krb5 commit: Rename --with-proxy-tls-impl to --with-tls-impl

Greg Hudson ghudson at MIT.EDU
Sat Jul 19 16:25:33 EDT 2014


https://github.com/krb5/krb5/commit/788e70c7c77b0c1f4a79e3f1b6c96a0cf99e0327
commit 788e70c7c77b0c1f4a79e3f1b6c96a0cf99e0327
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Jul 17 15:20:53 2014 -0400

    Rename --with-proxy-tls-impl to --with-tls-impl
    
    Make the configure option for TLS implementation more generic, in case
    we use the k5tls module for something other than KDC proxy support.
    Rename all of the associated symbols for consistency.
    
    ticket: 7929

 src/Makefile.in                   |    2 +-
 src/config/pre.in                 |    8 +++---
 src/configure.in                  |   42 +++++++++++++++++-------------------
 src/plugins/tls/k5tls/Makefile.in |    4 +-
 src/plugins/tls/k5tls/notls.c     |    4 +-
 src/plugins/tls/k5tls/openssl.c   |    4 +-
 src/tests/t_proxy.py              |    5 +--
 src/util/k5test.py                |    4 +-
 8 files changed, 35 insertions(+), 38 deletions(-)

diff --git a/src/Makefile.in b/src/Makefile.in
index 92bb60a..522f21d 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -554,7 +554,7 @@ pyrunenv.vals: Makefile
 	for i in $(RUN_VARS); do \
 		eval echo 'env['\\\'$$i\\\''] = '\\\'\$$$$i\\\'; \
 	done > $@
-	echo "proxy_tls_impl = '$(PROXY_TLS_IMPL)'" >> $@
+	echo "tls_impl = '$(TLS_IMPL)'" >> $@
 
 runenv.py: pyrunenv.vals
 	echo 'env = {}' > $@
diff --git a/src/config/pre.in b/src/config/pre.in
index fd8ee56..002c2f7 100644
--- a/src/config/pre.in
+++ b/src/config/pre.in
@@ -429,10 +429,10 @@ PKINIT_CRYPTO_IMPL		= @PKINIT_CRYPTO_IMPL@
 PKINIT_CRYPTO_IMPL_CFLAGS	= @PKINIT_CRYPTO_IMPL_CFLAGS@
 PKINIT_CRYPTO_IMPL_LIBS		= @PKINIT_CRYPTO_IMPL_LIBS@
 
-# TLS implementation selection for HTTPS proxy support
-PROXY_TLS_IMPL                  = @PROXY_TLS_IMPL@
-PROXY_TLS_IMPL_CFLAGS           = @PROXY_TLS_IMPL_CFLAGS@
-PROXY_TLS_IMPL_LIBS             = @PROXY_TLS_IMPL_LIBS@
+# TLS implementation selection
+TLS_IMPL	= @TLS_IMPL@
+TLS_IMPL_CFLAGS = @TLS_IMPL_CFLAGS@
+TLS_IMPL_LIBS	= @TLS_IMPL_LIBS@
 
 # error table rules
 #
diff --git a/src/configure.in b/src/configure.in
index 43509ab..2e22470 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -272,50 +272,48 @@ AC_SUBST(PKINIT_CRYPTO_IMPL)
 AC_SUBST(PKINIT_CRYPTO_IMPL_CFLAGS)
 AC_SUBST(PKINIT_CRYPTO_IMPL_LIBS)
 
-# WITH_PROXY_TLS_IMPL
+# WITH_TLS_IMPL
 
-AC_ARG_WITH([proxy-tls-impl],
-AC_HELP_STRING([--with-proxy-tls-impl=IMPL],
-               [use specified TLS implementation for HTTPS @<:@auto@:>@]),
-[PROXY_TLS_IMPL=$withval],[PROXY_TLS_IMPL=auto])
-case "$PROXY_TLS_IMPL" in
+AC_ARG_WITH([tls-impl],
+AC_HELP_STRING([--with-tls-impl=IMPL],
+               [use specified TLS implementation @<:@auto@:>@]),
+[TLS_IMPL=$withval],[TLS_IMPL=auto])
+case "$TLS_IMPL" in
 openssl|auto)
   AC_CHECK_LIB(ssl,SSL_CTX_new,[have_lib_ssl=true],[have_lib_ssl=false],
                -lcrypto)
   AC_MSG_CHECKING([for OpenSSL])
   if test x$have_lib_ssl = xtrue ; then
-    AC_DEFINE(PROXY_TLS_IMPL_OPENSSL,1,
-              [Define if HTTPS TLS implementation is OpenSSL])
+    AC_DEFINE(TLS_IMPL_OPENSSL,1,[Define if TLS implementation is OpenSSL])
     AC_MSG_RESULT([yes])
-    PROXY_TLS_IMPL_LIBS="-lssl -lcrypto"
-    PROXY_TLS_IMPL=openssl
-    AC_MSG_NOTICE(HTTPS support will use TLS from '$PROXY_TLS_IMPL')
+    TLS_IMPL_LIBS="-lssl -lcrypto"
+    TLS_IMPL=openssl
+    AC_MSG_NOTICE([TLS module will use OpenSSL])
   else
-    if test "$PROXY_TLS_IMPL" = openssl ; then
+    if test "$TLS_IMPL" = openssl ; then
       AC_MSG_ERROR([OpenSSL not found!])
     else
       AC_MSG_WARN([OpenSSL not found!])
     fi
-    PROXY_TLS_IMPL=no
-    AC_MSG_NOTICE(building without HTTPS support)
+    TLS_IMPL=no
+    AC_MSG_NOTICE(building without TLS support)
   fi
   ;;
 no)
-  AC_MSG_NOTICE(building without HTTPS support)
+  AC_MSG_NOTICE(building without TLS support)
   ;;
 *)
-  AC_MSG_ERROR([Unsupported HTTPS proxy TLS implementation $withval])
+  AC_MSG_ERROR([Unsupported TLS implementation $withval])
   ;;
 esac
 
-if test "$PROXY_TLS_IMPL" = no; then
-   AC_DEFINE(PROXY_TLS_IMPL_NONE,1,
-             [Define if no HTTP TLS implementation is selected])
+if test "$TLS_IMPL" = no; then
+   AC_DEFINE(TLS_IMPL_NONE,1,[Define if no TLS implementation is selected])
 fi
 
-AC_SUBST(PROXY_TLS_IMPL)
-AC_SUBST(PROXY_TLS_IMPL_CFLAGS)
-AC_SUBST(PROXY_TLS_IMPL_LIBS)
+AC_SUBST(TLS_IMPL)
+AC_SUBST(TLS_IMPL_CFLAGS)
+AC_SUBST(TLS_IMPL_LIBS)
 
 AC_ARG_ENABLE([aesni],
 AC_HELP_STRING([--disable-aesni],[Do not build with AES-NI support]), ,
diff --git a/src/plugins/tls/k5tls/Makefile.in b/src/plugins/tls/k5tls/Makefile.in
index 4d58df0..e5ae830 100644
--- a/src/plugins/tls/k5tls/Makefile.in
+++ b/src/plugins/tls/k5tls/Makefile.in
@@ -1,14 +1,14 @@
 mydir=plugins$(S)tls$(S)k5tls
 BUILDTOP=$(REL)..$(S)..$(S)..
 MODULE_INSTALL_DIR = $(KRB5_TLS_MODULE_DIR)
-LOCALINCLUDES= $(PROXY_TLS_IMPL_CFLAGS)
+LOCALINCLUDES= $(TLS_IMPL_CFLAGS)
 
 LIBBASE=k5tls
 LIBMAJOR=0
 LIBMINOR=0
 RELDIR=../plugins/tls/k5tls
 SHLIB_EXPDEPS= $(KRB5_DEPLIB) $(SUPPORT_DEPLIB)
-SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(PROXY_TLS_IMPL_LIBS)
+SHLIB_EXPLIBS= $(KRB5_LIB) $(SUPPORT_LIB) $(TLS_IMPL_LIBS)
 
 STLIBOBJS=openssl.o notls.o
 
diff --git a/src/plugins/tls/k5tls/notls.c b/src/plugins/tls/k5tls/notls.c
index 7be0a4a..357af81 100644
--- a/src/plugins/tls/k5tls/notls.c
+++ b/src/plugins/tls/k5tls/notls.c
@@ -36,7 +36,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_NONE
+#ifdef TLS_IMPL_NONE
 
 krb5_error_code
 tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
@@ -50,4 +50,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_NONE */
+#endif /* TLS_IMPL_NONE */
diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c
index 0691a34..41917c4 100644
--- a/src/plugins/tls/k5tls/openssl.c
+++ b/src/plugins/tls/k5tls/openssl.c
@@ -31,7 +31,7 @@
 #include "k5-utf8.h"
 #include "k5-tls.h"
 
-#ifdef PROXY_TLS_IMPL_OPENSSL
+#ifdef TLS_IMPL_OPENSSL
 #include <openssl/err.h>
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
@@ -567,4 +567,4 @@ tls_k5tls_initvt(krb5_context context, int maj_ver, int min_ver,
     return 0;
 }
 
-#endif /* PROXY_TLS_IMPL_OPENSSL */
+#endif /* TLS_IMPL_OPENSSL */
diff --git a/src/tests/t_proxy.py b/src/tests/t_proxy.py
index e4e3d48..a9ba67e 100644
--- a/src/tests/t_proxy.py
+++ b/src/tests/t_proxy.py
@@ -2,9 +2,8 @@
 from k5test import *
 
 # Skip this test if we're missing proxy functionality or parts of the proxy.
-if runenv.proxy_tls_impl == 'no':
-    success('Warning: not testing proxy support because feature ' +
-            'was not enabled')
+if runenv.tls_impl == 'no':
+    success('Warning: not testing proxy support because TLS was not enabled')
     exit(0)
 try:
     from paste import httpserver
diff --git a/src/util/k5test.py b/src/util/k5test.py
index 8cb477d..4a10974 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -179,8 +179,8 @@ Scripts may use the following functions and variables:
 
 * runenv: The contents of $srctop/runenv.py, containing a dictionary
   'env' which specifies additional variables to be added to the realm
-  environment, and a variable 'proxy_tls_impl', which indicates which
-  SSL implementation (if any) is being used by libkrb5's support for
+  environment, and a variable 'tls_impl', which indicates which TLS
+  implementation (if any) is being used by libkrb5's support for
   contacting KDCs and kpasswd servers over HTTPS.
 
 * verbose: Whether the script is running verbosely.


More information about the cvs-krb5 mailing list