' and not have_gnutls + error('DNS-over-TLS support was requested with gnutls, but dependencies are not available') + endif endif + if dns_over_tls == 'gnutls' or have_gnutls + have_openssl = false + else + have_openssl = conf.get('HAVE_OPENSSL') == 1 + if dns_over_tls != 'auto' and not have_openssl + str = dns_over_tls == 'openssl' ? ' with openssl' : '' + error('DNS-over-TLS support was requested$0$, but dependencies are not available'.format(str)) + endif + endif + have = have_gnutls or have_openssl else - have = false + have = have_gnutls = have_openssl = false endif conf.set10('ENABLE_DNS_OVER_TLS', have) +conf.set10('DNS_OVER_TLS_USE_GNUTLS', have_gnutls) +conf.set10('DNS_OVER_TLS_USE_OPENSSL', have_openssl) default_dns_over_tls = get_option('default-dns-over-tls') if fuzzer_build @@ -2950,6 +2977,7 @@ foreach tuple : [ ['qrencode'], ['microhttpd'], ['gnutls'], + ['openssl'], ['libcurl'], ['idn'], ['libidn2'], @@ -2976,7 +3004,8 @@ foreach tuple : [ ['localed'], ['networkd'], ['resolve'], - ['DNS-over-TLS'], + ['DNS-over-TLS(gnutls)', conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1], + ['DNS-over-TLS(openssl)', conf.get('DNS_OVER_TLS_USE_OPENSSL') == 1], ['coredump'], ['polkit'], ['legacy pkla', install_polkit_pkla], |