Fix detection of proper OpenSSL and GnuTLS libraries

Until mainline support of QUIC are present in OpenSSL and GnuTLS, be sure to test whether the found library versions are the patched ones since the version number check is insufficient. This fixes the default build on a system where a new GnuTLS is present without the patches from the GnuTLS tmp-quic branch. Add new ENABLE_OPENSSL and ENABLE_GNUTLS CMake options to allow explicitly disabling these libraries to mirror the --without-openssl and the --without-gnutls functionality of autotools. Partially addresses https://github.com/ngtcp2/ngtcp2/issues/238

Fix detection of proper OpenSSL and GnuTLS libraries
Until mainline support of QUIC are present in OpenSSL and GnuTLS, be sure to test whether the found library versions are the patched ones since the version number check is insufficient. This fixes the default build on a system where a new GnuTLS is present without the patches from the GnuTLS tmp-quic branch. Add new ENABLE_OPENSSL and ENABLE_GNUTLS CMake options to allow explicitly disabling these libraries to mirror the --without-openssl and the --without-gnutls functionality of autotools. Partially addresses https://github.com/ngtcp2/ngtcp2/issues/238
92d05495 · Peter Wu · ffd1ed6d · 92d05495 · 92d05495 · 92d05495
Commit 92d05495 authored 4 years ago by Peter Wu
--- a/.travis.yml
+++ b/.travis.yml
@@ -57,13 +57,13 @@ before_script:
  - export PKG_CONFIG_PATH=$PWD/../openssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig LDFLAGS="$EXTRA_LDFLAGS -Wl,-rpath,$PWD/../openssl/build/lib"
  - |
    if [ "$CI_BUILD" == "autotools" ]; then
-      autoreconf -i && ./configure --enable-werror $AUTOTOOLS_OPTS --without-gnutls
+      autoreconf -i && ./configure --enable-werror $AUTOTOOLS_OPTS
    fi
  # Set CMAKE_LIBRARY_ARCHITECTURE to workaround failure to parse
  # implicit link information from GCC 5
  - |
    if [ "$CI_BUILD" == "cmake" ]; then
-      cmake $CMAKE_OPTS -DCMAKE_LIBRARY_ARCHITECTURE=x86_64-linux-gnu -DWITHOUT_GNUTLS=1
+      cmake $CMAKE_OPTS -DCMAKE_LIBRARY_ARCHITECTURE=x86_64-linux-gnu
    fi
 script:
  # Now build ngtcp2 examples and test

--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -67,14 +67,10 @@ foreach(_build_type "Release" "MinSizeRel" "RelWithDebInfo")
 endforeach()
-if(WITHOUT_GNUTLS)
+if(ENABLE_GNUTLS)
-  set(GNUTLS_FOUND FALSE)
-else()
  find_package(GnuTLS 3.6.12)
 endif()
-if(WITHOUT_OPENSSL)
+if(ENABLE_OPENSSL)
-  set(OPENSSL_FOUND FALSE)
-else()
  find_package(OpenSSL 1.1.1)
 endif()
 find_package(Libev 4.11)
@@ -87,23 +83,48 @@ if(HAVE_CUNIT)
 endif()
 # openssl (for examples)
-set(HAVE_OPENSSL    ${OPENSSL_FOUND})
+include(CMakePushCheckState)
-if(OPENSSL_FOUND)
+include(CheckSymbolExists)
+if(ENABLE_OPENSSL AND OPENSSL_FOUND)
+  # Until OpenSSL gains mainline support for QUIC, check for a patched version.
+  cmake_push_check_state()
+  set(CMAKE_REQUIRED_INCLUDES   "${OPENSSL_INCLUDE_DIR}")
+  set(CMAKE_REQUIRED_LIBRARIES  "${OPENSSL_LIBRARIES}")
+  check_symbol_exists(SSL_is_quic "openssl/ssl.h" HAVE_SSL_IS_QUIC)
+  if(NOT HAVE_SSL_IS_QUIC)
+    message(WARNING "Disabling OpenSSL due to lack of QUIC support in ${OPENSSL_LIBRARIES}")
+  endif()
+  cmake_pop_check_state()
+endif()
+if(ENABLE_OPENSSL AND HAVE_SSL_IS_QUIC)
  set(OPENSSL_INCLUDE_DIRS  ${OPENSSL_INCLUDE_DIR})
+  set(HAVE_OPENSSL 1)
  set(HAVE_CRYPTO 1)
 else()
  set(OPENSSL_INCLUDE_DIRS  "")
  set(OPENSSL_LIBRARIES     "")
 endif()
 # libev (for examples)
 set(HAVE_LIBEV      ${LIBEV_FOUND})
 # libnghttp3 (for examples)
 set(HAVE_LIBNGHTTP3 ${LIBNGHTTP3_FOUND})
-# GnuTLS (for examples)
+# GnuTLS (required for external https://github.com/ueno/ngtcp2-gnutls-examples)
-set(HAVE_GNUTLS    ${GNUTLS_FOUND})
+if(ENABLE_GNUTLS AND GNUTLS_FOUND)
-if(GNUTLS_FOUND)
+  # Until GnuTLS gains mainline support for QUIC, check for a patched version.
+  cmake_push_check_state()
+  set(CMAKE_REQUIRED_INCLUDES   "${GNUTLS_INCLUDE_DIR}")
+  set(CMAKE_REQUIRED_LIBRARIES  "${GNUTLS_LIBRARIES}")
+  check_symbol_exists(gnutls_handshake_write "gnutls/gnutls.h" HAVE_GNUTLS_HANDSHAKE_WRITE)
+  if(NOT HAVE_GNUTLS_HANDSHAKE_WRITE)
+    message(WARNING "Disabling GnuTLS due to lack of QUIC support in ${GNUTLS_LIBRARIES}")
+  endif()
+  cmake_pop_check_state()
+endif()
+if(ENABLE_GNUTLS AND HAVE_GNUTLS_HANDSHAKE_WRITE)
  set(GNUTLS_INCLUDE_DIRS  ${GNUTLS_INCLUDE_DIR})
+  set(HAVE_GNUTLS 1)
  set(HAVE_CRYPTO 1)
 else()
  set(GNUTLS_INCLUDE_DIRS  "")
@@ -133,7 +154,6 @@ if(SIZEOF_SSIZE_T STREQUAL "")
 endif()
 # Checks for symbols.
-include(CheckSymbolExists)
 if(HAVE_ENDIAN_H)
  check_symbol_exists(be64toh "endian.h" HAVE_BE64TOH)
 endif()
@@ -220,7 +240,6 @@ else()
  )
  if(ENABLE_ASAN)
-    include(CMakePushCheckState)
    cmake_push_check_state()
    set(CMAKE_REQUIRED_LIBRARIES "-fsanitize=address")
    check_c_compiler_flag(-fsanitize=address C__fsanitize_address_VALID)

--- a/CMakeOptions.txt
+++ b/CMakeOptions.txt
 # Features that can be enabled for cmake (see CMakeLists.txt)
 option(ENABLE_WERROR    "Make compiler warnings fatal" OFF)
-option(ENABLE_DEBUG     "Turn on debug output")
+option(ENABLE_DEBUG     "Turn on debug output" OFF)
 option(ENABLE_ASAN      "Enable AddressSanitizer (ASAN)" OFF)
+option(ENABLE_GNUTLS    "Enable GnuTLS crypto backend" ON)
+option(ENABLE_OPENSSL   "Enable OpenSSL crypto backend (required for examples)" ON)
 # vim: ft=cmake:
--- a/configure.ac
+++ b/configure.ac
@@ -158,6 +158,13 @@ if test "x${request_openssl}" != "xno"; then
  if test "x${have_openssl}" = "xno"; then
    AC_MSG_NOTICE($OPENSSL_PKG_ERRORS)
  fi
+  # Until OpenSSL gains mainline support for QUIC, check for a patched version.
+  AC_CHECK_LIB([ssl], [SSL_is_quic], [have_openssl_quic=yes],
+               [have_openssl_quic=no], [$OPENSSL_LIBS])
+  if test "x${have_openssl}${have_openssl_quic}" = "xyesno"; then
+    AC_MSG_NOTICE([openssl does not have QUIC interface, disabling it])
+    have_openssl=no
+  fi
 fi
 if test "x${request_openssl}" = "xyes" &&
@@ -175,6 +182,13 @@ if test "x${request_gnutls}" != "xno"; then
  if test "x${have_gnutls}" = "xno"; then
    AC_MSG_NOTICE($GNUTLS_PKG_ERRORS)
  fi
+  # Until GnuTLS gains mainline support for QUIC, check for a patched version.
+  AC_CHECK_LIB([gnutls], [gnutls_handshake_write], [have_gnutls_quic=yes],
+               [have_gnutls_quic=no], [$GNUTLS_LIBS])
+  if test "x${have_gnutls}${have_gnutls_quic}" = "xyesno"; then
+    AC_MSG_NOTICE([gnutls does not have QUIC interface, disabling it])
+    have_gnutls=no
+  fi
 fi
 if test "x${request_gnutls}" = "xyes" &&

--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -25,14 +25,14 @@ if(HAVE_CRYPTO)
  add_subdirectory(includes)
 endif()
-if(OPENSSL_FOUND)
+if(HAVE_OPENSSL)
  add_subdirectory(openssl)
-else()
+elseif(ENABLE_OPENSSL)
  message(WARNING "libngtcp2_crypto_openssl library is disabled due to lack of good OpenSSL")
 endif()
-if(GNUTLS_FOUND)
+if(HAVE_GNUTLS)
  add_subdirectory(gnutls)
-else()
+elseif(ENABLE_GNUTLS)
  message(WARNING "libngtcp2_crypto_gnutls library is disabled due to lack of good GnuTLS")
 endif()
--- a/crypto/includes/CMakeLists.txt
+++ b/crypto/includes/CMakeLists.txt
@@ -25,7 +25,7 @@ install(FILES
    ngtcp2/ngtcp2_crypto.h
  DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2")
-if(OPENSSL_FOUND)
+if(HAVE_OPENSSL)
  install(FILES
      ngtcp2/ngtcp2_crypto_openssl.h
      DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/ngtcp2")

--- a/examples/CMakeLists.txt
+++ b/examples/CMakeLists.txt
@@ -21,7 +21,7 @@
 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-if(LIBEV_FOUND AND OPENSSL_FOUND AND LIBNGHTTP3_FOUND)
+if(LIBEV_FOUND AND HAVE_OPENSSL AND LIBNGHTTP3_FOUND)
  include_directories(
    ${CMAKE_SOURCE_DIR}/lib/includes
    ${CMAKE_BINARY_DIR}/lib/includes