diff --git a/COPYING.md b/COPYING.md index 46a193fa..25f457f9 100644 --- a/COPYING.md +++ b/COPYING.md @@ -1,7 +1,7 @@ # stunnel license (see COPYRIGHT.md for detailed GPL conditions) -_Copyright (C) 1998-2022 Michal Trojnara_ +_Copyright (C) 1998-2023 Michal Trojnara_ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software diff --git a/Makefile.am b/Makefile.am index 3c6456e0..a8edb008 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions' @@ -16,12 +16,12 @@ doc_DATA = README.md TODO.md COPYING.md AUTHORS.md NEWS.md doc_DATA += PORTS.md BUGS.md COPYRIGHT.md CREDITS.md doc_DATA += INSTALL.W32.md INSTALL.WCE.md INSTALL.FIPS.md -EXTRA_DIST = .travis.yml $(doc_DATA) +EXTRA_DIST = .travis.yml makedh.sh $(doc_DATA) distcleancheck_listfiles = find . -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' distclean-local: - rm -rf autom4te.cache + rm -rf autom4te.cache version.txt sign: cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist diff --git a/Makefile.in b/Makefile.in index c8f3daed..c0bf7973 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -299,9 +299,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -369,14 +366,13 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ AM_DISTCHECK_CONFIGURE_FLAGS = --with-bashcompdir='$$(datarootdir)/bash-completion/completions' ACLOCAL_AMFLAGS = -I m4 SUBDIRS = src doc tools tests doc_DATA = README.md TODO.md COPYING.md AUTHORS.md NEWS.md PORTS.md \ BUGS.md COPYRIGHT.md CREDITS.md INSTALL.W32.md INSTALL.WCE.md \ INSTALL.FIPS.md -EXTRA_DIST = .travis.yml $(doc_DATA) +EXTRA_DIST = .travis.yml makedh.sh $(doc_DATA) distcleancheck_listfiles = find . -type f -exec sh -c 'test -f $(srcdir)/{} || echo {}' ';' all: all-recursive @@ -883,7 +879,7 @@ libtool: $(LIBTOOL_DEPS) $(SHELL) ./config.status libtool distclean-local: - rm -rf autom4te.cache + rm -rf autom4te.cache version.txt sign: cp -f $(distdir).tar.gz $(distdir)-win64-installer.exe $(distdir)-android.zip ../dist diff --git a/NEWS.md b/NEWS.md index 1dff09fb..2af3cfb7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,13 +1,94 @@ # stunnel change log -### Version 5.65, 2022.07.11, urgency: HIGH +### Version 5.71, 2023.09.19, urgency: MEDIUM +* Security bugfixes + - OpenSSL DLLs updated to version 3.1.3. +* Bugfixes + - Fixed the console output of tstunnel.exe. +* Features sponsored by SAE IT-systems + - OCSP stapling is requested and verified in the client mode. + - Using "verifyChain" automatically enables OCSP + stapling in the client mode. + - OCSP stapling is always available in the server mode. + - An inconclusive OCSP verification breaks TLS negotiation. + This can be disabled with "OCSPrequire = no". + - Added the "TIMEOUTocsp" option to control the maximum + time allowed for connecting an OCSP responder. +* Features + - Added support for Red Hat OpenSSL 3.x patches. + +### Version 5.70, 2023.07.12, urgency: HIGH +* Security bugfixes + - OpenSSL DLLs updated to version 3.0.9. + - OpenSSL FIPS Provider updated to version 3.0.8. +* Bugfixes + - Fixed TLS socket EOF handling with OpenSSL 3.x. + This bug caused major interoperability issues between + stunnel built with OpenSSL 3.x and Microsoft's + Schannel Security Support Provider (SSP). + - Fixed reading certificate chains from PKCS#12 files. +* Features + - Added configurable delay for the "retry" option. + +### Version 5.69, 2023.03.04, urgency: MEDIUM +* New features + - Improved logging performance with the "output" option. + - Improved file read performance on the WIN32 platform. + - DH and kDHEPSK ciphersuites removed from FIPS defaults. + - Set the LimitNOFILE ulimit in stunnel.service to allow + for up to 10,000 concurrent clients. +* Bugfixes + - Fixed the "CApath" option on the WIN32 platform by + applying https://github.com/openssl/openssl/pull/20312. + - Fixed stunnel.spec used for building rpm packages. + - Fixed tests on some OSes and architectures by merging + Debian 07-tests-errmsg.patch (thx to Peter Pentchev). + +### Version 5.68, 2023.02.07, urgency: HIGH +* Security bugfixes + - OpenSSL DLLs updated to version 3.0.8. +* New features + - Added the new 'CAengine' service-level option + to load a trusted CA certificate from an engine. + - Added requesting client certificates in server + mode with 'CApath' besides 'CAfile'. + - Improved file read performance. + - Improved logging performance. +* Bugfixes + - Fixed EWOULDBLOCK errors in protocol negotiation. + - Fixed handling TLS errors in protocol negotiation. + - Prevented following fatal TLS alerts with TCP resets. + - Improved OpenSSL initialization on WIN32. + - Improved testing suite stability. + +### Version 5.67, 2022.11.01, urgency: HIGH +* Security bugfixes + - OpenSSL DLLs updated to version 3.0.7. +* New features + - Provided a logging callback to custom engines. +* Bugfixes + - Fixed "make cert" with OpenSSL older than 3.0. + - Fixed the code and the documentation to use conscious + language for SNI servers (thx to Clemens Lang). + +### Version 5.66, 2022.09.11, urgency: MEDIUM +* New features + - OpenSSL 3.0 FIPS Provider support for Windows. +* Bugfixes + - Fixed building on machines without pkg-config. + - Added the missing "environ" declaration for + BSD-based operating systems. + - Fixed the passphrase dialog with OpenSSL 3.0. + +### Version 5.65, 2022.07.17, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 3.0.5. * Bugfixes - Fixed handling globally enabled FIPS. - - Fixed the default openssl.cnf path in stunnel.exe. - - Fixed a number of MSVC warnings. + - Fixed openssl.cnf processing in WIN32 GUI. + - Fixed a number of compiler warnings. + - Fixed tests on older versions of OpenSSL. ### Version 5.64, 2022.05.06, urgency: MEDIUM * Security bugfixes @@ -255,7 +336,7 @@ - Clarified port binding error logs. - Various "make test" improvements. * Bugfixes - - Fixed a crash on switching to SNI slave sections. + - Fixed a crash on switching to SNI secondary sections. ### Version 5.46, 2018.05.28, urgency: MEDIUM * New features @@ -376,8 +457,8 @@ ### Version 5.37, 2016.11.06, urgency: MEDIUM * Bugfixes - OpenSSL DLLs updated to version 1.0.2j (stops crashes). - - The default SNI target (not handled by any slave service) - is handled by the master service rather than rejected. + - The default SNI target (not handled by any secondary service) + is handled by the primary service rather than rejected. - Removed thread synchronization in the FORK threading model. ### Version 5.36, 2016.09.22, urgency: HIGH diff --git a/TODO.md b/TODO.md index 8a8c681e..42253a3d 100644 --- a/TODO.md +++ b/TODO.md @@ -1,6 +1,11 @@ # stunnel TODO +### Updated defaults planned for stunnel 6.xx +More secure defaults planned for the next major version. + +* OCSPaia = yes + ### High priority features These features will likely be supported some day. A sponsor could allocate my time to get them faster. @@ -17,13 +22,13 @@ A sponsor could allocate my time to get them faster. * MSI installer for Windows. * Add 'leastconn' failover strategy to order defined 'connect' targets by the number of active connections. -* Optional line-buffering of the log file. +* MariaDB (formerly MySQL) protocol negotiation: + [MariaDB Handshake Protocol](https://mariadb.com/kb/en/connection/) ### Low priority features These features will unlikely ever be supported. * Database and/or directory interface for retrieving PSK secrets. -* Support static FIPS-enabled builds. * Service-level logging destination. * Logging to NT EventLog on Windows. * Internationalization of logged messages (i18n). diff --git a/aclocal.m4 b/aclocal.m4 index b4886747..f2bec747 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.16.4 -*- Autoconf -*- +# generated automatically by aclocal 1.16.5 -*- Autoconf -*- # Copyright (C) 1996-2021 Free Software Foundation, Inc. @@ -14,8 +14,8 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl -m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, -[m4_warning([this file was generated for autoconf 2.69. +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],, +[m4_warning([this file was generated for autoconf 2.71. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) @@ -832,282 +832,6 @@ AC_DEFUN([AX_REQUIRE_DEFINED], [dnl m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])]) ])dnl AX_REQUIRE_DEFINED -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 12 (pkg-config-0.29.2) - -dnl Copyright © 2004 Scott James Remnant . -dnl Copyright © 2012-2015 Dan Nicholson -dnl -dnl This program is free software; you can redistribute it and/or modify -dnl it under the terms of the GNU General Public License as published by -dnl the Free Software Foundation; either version 2 of the License, or -dnl (at your option) any later version. -dnl -dnl This program is distributed in the hope that it will be useful, but -dnl WITHOUT ANY WARRANTY; without even the implied warranty of -dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -dnl General Public License for more details. -dnl -dnl You should have received a copy of the GNU General Public License -dnl along with this program; if not, write to the Free Software -dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA -dnl 02111-1307, USA. -dnl -dnl As a special exception to the GNU General Public License, if you -dnl distribute this file as part of a program that contains a -dnl configuration script generated by Autoconf, you may include it under -dnl the same distribution terms that you use for the rest of that -dnl program. - -dnl PKG_PREREQ(MIN-VERSION) -dnl ----------------------- -dnl Since: 0.29 -dnl -dnl Verify that the version of the pkg-config macros are at least -dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's -dnl installed version of pkg-config, this checks the developer's version -dnl of pkg.m4 when generating configure. -dnl -dnl To ensure that this macro is defined, also add: -dnl m4_ifndef([PKG_PREREQ], -dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) -dnl -dnl See the "Since" comment for each macro you use to see what version -dnl of the macros you require. -m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29.2]) -m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, - [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) -])dnl PKG_PREREQ - -dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) -dnl ---------------------------------- -dnl Since: 0.16 -dnl -dnl Search for the pkg-config tool and set the PKG_CONFIG variable to -dnl first found in the path. Checks that the version of pkg-config found -dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is -dnl used since that's the first version where most current features of -dnl pkg-config existed. -AC_DEFUN([PKG_PROG_PKG_CONFIG], -[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) -m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) -AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) -AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=m4_default([$1], [0.9.0]) - AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - PKG_CONFIG="" - fi -fi[]dnl -])dnl PKG_PROG_PKG_CONFIG - -dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------------------------------- -dnl Since: 0.18 -dnl -dnl Check to see whether a particular set of modules exists. Similar to -dnl PKG_CHECK_MODULES(), but does not set variables or print errors. -dnl -dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -dnl only at the first occurence in configure.ac, so if the first place -dnl it's called might be skipped (such as if it is within an "if", you -dnl have to call PKG_CHECK_EXISTS manually -AC_DEFUN([PKG_CHECK_EXISTS], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -if test -n "$PKG_CONFIG" && \ - AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_default([$2], [:]) -m4_ifvaln([$3], [else - $3])dnl -fi]) - -dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -dnl --------------------------------------------- -dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting -dnl pkg_failed based on the result. -m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes ], - [pkg_failed=yes]) - else - pkg_failed=untried -fi[]dnl -])dnl _PKG_CONFIG - -dnl _PKG_SHORT_ERRORS_SUPPORTED -dnl --------------------------- -dnl Internal check to see if pkg-config supports short errors. -AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi[]dnl -])dnl _PKG_SHORT_ERRORS_SUPPORTED - - -dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl -------------------------------------------------------------- -dnl Since: 0.4.0 -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES might not happen, you should be sure to include an -dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -AC_DEFUN([PKG_CHECK_MODULES], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl -AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl - -pkg_failed=no -AC_MSG_CHECKING([for $2]) - -_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) -_PKG_CONFIG([$1][_LIBS], [libs], [$2]) - -m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS -and $1[]_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details.]) - -if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) - _PKG_SHORT_ERRORS_SUPPORTED - if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - - m4_default([$4], [AC_MSG_ERROR( -[Package requirements ($2) were not met: - -$$1_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -_PKG_TEXT])[]dnl - ]) -elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) - m4_default([$4], [AC_MSG_FAILURE( -[The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -_PKG_TEXT - -To get pkg-config, see .])[]dnl - ]) -else - $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS - $1[]_LIBS=$pkg_cv_[]$1[]_LIBS - AC_MSG_RESULT([yes]) - $3 -fi[]dnl -])dnl PKG_CHECK_MODULES - - -dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -dnl [ACTION-IF-NOT-FOUND]) -dnl --------------------------------------------------------------------- -dnl Since: 0.29 -dnl -dnl Checks for existence of MODULES and gathers its build flags with -dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags -dnl and VARIABLE-PREFIX_LIBS from --libs. -dnl -dnl Note that if there is a possibility the first call to -dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to -dnl include an explicit call to PKG_PROG_PKG_CONFIG in your -dnl configure.ac. -AC_DEFUN([PKG_CHECK_MODULES_STATIC], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -_save_PKG_CONFIG=$PKG_CONFIG -PKG_CONFIG="$PKG_CONFIG --static" -PKG_CHECK_MODULES($@) -PKG_CONFIG=$_save_PKG_CONFIG[]dnl -])dnl PKG_CHECK_MODULES_STATIC - - -dnl PKG_INSTALLDIR([DIRECTORY]) -dnl ------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable pkgconfigdir as the location where a module -dnl should install pkg-config .pc files. By default the directory is -dnl $libdir/pkgconfig, but the default can be changed by passing -dnl DIRECTORY. The user can override through the --with-pkgconfigdir -dnl parameter. -AC_DEFUN([PKG_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([pkgconfigdir], - [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, - [with_pkgconfigdir=]pkg_default) -AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_INSTALLDIR - - -dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) -dnl -------------------------------- -dnl Since: 0.27 -dnl -dnl Substitutes the variable noarch_pkgconfigdir as the location where a -dnl module should install arch-independent pkg-config .pc files. By -dnl default the directory is $datadir/pkgconfig, but the default can be -dnl changed by passing DIRECTORY. The user can override through the -dnl --with-noarch-pkgconfigdir parameter. -AC_DEFUN([PKG_NOARCH_INSTALLDIR], -[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) -m4_pushdef([pkg_description], - [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) -AC_ARG_WITH([noarch-pkgconfigdir], - [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, - [with_noarch_pkgconfigdir=]pkg_default) -AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) -m4_popdef([pkg_default]) -m4_popdef([pkg_description]) -])dnl PKG_NOARCH_INSTALLDIR - - -dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, -dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -dnl ------------------------------------------- -dnl Since: 0.28 -dnl -dnl Retrieves the value of the pkg-config variable for the given module. -AC_DEFUN([PKG_CHECK_VAR], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl - -_PKG_CONFIG([$1], [variable="][$3]["], [$2]) -AS_VAR_COPY([$1], [pkg_cv_][$1]) - -AS_VAR_IF([$1], [""], [$5], [$4])dnl -])dnl PKG_CHECK_VAR - # Copyright (C) 2002-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation @@ -1123,7 +847,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.4], [], +m4_if([$1], [1.16.5], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -1139,7 +863,7 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.4])dnl +[AM_AUTOMAKE_VERSION([1.16.5])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -1516,6 +1240,10 @@ m4_defn([AC_PROG_CC]) # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl +m4_ifdef([_$0_ALREADY_INIT], + [m4_fatal([$0 expanded multiple times +]m4_defn([_$0_ALREADY_INIT]))], + [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl diff --git a/auto/compile b/auto/compile index 23fcba01..df363c8f 100755 --- a/auto/compile +++ b/auto/compile @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/auto/config.guess b/auto/config.guess index f50dcdb6..7f76b622 100755 --- a/auto/config.guess +++ b/auto/config.guess @@ -1,12 +1,14 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2018 Free Software Foundation, Inc. +# Copyright 1992-2022 Free Software Foundation, Inc. -timestamp='2018-02-24' +# shellcheck disable=SC2006,SC2268 # see below for rationale + +timestamp='2022-01-09' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or +# the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, but @@ -27,11 +29,19 @@ timestamp='2018-02-24' # Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# https://git.savannah.gnu.org/cgit/config.git/plain/config.guess # # Please send patches to . +# The "shellcheck disable" line above the timestamp inhibits complaints +# about features and limitations of the classic Bourne shell that were +# superseded or lifted in POSIX. However, this script identifies a wide +# variety of pre-POSIX systems that do not have POSIX shells at all, and +# even some reasonably current systems (Solaris 10 as case-in-point) still +# have a pre-POSIX /bin/sh. + + me=`echo "$0" | sed -e 's,.*/,,'` usage="\ @@ -50,7 +60,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2018 Free Software Foundation, Inc. +Copyright 1992-2022 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -84,7 +94,8 @@ if test $# != 0; then exit 1 fi -trap 'exit 1' 1 2 15 +# Just in case it came from the environment. +GUESS= # CC_FOR_BUILD -- compiler used by this script. Note that the use of a # compiler to aid in system detection is discouraged as it requires @@ -96,73 +107,90 @@ trap 'exit 1' 1 2 15 # Portable tmp directory creation inspired by the Autoconf team. -set_cc_for_build=' -trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; -trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; -: ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || - { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || - { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || - { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; -dummy=$tmp/dummy ; -tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; -case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > "$dummy.c" ; - for c in cc gcc c89 c99 ; do - if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then - CC_FOR_BUILD="$c"; break ; - fi ; - done ; - if test x"$CC_FOR_BUILD" = x ; then - CC_FOR_BUILD=no_compiler_found ; - fi - ;; - ,,*) CC_FOR_BUILD=$CC ;; - ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ; set_cc_for_build= ;' +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + # prevent multiple calls if $tmp is already set + test "$tmp" && return 0 + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039,SC3028 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD=$driver + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) -if (test -f /.attbin/uname) >/dev/null 2>&1 ; then +if test -f /.attbin/uname ; then PATH=$PATH:/.attbin ; export PATH fi UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown -UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "$UNAME_SYSTEM" in +case $UNAME_SYSTEM in Linux|GNU|GNU/*) - # If the system lacks a compiler, then just pick glibc. - # We could probably try harder. - LIBC=gnu + LIBC=unknown - eval "$set_cc_for_build" + set_cc_for_build cat <<-EOF > "$dummy.c" #include #if defined(__UCLIBC__) LIBC=uclibc #elif defined(__dietlibc__) LIBC=dietlibc - #else + #elif defined(__GLIBC__) LIBC=gnu + #else + #include + /* First heuristic to detect musl libc. */ + #ifdef __DEFINED_va_list + LIBC=musl + #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + cc_set_libc=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "$cc_set_libc" - # If ldd exists, use it to detect musl libc. - if command -v ldd >/dev/null && \ - ldd --version 2>&1 | grep -q ^musl - then - LIBC=musl + # Second heuristic to detect musl libc. + if [ "$LIBC" = unknown ] && + command -v ldd >/dev/null && + ldd --version 2>&1 | grep -q ^musl; then + LIBC=musl + fi + + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + if [ "$LIBC" = unknown ]; then + LIBC=gnu fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in +case $UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -174,12 +202,12 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". - sysctl="sysctl -n hw.machine_arch" UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ - "/sbin/$sysctl" 2>/dev/null || \ - "/usr/sbin/$sysctl" 2>/dev/null || \ + /sbin/sysctl -n hw.machine_arch 2>/dev/null || \ + /usr/sbin/sysctl -n hw.machine_arch 2>/dev/null || \ echo unknown)` - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in + aarch64eb) machine=aarch64_be-unknown ;; armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; @@ -188,18 +216,18 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in earmv*) arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` - machine="${arch}${endian}"-unknown + machine=${arch}${endian}-unknown ;; - *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + *) machine=$UNAME_MACHINE_ARCH-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently (or will in the future) and ABI. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) os=netbsdelf ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval "$set_cc_for_build" + set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -215,7 +243,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in ;; esac # Determine ABI tags. - case "$UNAME_MACHINE_ARCH" in + case $UNAME_MACHINE_ARCH in earm*) expr='s/^earmv[0-9]/-eabi/;s/eb$//' abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` @@ -226,7 +254,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "$UNAME_VERSION" in + case $UNAME_VERSION in Debian*) release='-gnu' ;; @@ -237,45 +265,57 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "$machine-${os}${release}${abi}" - exit ;; + GUESS=$machine-${os}${release}${abi-} + ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-bitrig$UNAME_RELEASE + ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-openbsd$UNAME_RELEASE + ;; + *:SecBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/SecBSD.//'` + GUESS=$UNAME_MACHINE_ARCH-unknown-secbsd$UNAME_RELEASE + ;; *:LibertyBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` - echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE_ARCH-unknown-libertybsd$UNAME_RELEASE + ;; *:MidnightBSD:*:*) - echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-midnightbsd$UNAME_RELEASE + ;; *:ekkoBSD:*:*) - echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-ekkobsd$UNAME_RELEASE + ;; *:SolidBSD:*:*) - echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-solidbsd$UNAME_RELEASE + ;; + *:OS108:*:*) + GUESS=$UNAME_MACHINE-unknown-os108_$UNAME_RELEASE + ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-mirbsd$UNAME_RELEASE + ;; *:MirBSD:*:*) - echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-mirbsd$UNAME_RELEASE + ;; *:Sortix:*:*) - echo "$UNAME_MACHINE"-unknown-sortix - exit ;; + GUESS=$UNAME_MACHINE-unknown-sortix + ;; + *:Twizzler:*:*) + GUESS=$UNAME_MACHINE-unknown-twizzler + ;; *:Redox:*:*) - echo "$UNAME_MACHINE"-unknown-redox - exit ;; + GUESS=$UNAME_MACHINE-unknown-redox + ;; mips:OSF1:*.*) - echo mips-dec-osf1 - exit ;; + GUESS=mips-dec-osf1 + ;; alpha:OSF1:*:*) + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + trap '' 0 case $UNAME_RELEASE in *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` @@ -289,7 +329,7 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # covers most systems running today. This code pipes the CPU # types through head -n 1, so we only detect the type of CPU 0. ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` - case "$ALPHA_CPU_TYPE" in + case $ALPHA_CPU_TYPE in "EV4 (21064)") UNAME_MACHINE=alpha ;; "EV4.5 (21064)") @@ -326,117 +366,121 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" - # Reset EXIT trap before exiting to avoid spurious non-zero exit code. - exitcode=$? - trap '' 0 - exit $exitcode ;; + OSF_REL=`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + GUESS=$UNAME_MACHINE-dec-osf$OSF_REL + ;; Amiga*:UNIX_System_V:4.0:*) - echo m68k-unknown-sysv4 - exit ;; + GUESS=m68k-unknown-sysv4 + ;; *:[Aa]miga[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-amigaos - exit ;; + GUESS=$UNAME_MACHINE-unknown-amigaos + ;; *:[Mm]orph[Oo][Ss]:*:*) - echo "$UNAME_MACHINE"-unknown-morphos - exit ;; + GUESS=$UNAME_MACHINE-unknown-morphos + ;; *:OS/390:*:*) - echo i370-ibm-openedition - exit ;; + GUESS=i370-ibm-openedition + ;; *:z/VM:*:*) - echo s390-ibm-zvmoe - exit ;; + GUESS=s390-ibm-zvmoe + ;; *:OS400:*:*) - echo powerpc-ibm-os400 - exit ;; + GUESS=powerpc-ibm-os400 + ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix"$UNAME_RELEASE" - exit ;; + GUESS=arm-acorn-riscix$UNAME_RELEASE + ;; arm*:riscos:*:*|arm*:RISCOS:*:*) - echo arm-unknown-riscos - exit ;; + GUESS=arm-unknown-riscos + ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) - echo hppa1.1-hitachi-hiuxmpp - exit ;; + GUESS=hppa1.1-hitachi-hiuxmpp + ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. - if test "`(/bin/universe) 2>/dev/null`" = att ; then - echo pyramid-pyramid-sysv3 - else - echo pyramid-pyramid-bsd - fi - exit ;; + case `(/bin/universe) 2>/dev/null` in + att) GUESS=pyramid-pyramid-sysv3 ;; + *) GUESS=pyramid-pyramid-bsd ;; + esac + ;; NILE*:*:*:dcosx) - echo pyramid-pyramid-svr4 - exit ;; + GUESS=pyramid-pyramid-svr4 + ;; DRS?6000:unix:4.0:6*) - echo sparc-icl-nx6 - exit ;; + GUESS=sparc-icl-nx6 + ;; DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7; exit ;; - esac ;; + sparc) GUESS=sparc-icl-nx7 ;; + esac + ;; s390x:SunOS:*:*) - echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$UNAME_MACHINE-ibm-solaris2$SUN_REL + ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-hal-solaris2$SUN_REL + ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris2$SUN_REL + ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux"$UNAME_RELEASE" - exit ;; + GUESS=i386-pc-auroraux$UNAME_RELEASE + ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval "$set_cc_for_build" + set_cc_for_build SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if test "$CC_FOR_BUILD" != no_compiler_found; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -m64 -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then SUN_ARCH=x86_64 fi fi - echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=$SUN_ARCH-pc-solaris2$SUN_REL + ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=sparc-sun-solaris3$SUN_REL + ;; sun4*:SunOS:*:*) - case "`/usr/bin/arch -k`" in + case `/usr/bin/arch -k` in Series*|S4*) UNAME_RELEASE=`uname -v` ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/'` + GUESS=sparc-sun-sunos$SUN_REL + ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-sun-sunos$UNAME_RELEASE + ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 - case "`/bin/arch`" in + case `/bin/arch` in sun3) - echo m68k-sun-sunos"$UNAME_RELEASE" + GUESS=m68k-sun-sunos$UNAME_RELEASE ;; sun4) - echo sparc-sun-sunos"$UNAME_RELEASE" + GUESS=sparc-sun-sunos$UNAME_RELEASE ;; esac - exit ;; + ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-auspex-sunos$UNAME_RELEASE + ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -446,43 +490,43 @@ case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-atari-mint$UNAME_RELEASE + ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-milan-mint$UNAME_RELEASE + ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-hades-mint$UNAME_RELEASE + ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-mint$UNAME_RELEASE + ;; m68k:machten:*:*) - echo m68k-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-machten$UNAME_RELEASE + ;; powerpc:machten:*:*) - echo powerpc-apple-machten"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-machten$UNAME_RELEASE + ;; RISC*:Mach:*:*) - echo mips-dec-mach_bsd4.3 - exit ;; + GUESS=mips-dec-mach_bsd4.3 + ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=mips-dec-ultrix$UNAME_RELEASE + ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix"$UNAME_RELEASE" - exit ;; + GUESS=vax-dec-ultrix$UNAME_RELEASE + ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix"$UNAME_RELEASE" - exit ;; + GUESS=clipper-intergraph-clix$UNAME_RELEASE + ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include /* for printf() prototype */ @@ -508,78 +552,79 @@ EOF dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos"$UNAME_RELEASE" - exit ;; + GUESS=mips-mips-riscos$UNAME_RELEASE + ;; Motorola:PowerMAX_OS:*:*) - echo powerpc-motorola-powermax - exit ;; + GUESS=powerpc-motorola-powermax + ;; Motorola:*:4.3:PL8-*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) - echo powerpc-harris-powermax - exit ;; + GUESS=powerpc-harris-powermax + ;; Night_Hawk:Power_UNIX:*:*) - echo powerpc-harris-powerunix - exit ;; + GUESS=powerpc-harris-powerunix + ;; m88k:CX/UX:7*:*) - echo m88k-harris-cxux7 - exit ;; + GUESS=m88k-harris-cxux7 + ;; m88k:*:4*:R4*) - echo m88k-motorola-sysv4 - exit ;; + GUESS=m88k-motorola-sysv4 + ;; m88k:*:3*:R3*) - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + if test "$UNAME_PROCESSOR" = mc88100 || test "$UNAME_PROCESSOR" = mc88110 then - if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ - [ "$TARGET_BINARY_INTERFACE"x = x ] + if test "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx || \ + test "$TARGET_BINARY_INTERFACE"x = x then - echo m88k-dg-dgux"$UNAME_RELEASE" + GUESS=m88k-dg-dgux$UNAME_RELEASE else - echo m88k-dg-dguxbcs"$UNAME_RELEASE" + GUESS=m88k-dg-dguxbcs$UNAME_RELEASE fi else - echo i586-dg-dgux"$UNAME_RELEASE" + GUESS=i586-dg-dgux$UNAME_RELEASE fi - exit ;; + ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) - echo m88k-dolphin-sysv3 - exit ;; + GUESS=m88k-dolphin-sysv3 + ;; M88*:*:R3*:*) # Delta 88k system running SVR3 - echo m88k-motorola-sysv3 - exit ;; + GUESS=m88k-motorola-sysv3 + ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) - echo m88k-tektronix-sysv3 - exit ;; + GUESS=m88k-tektronix-sysv3 + ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) - echo m68k-tektronix-bsd - exit ;; + GUESS=m68k-tektronix-bsd + ;; *:IRIX*:*:*) - echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" - exit ;; + IRIX_REL=`echo "$UNAME_RELEASE" | sed -e 's/-/_/g'` + GUESS=mips-sgi-irix$IRIX_REL + ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + GUESS=romp-ibm-aix # uname -m gives an 8 hex-code CPU id + ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) - echo i386-ibm-aix - exit ;; + GUESS=i386-ibm-aix + ;; ia64:AIX:*:*) - if [ -x /usr/bin/oslevel ] ; then + if test -x /usr/bin/oslevel ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$UNAME_MACHINE-ibm-aix$IBM_REV + ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #include @@ -593,16 +638,16 @@ EOF EOF if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then - echo "$SYSTEM_NAME" + GUESS=$SYSTEM_NAME else - echo rs6000-ibm-aix3.2.5 + GUESS=rs6000-ibm-aix3.2.5 fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then - echo rs6000-ibm-aix3.2.4 + GUESS=rs6000-ibm-aix3.2.4 else - echo rs6000-ibm-aix3.2 + GUESS=rs6000-ibm-aix3.2 fi - exit ;; + ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then @@ -610,57 +655,57 @@ EOF else IBM_ARCH=powerpc fi - if [ -x /usr/bin/lslpp ] ; then - IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + if test -x /usr/bin/lslpp ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | \ awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + IBM_REV=$UNAME_VERSION.$UNAME_RELEASE fi - echo "$IBM_ARCH"-ibm-aix"$IBM_REV" - exit ;; + GUESS=$IBM_ARCH-ibm-aix$IBM_REV + ;; *:AIX:*:*) - echo rs6000-ibm-aix - exit ;; + GUESS=rs6000-ibm-aix + ;; ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) - echo romp-ibm-bsd4.4 - exit ;; + GUESS=romp-ibm-bsd4.4 + ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to - exit ;; # report: romp-ibm BSD 4.3 + GUESS=romp-ibm-bsd$UNAME_RELEASE # 4.3 with uname added to + ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) - echo rs6000-bull-bosx - exit ;; + GUESS=rs6000-bull-bosx + ;; DPX/2?00:B.O.S.:*:*) - echo m68k-bull-sysv3 - exit ;; + GUESS=m68k-bull-sysv3 + ;; 9000/[34]??:4.3bsd:1.*:*) - echo m68k-hp-bsd - exit ;; + GUESS=m68k-hp-bsd + ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) - echo m68k-hp-bsd4.4 - exit ;; + GUESS=m68k-hp-bsd4.4 + ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - case "$UNAME_MACHINE" in + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + case $UNAME_MACHINE in 9000/31?) HP_ARCH=m68000 ;; 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) - if [ -x /usr/bin/getconf ]; then + if test -x /usr/bin/getconf; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "$sc_cpu_version" in + case $sc_cpu_version in 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "$sc_kernel_bits" in + case $sc_kernel_bits in 32) HP_ARCH=hppa2.0n ;; 64) HP_ARCH=hppa2.0w ;; '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "$HP_ARCH" = "" ]; then - eval "$set_cc_for_build" + if test "$HP_ARCH" = ""; then + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE @@ -698,9 +743,9 @@ EOF test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ "$HP_ARCH" = hppa2.0w ] + if test "$HP_ARCH" = hppa2.0w then - eval "$set_cc_for_build" + set_cc_for_build # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -719,14 +764,14 @@ EOF HP_ARCH=hppa64 fi fi - echo "$HP_ARCH"-hp-hpux"$HPUX_REV" - exit ;; + GUESS=$HP_ARCH-hp-hpux$HPUX_REV + ;; ia64:HP-UX:*:*) - HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux"$HPUX_REV" - exit ;; + HPUX_REV=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*.[0B]*//'` + GUESS=ia64-hp-hpux$HPUX_REV + ;; 3050*:HI-UX:*:*) - eval "$set_cc_for_build" + set_cc_for_build sed 's/^ //' << EOF > "$dummy.c" #include int @@ -754,36 +799,36 @@ EOF EOF $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } - echo unknown-hitachi-hiuxwe2 - exit ;; + GUESS=unknown-hitachi-hiuxwe2 + ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) - echo hppa1.1-hp-bsd - exit ;; + GUESS=hppa1.1-hp-bsd + ;; 9000/8??:4.3bsd:*:*) - echo hppa1.0-hp-bsd - exit ;; + GUESS=hppa1.0-hp-bsd + ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) - echo hppa1.0-hp-mpeix - exit ;; + GUESS=hppa1.0-hp-mpeix + ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) - echo hppa1.1-hp-osf - exit ;; + GUESS=hppa1.1-hp-osf + ;; hp8??:OSF1:*:*) - echo hppa1.0-hp-osf - exit ;; + GUESS=hppa1.0-hp-osf + ;; i*86:OSF1:*:*) - if [ -x /usr/sbin/sysversion ] ; then - echo "$UNAME_MACHINE"-unknown-osf1mk + if test -x /usr/sbin/sysversion ; then + GUESS=$UNAME_MACHINE-unknown-osf1mk else - echo "$UNAME_MACHINE"-unknown-osf1 + GUESS=$UNAME_MACHINE-unknown-osf1 fi - exit ;; + ;; parisc*:Lites*:*:*) - echo hppa1.1-hp-lites - exit ;; + GUESS=hppa1.1-hp-lites + ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) - echo c1-convex-bsd - exit ;; + GUESS=c1-convex-bsd + ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd @@ -791,17 +836,18 @@ EOF fi exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) - echo c34-convex-bsd - exit ;; + GUESS=c34-convex-bsd + ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) - echo c38-convex-bsd - exit ;; + GUESS=c38-convex-bsd + ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) - echo c4-convex-bsd - exit ;; + GUESS=c4-convex-bsd + ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=ymp-cray-unicos$CRAY_REL + ;; CRAY*[A-Z]90:*:*:*) echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ @@ -809,103 +855,129 @@ EOF -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=t90-cray-unicos$CRAY_REL + ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=alphaev5-cray-unicosmk$CRAY_REL + ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=sv1-cray-unicos$CRAY_REL + ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' - exit ;; + CRAY_REL=`echo "$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/'` + GUESS=craynv-cray-unicosmp$CRAY_REL + ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` - echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; 5000:UNIX_System_V:4.*:*) FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` - echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit ;; + GUESS=sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL} + ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-pc-bsdi$UNAME_RELEASE + ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-bsdi$UNAME_RELEASE + ;; *:BSD/OS:*:*) - echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-unknown-bsdi$UNAME_RELEASE + ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabi + else + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL-gnueabihf + fi + ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case "$UNAME_PROCESSOR" in + case $UNAME_PROCESSOR in amd64) UNAME_PROCESSOR=x86_64 ;; i386) UNAME_PROCESSOR=i586 ;; esac - echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + FREEBSD_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_PROCESSOR-unknown-freebsd$FREEBSD_REL + ;; i*:CYGWIN*:*) - echo "$UNAME_MACHINE"-pc-cygwin - exit ;; + GUESS=$UNAME_MACHINE-pc-cygwin + ;; *:MINGW64*:*) - echo "$UNAME_MACHINE"-pc-mingw64 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw64 + ;; *:MINGW*:*) - echo "$UNAME_MACHINE"-pc-mingw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-mingw32 + ;; *:MSYS*:*) - echo "$UNAME_MACHINE"-pc-msys - exit ;; + GUESS=$UNAME_MACHINE-pc-msys + ;; i*:PW*:*) - echo "$UNAME_MACHINE"-pc-pw32 - exit ;; + GUESS=$UNAME_MACHINE-pc-pw32 + ;; + *:SerenityOS:*:*) + GUESS=$UNAME_MACHINE-pc-serenity + ;; *:Interix*:*) - case "$UNAME_MACHINE" in + case $UNAME_MACHINE in x86) - echo i586-pc-interix"$UNAME_RELEASE" - exit ;; + GUESS=i586-pc-interix$UNAME_RELEASE + ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=x86_64-unknown-interix$UNAME_RELEASE + ;; IA64) - echo ia64-unknown-interix"$UNAME_RELEASE" - exit ;; + GUESS=ia64-unknown-interix$UNAME_RELEASE + ;; esac ;; i*:UWIN*:*) - echo "$UNAME_MACHINE"-pc-uwin - exit ;; + GUESS=$UNAME_MACHINE-pc-uwin + ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) - echo x86_64-unknown-cygwin - exit ;; + GUESS=x86_64-pc-cygwin + ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" - exit ;; + SUN_REL=`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'` + GUESS=powerpcle-unknown-solaris2$SUN_REL + ;; *:GNU:*:*) # the GNU system - echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" - exit ;; + GNU_ARCH=`echo "$UNAME_MACHINE" | sed -e 's,[-/].*$,,'` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's,/.*$,,'` + GUESS=$GNU_ARCH-unknown-$LIBC$GNU_REL + ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" - exit ;; - i*86:Minix:*:*) - echo "$UNAME_MACHINE"-pc-minix - exit ;; + GNU_SYS=`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"` + GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC + ;; + *:Minix:*:*) + GUESS=$UNAME_MACHINE-unknown-minix + ;; aarch64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; alpha:Linux:*:*) - case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' /proc/cpuinfo 2>/dev/null` in EV5) UNAME_MACHINE=alphaev5 ;; EV56) UNAME_MACHINE=alphaev56 ;; PCA56) UNAME_MACHINE=alphapca56 ;; @@ -916,187 +988,225 @@ EOF esac objdump --private-headers /bin/sh | grep -q ld.so.1 if test "$?" = 0 ; then LIBC=gnulibc1 ; fi - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; - arc:Linux:*:* | arceb:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + arc:Linux:*:* | arceb:Linux:*:* | arc32:Linux:*:* | arc64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; arm*:Linux:*:*) - eval "$set_cc_for_build" + set_cc_for_build if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabi else - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + GUESS=$UNAME_MACHINE-unknown-linux-${LIBC}eabihf fi fi - exit ;; + ;; avr32*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; cris:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; crisv32:Linux:*:*) - echo "$UNAME_MACHINE"-axis-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-axis-linux-$LIBC + ;; e2k:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; frv:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; hexagon:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:Linux:*:*) - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBC + ;; ia64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; k1om:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; + loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m32r*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; m68*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; mips:Linux:*:* | mips64:Linux:*:*) - eval "$set_cc_for_build" + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 sed 's/^ //' << EOF > "$dummy.c" #undef CPU - #undef ${UNAME_MACHINE} - #undef ${UNAME_MACHINE}el + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) - CPU=${UNAME_MACHINE}el + MIPS_ENDIAN=el #else #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) - CPU=${UNAME_MACHINE} + MIPS_ENDIAN= #else - CPU= + MIPS_ENDIAN= #endif #endif EOF - eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" - test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } + cc_set_vars=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'` + eval "$cc_set_vars" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } ;; mips64el:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-"$LIBC" - exit ;; + GUESS=or1k-unknown-linux-$LIBC + ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; padre:Linux:*:*) - echo sparc-unknown-linux-"$LIBC" - exit ;; + GUESS=sparc-unknown-linux-$LIBC + ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-"$LIBC" - exit ;; + GUESS=hppa64-unknown-linux-$LIBC + ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; - PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; - *) echo hppa-unknown-linux-"$LIBC" ;; + PA7*) GUESS=hppa1.1-unknown-linux-$LIBC ;; + PA8*) GUESS=hppa2.0-unknown-linux-$LIBC ;; + *) GUESS=hppa-unknown-linux-$LIBC ;; esac - exit ;; + ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64-unknown-linux-$LIBC + ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc-unknown-linux-$LIBC + ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpc64le-unknown-linux-$LIBC + ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-"$LIBC" - exit ;; - riscv32:Linux:*:* | riscv64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=powerpcle-unknown-linux-$LIBC + ;; + riscv32:Linux:*:* | riscv32be:Linux:*:* | riscv64:Linux:*:* | riscv64be:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; s390:Linux:*:* | s390x:Linux:*:*) - echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-ibm-linux-$LIBC + ;; sh64*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sh*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; tile*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; vax:Linux:*:*) - echo "$UNAME_MACHINE"-dec-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-dec-linux-$LIBC + ;; x86_64:Linux:*:*) - if objdump -f /bin/sh | grep -q elf32-x86-64; then - echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 - else - echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + set_cc_for_build + LIBCABI=$LIBC + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_X32 >/dev/null + then + LIBCABI=${LIBC}x32 + fi fi - exit ;; + GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI + ;; xtensa*:Linux:*:*) - echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" - exit ;; + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. - echo i386-sequent-sysv4 - exit ;; + GUESS=i386-sequent-sysv4 + ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" - exit ;; + GUESS=$UNAME_MACHINE-pc-sysv4.2uw$UNAME_VERSION + ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo "$UNAME_MACHINE"-pc-os2-emx - exit ;; + GUESS=$UNAME_MACHINE-pc-os2-emx + ;; i*86:XTS-300:*:STOP) - echo "$UNAME_MACHINE"-unknown-stop - exit ;; + GUESS=$UNAME_MACHINE-unknown-stop + ;; i*86:atheos:*:*) - echo "$UNAME_MACHINE"-unknown-atheos - exit ;; + GUESS=$UNAME_MACHINE-unknown-atheos + ;; i*86:syllable:*:*) - echo "$UNAME_MACHINE"-pc-syllable - exit ;; + GUESS=$UNAME_MACHINE-pc-syllable + ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=i386-unknown-lynxos$UNAME_RELEASE + ;; i*86:*DOS:*:*) - echo "$UNAME_MACHINE"-pc-msdosdjgpp - exit ;; + GUESS=$UNAME_MACHINE-pc-msdosdjgpp + ;; i*86:*:4.*:*) UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-univel-sysv$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sysv$UNAME_REL fi - exit ;; + ;; i*86:*:5:[678]*) # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in @@ -1104,12 +1214,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" - exit ;; + GUESS=$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1119,11 +1229,11 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + GUESS=$UNAME_MACHINE-pc-sco$UNAME_REL else - echo "$UNAME_MACHINE"-pc-sysv32 + GUESS=$UNAME_MACHINE-pc-sysv32 fi - exit ;; + ;; pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about @@ -1131,31 +1241,31 @@ EOF # Note: whatever this is, it MUST be the same as what config.sub # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. - echo i586-pc-msdosdjgpp - exit ;; + GUESS=i586-pc-msdosdjgpp + ;; Intel:Mach:3*:*) - echo i386-pc-mach3 - exit ;; + GUESS=i386-pc-mach3 + ;; paragon:*:*:*) - echo i860-intel-osf1 - exit ;; + GUESS=i860-intel-osf1 + ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + GUESS=i860-stardent-sysv$UNAME_RELEASE # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + GUESS=i860-unknown-sysv$UNAME_RELEASE # Unknown i860-SVR4 fi - exit ;; + ;; mini*:CTIX:SYS*5:*) # "miniframe" - echo m68010-convergent-sysv - exit ;; + GUESS=m68010-convergent-sysv + ;; mc68k:UNIX:SYSTEM5:3.51m) - echo m68k-convergent-sysv - exit ;; + GUESS=m68k-convergent-sysv + ;; M680?0:D-NIX:5.3:*) - echo m68k-diab-dnix - exit ;; + GUESS=m68k-diab-dnix + ;; M68*:*:R3V[5678]*:*) test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) @@ -1180,249 +1290,404 @@ EOF /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=m68k-unknown-lynxos$UNAME_RELEASE + ;; mc68030:UNIX_System_V:4.*:*) - echo m68k-atari-sysv4 - exit ;; + GUESS=m68k-atari-sysv4 + ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=sparc-unknown-lynxos$UNAME_RELEASE + ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=rs6000-unknown-lynxos$UNAME_RELEASE + ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-unknown-lynxos$UNAME_RELEASE + ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv"$UNAME_RELEASE" - exit ;; + GUESS=mips-dde-sysv$UNAME_RELEASE + ;; RM*:ReliantUNIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; RM*:SINIX-*:*:*) - echo mips-sni-sysv4 - exit ;; + GUESS=mips-sni-sysv4 + ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo "$UNAME_MACHINE"-sni-sysv4 + GUESS=$UNAME_MACHINE-sni-sysv4 else - echo ns32k-sni-sysv + GUESS=ns32k-sni-sysv fi - exit ;; + ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says - echo i586-unisys-sysv4 - exit ;; + GUESS=i586-unisys-sysv4 + ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm - echo hppa1.1-stratus-sysv4 - exit ;; + GUESS=hppa1.1-stratus-sysv4 + ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. - echo i860-stratus-sysv4 - exit ;; + GUESS=i860-stratus-sysv4 + ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo "$UNAME_MACHINE"-stratus-vos - exit ;; + GUESS=$UNAME_MACHINE-stratus-vos + ;; *:VOS:*:*) # From Paul.Green@stratus.com. - echo hppa1.1-stratus-vos - exit ;; + GUESS=hppa1.1-stratus-vos + ;; mc68*:A/UX:*:*) - echo m68k-apple-aux"$UNAME_RELEASE" - exit ;; + GUESS=m68k-apple-aux$UNAME_RELEASE + ;; news*:NEWS-OS:6*:*) - echo mips-sony-newsos6 - exit ;; + GUESS=mips-sony-newsos6 + ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) - if [ -d /usr/nec ]; then - echo mips-nec-sysv"$UNAME_RELEASE" + if test -d /usr/nec; then + GUESS=mips-nec-sysv$UNAME_RELEASE else - echo mips-unknown-sysv"$UNAME_RELEASE" + GUESS=mips-unknown-sysv$UNAME_RELEASE fi - exit ;; + ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. - echo powerpc-be-beos - exit ;; + GUESS=powerpc-be-beos + ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. - echo powerpc-apple-beos - exit ;; + GUESS=powerpc-apple-beos + ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. - echo i586-pc-beos - exit ;; + GUESS=i586-pc-beos + ;; BePC:Haiku:*:*) # Haiku running on Intel PC compatible. - echo i586-pc-haiku - exit ;; + GUESS=i586-pc-haiku + ;; x86_64:Haiku:*:*) - echo x86_64-unknown-haiku - exit ;; + GUESS=x86_64-unknown-haiku + ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx4-nec-superux$UNAME_RELEASE + ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx5-nec-superux$UNAME_RELEASE + ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx6-nec-superux$UNAME_RELEASE + ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx7-nec-superux$UNAME_RELEASE + ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8-nec-superux$UNAME_RELEASE + ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sx8r-nec-superux$UNAME_RELEASE + ;; SX-ACE:SUPER-UX:*:*) - echo sxace-nec-superux"$UNAME_RELEASE" - exit ;; + GUESS=sxace-nec-superux$UNAME_RELEASE + ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=powerpc-apple-rhapsody$UNAME_RELEASE + ;; *:Rhapsody:*:*) - echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-apple-rhapsody$UNAME_RELEASE + ;; + arm64:Darwin:*:*) + GUESS=aarch64-apple-darwin$UNAME_RELEASE + ;; *:Darwin:*:*) - UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval "$set_cc_for_build" - if test "$UNAME_PROCESSOR" = unknown ; then - UNAME_PROCESSOR=powerpc + UNAME_PROCESSOR=`uname -p` + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; + esac + if command -v xcode-select > /dev/null 2> /dev/null && \ + ! xcode-select --print-path > /dev/null 2> /dev/null ; then + # Avoid executing cc if there is no toolchain installed as + # cc will be a stub that puts up a graphical alert + # prompting the user to install developer tools. + CC_FOR_BUILD=no_compiler_found + else + set_cc_for_build fi - if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then - if [ "$CC_FOR_BUILD" != no_compiler_found ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac - fi - # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc - if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ - (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_PPC >/dev/null - then - UNAME_PROCESSOR=powerpc - fi + if test "$CC_FOR_BUILD" != no_compiler_found; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc fi elif test "$UNAME_PROCESSOR" = i386 ; then - # Avoid executing cc on OS X 10.9, as it ships with a stub - # that puts up a graphical alert prompting to install - # developer tools. Any system running Mac OS X 10.7 or - # later (Darwin 11 and later) is required to have a 64-bit - # processor. This is not true of the ARM version of Darwin - # that Apple uses in portable devices. - UNAME_PROCESSOR=x86_64 + # uname -m returns i386 or x86_64 + UNAME_PROCESSOR=$UNAME_MACHINE fi - echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-apple-darwin$UNAME_RELEASE + ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_PROCESSOR-$UNAME_MACHINE-nto-qnx$UNAME_RELEASE + ;; *:QNX:*:4*) - echo i386-pc-qnx - exit ;; + GUESS=i386-pc-qnx + ;; NEO-*:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=neo-tandem-nsk$UNAME_RELEASE + ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nse-tandem-nsk$UNAME_RELEASE + ;; NSR-*:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsr-tandem-nsk$UNAME_RELEASE + ;; NSV-*:NONSTOP_KERNEL:*:*) - echo nsv-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsv-tandem-nsk$UNAME_RELEASE + ;; NSX-*:NONSTOP_KERNEL:*:*) - echo nsx-tandem-nsk"$UNAME_RELEASE" - exit ;; + GUESS=nsx-tandem-nsk$UNAME_RELEASE + ;; *:NonStop-UX:*:*) - echo mips-compaq-nonstopux - exit ;; + GUESS=mips-compaq-nonstopux + ;; BS2000:POSIX*:*:*) - echo bs2000-siemens-sysv - exit ;; + GUESS=bs2000-siemens-sysv + ;; DS/*:UNIX_System_V:*:*) - echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" - exit ;; + GUESS=$UNAME_MACHINE-$UNAME_SYSTEM-$UNAME_RELEASE + ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = 386; then + if test "${cputype-}" = 386; then UNAME_MACHINE=i386 - else - UNAME_MACHINE="$cputype" + elif test "x${cputype-}" != x; then + UNAME_MACHINE=$cputype fi - echo "$UNAME_MACHINE"-unknown-plan9 - exit ;; + GUESS=$UNAME_MACHINE-unknown-plan9 + ;; *:TOPS-10:*:*) - echo pdp10-unknown-tops10 - exit ;; + GUESS=pdp10-unknown-tops10 + ;; *:TENEX:*:*) - echo pdp10-unknown-tenex - exit ;; + GUESS=pdp10-unknown-tenex + ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) - echo pdp10-dec-tops20 - exit ;; + GUESS=pdp10-dec-tops20 + ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) - echo pdp10-xkl-tops20 - exit ;; + GUESS=pdp10-xkl-tops20 + ;; *:TOPS-20:*:*) - echo pdp10-unknown-tops20 - exit ;; + GUESS=pdp10-unknown-tops20 + ;; *:ITS:*:*) - echo pdp10-unknown-its - exit ;; + GUESS=pdp10-unknown-its + ;; SEI:*:*:SEIUX) - echo mips-sei-seiux"$UNAME_RELEASE" - exit ;; + GUESS=mips-sei-seiux$UNAME_RELEASE + ;; *:DragonFly:*:*) - echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" - exit ;; + DRAGONFLY_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'` + GUESS=$UNAME_MACHINE-unknown-dragonfly$DRAGONFLY_REL + ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "$UNAME_MACHINE" in - A*) echo alpha-dec-vms ; exit ;; - I*) echo ia64-dec-vms ; exit ;; - V*) echo vax-dec-vms ; exit ;; + case $UNAME_MACHINE in + A*) GUESS=alpha-dec-vms ;; + I*) GUESS=ia64-dec-vms ;; + V*) GUESS=vax-dec-vms ;; esac ;; *:XENIX:*:SysV) - echo i386-pc-xenix - exit ;; + GUESS=i386-pc-xenix + ;; i*86:skyos:*:*) - echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" - exit ;; + SKYOS_REL=`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'` + GUESS=$UNAME_MACHINE-pc-skyos$SKYOS_REL + ;; i*86:rdos:*:*) - echo "$UNAME_MACHINE"-pc-rdos - exit ;; - i*86:AROS:*:*) - echo "$UNAME_MACHINE"-pc-aros - exit ;; + GUESS=$UNAME_MACHINE-pc-rdos + ;; + i*86:Fiwix:*:*) + GUESS=$UNAME_MACHINE-pc-fiwix + ;; + *:AROS:*:*) + GUESS=$UNAME_MACHINE-unknown-aros + ;; x86_64:VMkernel:*:*) - echo "$UNAME_MACHINE"-unknown-esx - exit ;; + GUESS=$UNAME_MACHINE-unknown-esx + ;; amd64:Isilon\ OneFS:*:*) - echo x86_64-unknown-onefs - exit ;; + GUESS=x86_64-unknown-onefs + ;; + *:Unleashed:*:*) + GUESS=$UNAME_MACHINE-unknown-unleashed$UNAME_RELEASE + ;; esac +# Do we have a guess based on uname results? +if test "x$GUESS" != x; then + echo "$GUESS" + exit +fi + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" < +#include +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include +#if defined(_SIZE_T_) || defined(SIGLOST) +#include +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + echo "$0: unable to guess system type" >&2 -case "$UNAME_MACHINE:$UNAME_SYSTEM" in +case $UNAME_MACHINE:$UNAME_SYSTEM in mips:Linux | mips64:Linux) # If we got here on MIPS GNU/Linux, output extra information. cat >&2 <&2 <&2 exit 1 ;; *local*) @@ -110,1223 +119,1186 @@ case $# in exit 1;; esac -# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). -# Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` -case $maybe_os in - nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ - linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ - kopensolaris*-gnu* | cloudabi*-eabi* | \ - storm-chaos* | os2-emx* | rtmk-nova*) - os=-$maybe_os - basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` - ;; - android-linux) - os=-linux-android - basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown - ;; - *) - basic_machine=`echo "$1" | sed 's/-[^-]*$//'` - if [ "$basic_machine" != "$1" ] - then os=`echo "$1" | sed 's/.*-/-/'` - else os=; fi - ;; -esac +# Split fields of configuration type +# shellcheck disable=SC2162 +saved_IFS=$IFS +IFS="-" read field1 field2 field3 field4 <&2 + exit 1 ;; - -lynx*) - os=-lynxos + *-*-*-*) + basic_machine=$field1-$field2 + basic_os=$field3-$field4 ;; - -ptx*) - basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + basic_os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + basic_os=linux-android + ;; + *) + basic_machine=$field1-$field2 + basic_os=$field3 + ;; + esac ;; - -psos*) - os=-psos + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + basic_os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + basic_os=$field2 + ;; + zephyr*) + basic_machine=$field1-unknown + basic_os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + basic_os= + ;; + *) + basic_machine=$field1 + basic_os=$field2 + ;; + esac + ;; + esac ;; - -mint | -mint[0-9]*) - basic_machine=m68k-atari - os=-mint + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + basic_os=bsd + ;; + a29khif) + basic_machine=a29k-amd + basic_os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + basic_os=scout + ;; + alliant) + basic_machine=fx80-alliant + basic_os= + ;; + altos | altos3068) + basic_machine=m68k-altos + basic_os= + ;; + am29k) + basic_machine=a29k-none + basic_os=bsd + ;; + amdahl) + basic_machine=580-amdahl + basic_os=sysv + ;; + amiga) + basic_machine=m68k-unknown + basic_os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + basic_os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + basic_os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + basic_os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + basic_os=bsd + ;; + aros) + basic_machine=i386-pc + basic_os=aros + ;; + aux) + basic_machine=m68k-apple + basic_os=aux + ;; + balance) + basic_machine=ns32k-sequent + basic_os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + basic_os=linux + ;; + cegcc) + basic_machine=arm-unknown + basic_os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + basic_os=bsd + ;; + convex-c2) + basic_machine=c2-convex + basic_os=bsd + ;; + convex-c32) + basic_machine=c32-convex + basic_os=bsd + ;; + convex-c34) + basic_machine=c34-convex + basic_os=bsd + ;; + convex-c38) + basic_machine=c38-convex + basic_os=bsd + ;; + cray) + basic_machine=j90-cray + basic_os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + basic_os= + ;; + da30) + basic_machine=m68k-da30 + basic_os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + basic_os= + ;; + delta88) + basic_machine=m88k-motorola + basic_os=sysv3 + ;; + dicos) + basic_machine=i686-pc + basic_os=dicos + ;; + djgpp) + basic_machine=i586-pc + basic_os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + basic_os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + basic_os=ose + ;; + gmicro) + basic_machine=tron-gmicro + basic_os=sysv + ;; + go32) + basic_machine=i386-pc + basic_os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + basic_os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + basic_os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + basic_os=hms + ;; + harris) + basic_machine=m88k-harris + basic_os=sysv3 + ;; + hp300 | hp300hpux) + basic_machine=m68k-hp + basic_os=hpux + ;; + hp300bsd) + basic_machine=m68k-hp + basic_os=bsd + ;; + hppaosf) + basic_machine=hppa1.1-hp + basic_os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + basic_os=proelf + ;; + i386mach) + basic_machine=i386-mach + basic_os=mach + ;; + isi68 | isi) + basic_machine=m68k-isi + basic_os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + basic_os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + basic_os=sysv + ;; + merlin) + basic_machine=ns32k-utek + basic_os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + basic_os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + basic_os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + basic_os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + basic_os=coff + ;; + morphos) + basic_machine=powerpc-unknown + basic_os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + basic_os=moxiebox + ;; + msdos) + basic_machine=i386-pc + basic_os=msdos + ;; + msys) + basic_machine=i686-pc + basic_os=msys + ;; + mvs) + basic_machine=i370-ibm + basic_os=mvs + ;; + nacl) + basic_machine=le32-unknown + basic_os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + basic_os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + basic_os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + basic_os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + basic_os=newsos + ;; + news1000) + basic_machine=m68030-sony + basic_os=newsos + ;; + necv70) + basic_machine=v70-nec + basic_os=sysv + ;; + nh3000) + basic_machine=m68k-harris + basic_os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + basic_os=cxux + ;; + nindy960) + basic_machine=i960-intel + basic_os=nindy + ;; + mon960) + basic_machine=i960-intel + basic_os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + basic_os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + basic_os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + basic_os=ose + ;; + os68k) + basic_machine=m68k-none + basic_os=os68k + ;; + paragon) + basic_machine=i860-intel + basic_os=osf + ;; + parisc) + basic_machine=hppa-unknown + basic_os=linux + ;; + psp) + basic_machine=mipsallegrexel-sony + basic_os=psp + ;; + pw32) + basic_machine=i586-unknown + basic_os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + basic_os=rdos + ;; + rdos32) + basic_machine=i386-pc + basic_os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + basic_os=coff + ;; + sa29200) + basic_machine=a29k-amd + basic_os=udi + ;; + sei) + basic_machine=mips-sei + basic_os=seiux + ;; + sequent) + basic_machine=i386-sequent + basic_os= + ;; + sps7) + basic_machine=m68k-bull + basic_os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + basic_os= + ;; + stratus) + basic_machine=i860-stratus + basic_os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + basic_os= + ;; + sun2os3) + basic_machine=m68000-sun + basic_os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + basic_os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + basic_os= + ;; + sun3os3) + basic_machine=m68k-sun + basic_os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + basic_os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + basic_os= + ;; + sun4os3) + basic_machine=sparc-sun + basic_os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + basic_os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + basic_os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + basic_os= + ;; + sv1) + basic_machine=sv1-cray + basic_os=unicos + ;; + symmetry) + basic_machine=i386-sequent + basic_os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + basic_os=unicos + ;; + t90) + basic_machine=t90-cray + basic_os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + basic_os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + basic_os=tpf + ;; + udi29k) + basic_machine=a29k-amd + basic_os=udi + ;; + ultra3) + basic_machine=a29k-nyu + basic_os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + basic_os=none + ;; + vaxv) + basic_machine=vax-dec + basic_os=sysv + ;; + vms) + basic_machine=vax-dec + basic_os=vms + ;; + vsta) + basic_machine=i386-pc + basic_os=vsta + ;; + vxworks960) + basic_machine=i960-wrs + basic_os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + basic_os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + basic_os=vxworks + ;; + xbox) + basic_machine=i686-pc + basic_os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + basic_os=unicos + ;; + *) + basic_machine=$1 + basic_os= + ;; + esac ;; esac -# Decode aliases for certain CPU-COMPANY combinations. +# Decode 1-component or ad-hoc basic machines case $basic_machine in - # Recognize the basic CPU types without company name. - # Some are omitted here because they have special meanings below. - 1750a | 580 \ - | a29k \ - | aarch64 | aarch64_be \ - | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ - | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ - | am33_2.0 \ - | arc | arceb \ - | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ - | avr | avr32 \ - | ba \ - | be32 | be64 \ - | bfin \ - | c4x | c8051 | clipper \ - | d10v | d30v | dlx | dsp16xx \ - | e2k | epiphany \ - | fido | fr30 | frv | ft32 \ - | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ - | hexagon \ - | i370 | i860 | i960 | ia16 | ia64 \ - | ip2k | iq2000 \ - | k1om \ - | le32 | le64 \ - | lm32 \ - | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ - | mips | mipsbe | mipseb | mipsel | mipsle \ - | mips16 \ - | mips64 | mips64el \ - | mips64octeon | mips64octeonel \ - | mips64orion | mips64orionel \ - | mips64r5900 | mips64r5900el \ - | mips64vr | mips64vrel \ - | mips64vr4100 | mips64vr4100el \ - | mips64vr4300 | mips64vr4300el \ - | mips64vr5000 | mips64vr5000el \ - | mips64vr5900 | mips64vr5900el \ - | mipsisa32 | mipsisa32el \ - | mipsisa32r2 | mipsisa32r2el \ - | mipsisa32r6 | mipsisa32r6el \ - | mipsisa64 | mipsisa64el \ - | mipsisa64r2 | mipsisa64r2el \ - | mipsisa64r6 | mipsisa64r6el \ - | mipsisa64sb1 | mipsisa64sb1el \ - | mipsisa64sr71k | mipsisa64sr71kel \ - | mipsr5900 | mipsr5900el \ - | mipstx39 | mipstx39el \ - | mn10200 | mn10300 \ - | moxie \ - | mt \ - | msp430 \ - | nds32 | nds32le | nds32be \ - | nios | nios2 | nios2eb | nios2el \ - | ns16k | ns32k \ - | open8 | or1k | or1knd | or32 \ - | pdp10 | pj | pjl \ - | powerpc | powerpc64 | powerpc64le | powerpcle \ - | pru \ - | pyramid \ - | riscv32 | riscv64 \ - | rl78 | rx \ - | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ - | sh64 | sh64le \ - | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ - | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ - | spu \ - | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ - | ubicom32 \ - | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | visium \ - | wasm32 \ - | x86 | xc16x | xstormy16 | xtensa \ - | z8k | z80) - basic_machine=$basic_machine-unknown - ;; - c54x) - basic_machine=tic54x-unknown - ;; - c55x) - basic_machine=tic55x-unknown - ;; - c6x) - basic_machine=tic6x-unknown - ;; - leon|leon[3-9]) - basic_machine=sparc-$basic_machine - ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) - basic_machine=$basic_machine-unknown - os=-none + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) + op50n) + cpu=hppa1.1 + vendor=oki ;; - ms1) - basic_machine=mt-unknown + op60c) + cpu=hppa1.1 + vendor=oki ;; - - strongarm | thumb | xscale) - basic_machine=arm-unknown + ibm*) + cpu=i370 + vendor=ibm ;; - xgate) - basic_machine=$basic_machine-unknown - os=-none + orion105) + cpu=clipper + vendor=highlevel ;; - xscaleeb) - basic_machine=armeb-unknown + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple ;; - - xscaleel) - basic_machine=armel-unknown + pmac | pmac-mpw) + cpu=powerpc + vendor=apple ;; - # We use `pc' rather than `unknown' - # because (1) that's what they normally are, and - # (2) the word "unknown" tends to confuse beginning users. - i*86 | x86_64) - basic_machine=$basic_machine-pc - ;; - # Object if more than one company name word. - *-*-*) - echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 - exit 1 - ;; - # Recognize the basic CPU types with company name. - 580-* \ - | a29k-* \ - | aarch64-* | aarch64_be-* \ - | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ - | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ - | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ - | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ - | avr-* | avr32-* \ - | ba-* \ - | be32-* | be64-* \ - | bfin-* | bs2000-* \ - | c[123]* | c30-* | [cjt]90-* | c4x-* \ - | c8051-* | clipper-* | craynv-* | cydra-* \ - | d10v-* | d30v-* | dlx-* \ - | e2k-* | elxsi-* \ - | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ - | h8300-* | h8500-* \ - | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ - | hexagon-* \ - | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ - | ip2k-* | iq2000-* \ - | k1om-* \ - | le32-* | le64-* \ - | lm32-* \ - | m32c-* | m32r-* | m32rle-* \ - | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ - | microblaze-* | microblazeel-* \ - | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ - | mips16-* \ - | mips64-* | mips64el-* \ - | mips64octeon-* | mips64octeonel-* \ - | mips64orion-* | mips64orionel-* \ - | mips64r5900-* | mips64r5900el-* \ - | mips64vr-* | mips64vrel-* \ - | mips64vr4100-* | mips64vr4100el-* \ - | mips64vr4300-* | mips64vr4300el-* \ - | mips64vr5000-* | mips64vr5000el-* \ - | mips64vr5900-* | mips64vr5900el-* \ - | mipsisa32-* | mipsisa32el-* \ - | mipsisa32r2-* | mipsisa32r2el-* \ - | mipsisa32r6-* | mipsisa32r6el-* \ - | mipsisa64-* | mipsisa64el-* \ - | mipsisa64r2-* | mipsisa64r2el-* \ - | mipsisa64r6-* | mipsisa64r6el-* \ - | mipsisa64sb1-* | mipsisa64sb1el-* \ - | mipsisa64sr71k-* | mipsisa64sr71kel-* \ - | mipsr5900-* | mipsr5900el-* \ - | mipstx39-* | mipstx39el-* \ - | mmix-* \ - | mt-* \ - | msp430-* \ - | nds32-* | nds32le-* | nds32be-* \ - | nios-* | nios2-* | nios2eb-* | nios2el-* \ - | none-* | np1-* | ns16k-* | ns32k-* \ - | open8-* \ - | or1k*-* \ - | orion-* \ - | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ - | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ - | pru-* \ - | pyramid-* \ - | riscv32-* | riscv64-* \ - | rl78-* | romp-* | rs6000-* | rx-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ - | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ - | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ - | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ - | tahoe-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ - | tile*-* \ - | tron-* \ - | ubicom32-* \ - | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ - | vax-* \ - | visium-* \ - | wasm32-* \ - | we32k-* \ - | x86-* | x86_64-* | xc16x-* | xps100-* \ - | xstormy16-* | xtensa*-* \ - | ymp-* \ - | z8k-* | z80-*) - ;; - # Recognize the basic CPU types without company name, with glob match. - xtensa*) - basic_machine=$basic_machine-unknown - ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. - 386bsd) - basic_machine=i386-pc - os=-bsd - ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) - basic_machine=m68000-att + cpu=m68000 + vendor=att ;; 3b*) - basic_machine=we32k-att - ;; - a29khif) - basic_machine=a29k-amd - os=-udi - ;; - abacus) - basic_machine=abacus-unknown - ;; - adobe68k) - basic_machine=m68010-adobe - os=-scout - ;; - alliant | fx80) - basic_machine=fx80-alliant - ;; - altos | altos3068) - basic_machine=m68k-altos - ;; - am29k) - basic_machine=a29k-none - os=-bsd - ;; - amd64) - basic_machine=x86_64-pc - ;; - amd64-*) - basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - amdahl) - basic_machine=580-amdahl - os=-sysv - ;; - amiga | amiga-*) - basic_machine=m68k-unknown - ;; - amigaos | amigados) - basic_machine=m68k-unknown - os=-amigaos - ;; - amigaunix | amix) - basic_machine=m68k-unknown - os=-sysv4 - ;; - apollo68) - basic_machine=m68k-apollo - os=-sysv - ;; - apollo68bsd) - basic_machine=m68k-apollo - os=-bsd - ;; - aros) - basic_machine=i386-pc - os=-aros - ;; - asmjs) - basic_machine=asmjs-unknown - ;; - aux) - basic_machine=m68k-apple - os=-aux - ;; - balance) - basic_machine=ns32k-sequent - os=-dynix - ;; - blackfin) - basic_machine=bfin-unknown - os=-linux - ;; - blackfin-*) - basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux + cpu=we32k + vendor=att ;; bluegene*) - basic_machine=powerpc-ibm - os=-cnk - ;; - c54x-*) - basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c55x-*) - basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c6x-*) - basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - c90) - basic_machine=c90-cray - os=-unicos - ;; - cegcc) - basic_machine=arm-unknown - os=-cegcc - ;; - convex-c1) - basic_machine=c1-convex - os=-bsd - ;; - convex-c2) - basic_machine=c2-convex - os=-bsd - ;; - convex-c32) - basic_machine=c32-convex - os=-bsd - ;; - convex-c34) - basic_machine=c34-convex - os=-bsd - ;; - convex-c38) - basic_machine=c38-convex - os=-bsd - ;; - cray | j90) - basic_machine=j90-cray - os=-unicos - ;; - craynv) - basic_machine=craynv-cray - os=-unicosmp - ;; - cr16 | cr16-*) - basic_machine=cr16-unknown - os=-elf - ;; - crds | unos) - basic_machine=m68k-crds - ;; - crisv32 | crisv32-* | etraxfs*) - basic_machine=crisv32-axis - ;; - cris | cris-* | etrax*) - basic_machine=cris-axis - ;; - crx) - basic_machine=crx-unknown - os=-elf - ;; - da30 | da30-*) - basic_machine=m68k-da30 - ;; - decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) - basic_machine=mips-dec + cpu=powerpc + vendor=ibm + basic_os=cnk ;; decsystem10* | dec10*) - basic_machine=pdp10-dec - os=-tops10 + cpu=pdp10 + vendor=dec + basic_os=tops10 ;; decsystem20* | dec20*) - basic_machine=pdp10-dec - os=-tops20 + cpu=pdp10 + vendor=dec + basic_os=tops20 ;; delta | 3300 | motorola-3300 | motorola-delta \ | 3300-motorola | delta-motorola) - basic_machine=m68k-motorola - ;; - delta88) - basic_machine=m88k-motorola - os=-sysv3 - ;; - dicos) - basic_machine=i686-pc - os=-dicos - ;; - djgpp) - basic_machine=i586-pc - os=-msdosdjgpp - ;; - dpx20 | dpx20-*) - basic_machine=rs6000-bull - os=-bosx + cpu=m68k + vendor=motorola ;; dpx2*) - basic_machine=m68k-bull - os=-sysv3 - ;; - e500v[12]) - basic_machine=powerpc-unknown - os=$os"spe" - ;; - e500v[12]-*) - basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=$os"spe" - ;; - ebmon29k) - basic_machine=a29k-amd - os=-ebmon - ;; - elxsi) - basic_machine=elxsi-elxsi - os=-bsd + cpu=m68k + vendor=bull + basic_os=sysv3 ;; encore | umax | mmax) - basic_machine=ns32k-encore + cpu=ns32k + vendor=encore ;; - es1800 | OSE68k | ose68k | ose | OSE) - basic_machine=m68k-ericsson - os=-ose + elxsi) + cpu=elxsi + vendor=elxsi + basic_os=${basic_os:-bsd} ;; fx2800) - basic_machine=i860-alliant + cpu=i860 + vendor=alliant ;; genix) - basic_machine=ns32k-ns - ;; - gmicro) - basic_machine=tron-gmicro - os=-sysv - ;; - go32) - basic_machine=i386-pc - os=-go32 + cpu=ns32k + vendor=ns ;; h3050r* | hiux*) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - h8300hms) - basic_machine=h8300-hitachi - os=-hms - ;; - h8300xray) - basic_machine=h8300-hitachi - os=-xray - ;; - h8500hms) - basic_machine=h8500-hitachi - os=-hms - ;; - harris) - basic_machine=m88k-harris - os=-sysv3 - ;; - hp300-*) - basic_machine=m68k-hp - ;; - hp300bsd) - basic_machine=m68k-hp - os=-bsd - ;; - hp300hpux) - basic_machine=m68k-hp - os=-hpux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; hp3k9[0-9][0-9] | hp9[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k2[0-9][0-9] | hp9k31[0-9]) - basic_machine=m68000-hp + cpu=m68000 + vendor=hp ;; hp9k3[2-9][0-9]) - basic_machine=m68k-hp + cpu=m68k + vendor=hp ;; hp9k6[0-9][0-9] | hp6[0-9][0-9]) - basic_machine=hppa1.0-hp + cpu=hppa1.0 + vendor=hp ;; hp9k7[0-79][0-9] | hp7[0-79][0-9]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k78[0-9] | hp78[0-9]) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) # FIXME: really hppa2.0-hp - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][13679] | hp8[0-9][13679]) - basic_machine=hppa1.1-hp + cpu=hppa1.1 + vendor=hp ;; hp9k8[0-9][0-9] | hp8[0-9][0-9]) - basic_machine=hppa1.0-hp - ;; - hppaosf) - basic_machine=hppa1.1-hp - os=-osf - ;; - hppro) - basic_machine=hppa1.1-hp - os=-proelf - ;; - i370-ibm* | ibm*) - basic_machine=i370-ibm + cpu=hppa1.0 + vendor=hp ;; i*86v32) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv32 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv32 ;; i*86v4*) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv4 + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv4 ;; i*86v) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-sysv + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=sysv ;; i*86sol2) - basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` - os=-solaris2 - ;; - i386mach) - basic_machine=i386-mach - os=-mach + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + basic_os=solaris2 ;; - vsta) - basic_machine=i386-unknown - os=-vsta + j90 | j90-cray) + cpu=j90 + vendor=cray + basic_os=${basic_os:-unicos} ;; iris | iris4d) - basic_machine=mips-sgi - case $os in - -irix*) + cpu=mips + vendor=sgi + case $basic_os in + irix*) ;; *) - os=-irix4 + basic_os=irix4 ;; esac ;; - isi68 | isi) - basic_machine=m68k-isi - os=-sysv - ;; - leon-*|leon[3-9]-*) - basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` - ;; - m68knommu) - basic_machine=m68k-unknown - os=-linux - ;; - m68knommu-*) - basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux - ;; - magnum | m3230) - basic_machine=mips-mips - os=-sysv - ;; - merlin) - basic_machine=ns32k-utek - os=-sysv - ;; - microblaze*) - basic_machine=microblaze-xilinx - ;; - mingw64) - basic_machine=x86_64-pc - os=-mingw64 - ;; - mingw32) - basic_machine=i686-pc - os=-mingw32 - ;; - mingw32ce) - basic_machine=arm-unknown - os=-mingw32ce - ;; miniframe) - basic_machine=m68000-convergent - ;; - *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) - basic_machine=m68k-atari - os=-mint - ;; - mips3*-*) - basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` - ;; - mips3*) - basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown - ;; - monitor) - basic_machine=m68k-rom68k - os=-coff - ;; - morphos) - basic_machine=powerpc-unknown - os=-morphos - ;; - moxiebox) - basic_machine=moxie-unknown - os=-moxiebox + cpu=m68000 + vendor=convergent ;; - msdos) - basic_machine=i386-pc - os=-msdos - ;; - ms1-*) - basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` - ;; - msys) - basic_machine=i686-pc - os=-msys - ;; - mvs) - basic_machine=i370-ibm - os=-mvs - ;; - nacl) - basic_machine=le32-unknown - os=-nacl - ;; - ncr3000) - basic_machine=i486-ncr - os=-sysv4 - ;; - netbsd386) - basic_machine=i386-unknown - os=-netbsd - ;; - netwinder) - basic_machine=armv4l-rebel - os=-linux - ;; - news | news700 | news800 | news900) - basic_machine=m68k-sony - os=-newsos - ;; - news1000) - basic_machine=m68030-sony - os=-newsos + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + basic_os=mint ;; news-3600 | risc-news) - basic_machine=mips-sony - os=-newsos - ;; - necv70) - basic_machine=v70-nec - os=-sysv + cpu=mips + vendor=sony + basic_os=newsos ;; next | m*-next) - basic_machine=m68k-next - case $os in - -nextstep* ) + cpu=m68k + vendor=next + case $basic_os in + openstep*) + ;; + nextstep*) ;; - -ns2*) - os=-nextstep2 + ns2*) + basic_os=nextstep2 ;; *) - os=-nextstep3 + basic_os=nextstep3 ;; esac ;; - nh3000) - basic_machine=m68k-harris - os=-cxux - ;; - nh[45]000) - basic_machine=m88k-harris - os=-cxux - ;; - nindy960) - basic_machine=i960-intel - os=-nindy - ;; - mon960) - basic_machine=i960-intel - os=-mon960 - ;; - nonstopux) - basic_machine=mips-compaq - os=-nonstopux - ;; np1) - basic_machine=np1-gould - ;; - neo-tandem) - basic_machine=neo-tandem - ;; - nse-tandem) - basic_machine=nse-tandem - ;; - nsr-tandem) - basic_machine=nsr-tandem - ;; - nsv-tandem) - basic_machine=nsv-tandem - ;; - nsx-tandem) - basic_machine=nsx-tandem + cpu=np1 + vendor=gould ;; op50n-* | op60c-*) - basic_machine=hppa1.1-oki - os=-proelf - ;; - openrisc | openrisc-*) - basic_machine=or32-unknown - ;; - os400) - basic_machine=powerpc-ibm - os=-os400 - ;; - OSE68000 | ose68000) - basic_machine=m68000-ericsson - os=-ose - ;; - os68k) - basic_machine=m68k-none - os=-os68k + cpu=hppa1.1 + vendor=oki + basic_os=proelf ;; pa-hitachi) - basic_machine=hppa1.1-hitachi - os=-hiuxwe2 - ;; - paragon) - basic_machine=i860-intel - os=-osf - ;; - parisc) - basic_machine=hppa-unknown - os=-linux - ;; - parisc-*) - basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` - os=-linux + cpu=hppa1.1 + vendor=hitachi + basic_os=hiuxwe2 ;; pbd) - basic_machine=sparc-tti + cpu=sparc + vendor=tti ;; pbb) - basic_machine=m68k-tti - ;; - pc532 | pc532-*) - basic_machine=ns32k-pc532 - ;; - pc98) - basic_machine=i386-pc + cpu=m68k + vendor=tti ;; - pc98-*) - basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - pentium | p5 | k5 | k6 | nexgen | viac3) - basic_machine=i586-pc - ;; - pentiumpro | p6 | 6x86 | athlon | athlon_*) - basic_machine=i686-pc - ;; - pentiumii | pentium2 | pentiumiii | pentium3) - basic_machine=i686-pc - ;; - pentium4) - basic_machine=i786-pc - ;; - pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - pentium4-*) - basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` + pc532) + cpu=ns32k + vendor=pc532 ;; pn) - basic_machine=pn-gould - ;; - power) basic_machine=power-ibm - ;; - ppc | ppcbe) basic_machine=powerpc-unknown + cpu=pn + vendor=gould ;; - ppc-* | ppcbe-*) - basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` - ;; - ppcle | powerpclittle) - basic_machine=powerpcle-unknown + power) + cpu=power + vendor=ibm ;; - ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ps2) + cpu=i386 + vendor=ibm ;; - ppc64) basic_machine=powerpc64-unknown + rm[46]00) + cpu=mips + vendor=siemens ;; - ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` + rtpc | rtpc-*) + cpu=romp + vendor=ibm ;; - ppc64le | powerpc64little) - basic_machine=powerpc64le-unknown + sde) + cpu=mipsisa32 + vendor=sde + basic_os=${basic_os:-elf} ;; - ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` + simso-wrs) + cpu=sparclite + vendor=wrs + basic_os=vxworks ;; - ps2) - basic_machine=i386-ibm + tower | tower-32) + cpu=m68k + vendor=ncr ;; - pw32) - basic_machine=i586-unknown - os=-pw32 + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu ;; - rdos | rdos64) - basic_machine=x86_64-pc - os=-rdos + w65) + cpu=w65 + vendor=wdc ;; - rdos32) - basic_machine=i386-pc - os=-rdos + w89k-*) + cpu=hppa1.1 + vendor=winbond + basic_os=proelf ;; - rom68k) - basic_machine=m68k-rom68k - os=-coff + none) + cpu=none + vendor=none ;; - rm[46]00) - basic_machine=mips-siemens + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine ;; - rtpc | rtpc-*) - basic_machine=romp-ibm + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` ;; - s390 | s390-*) - basic_machine=s390-ibm + + *-*) + # shellcheck disable=SC2162 + saved_IFS=$IFS + IFS="-" read cpu vendor <&2 - exit 1 + # Recognize the canonical CPU types that are allowed with any + # company name. + case $cpu in + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | abacus \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] \ + | alphapca5[67] | alpha64pca5[67] \ + | am33_2.0 \ + | amdgcn \ + | arc | arceb | arc32 | arc64 \ + | arm | arm[lb]e | arme[lb] | armv* \ + | avr | avr32 \ + | asmjs \ + | ba \ + | be32 | be64 \ + | bfin | bpf | bs2000 \ + | c[123]* | c30 | [cjt]90 | c4x \ + | c8051 | clipper | craynv | csky | cydra \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | elxsi | epiphany \ + | f30[01] | f700 | fido | fr30 | frv | ft32 | fx80 \ + | h8300 | h8500 \ + | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i*86 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | loongarch32 | loongarch64 | loongarchx32 \ + | m32c | m32r | m32rle \ + | m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \ + | m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \ + | m88110 | m88k | maxq | mb | mcore | mep | metag \ + | microblaze | microblazeel \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64eb | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r3 | mipsisa32r3el \ + | mipsisa32r5 | mipsisa32r5el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r3 | mipsisa64r3el \ + | mipsisa64r5 | mipsisa64r5el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mmix \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nfp \ + | nios | nios2 | nios2eb | nios2el \ + | none | np1 | ns16k | ns32k | nvptx \ + | open8 \ + | or1k* \ + | or32 \ + | orion \ + | picochip \ + | pdp10 | pdp11 | pj | pjl | pn | power \ + | powerpc | powerpc64 | powerpc64le | powerpcle | powerpcspe \ + | pru \ + | pyramid \ + | riscv | riscv32 | riscv32be | riscv64 | riscv64be \ + | rl78 | romp | rs6000 | rx \ + | s390 | s390x \ + | score \ + | sh | shl \ + | sh[1234] | sh[24]a | sh[24]ae[lb] | sh[23]e | she[lb] | sh[lb]e \ + | sh[1234]e[lb] | sh[12345][lb]e | sh[23]ele | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet \ + | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v | sv1 | sx* \ + | spu \ + | tahoe \ + | thumbv7* \ + | tic30 | tic4x | tic54x | tic55x | tic6x | tic80 \ + | tron \ + | ubicom32 \ + | v70 | v850 | v850e | v850e1 | v850es | v850e2 | v850e2v3 \ + | vax \ + | visium \ + | w65 \ + | wasm32 | wasm64 \ + | we32k \ + | x86 | x86_64 | xc16x | xgate | xps100 \ + | xstormy16 | xtensa* \ + | ymp \ + | z8k | z80) + ;; + + *) + echo Invalid configuration \`"$1"\': machine \`"$cpu-$vendor"\' not recognized 1>&2 + exit 1 + ;; + esac ;; esac # Here we canonicalize certain aliases for manufacturers. -case $basic_machine in - *-digital*) - basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` +case $vendor in + digital*) + vendor=dec ;; - *-commodore*) - basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` + commodore*) + vendor=cbm ;; *) ;; @@ -1334,203 +1306,215 @@ esac # Decode manufacturer-specific aliases for certain operating systems. -if [ x"$os" != x"" ] +if test x$basic_os != x then + +# First recognize some ad-hoc cases, or perhaps split kernel-os, or else just +# set os. +case $basic_os in + gnu/linux*) + kernel=linux + os=`echo "$basic_os" | sed -e 's|gnu/linux|gnu|'` + ;; + os2-emx) + kernel=os2 + os=`echo "$basic_os" | sed -e 's|os2-emx|emx|'` + ;; + nto-qnx*) + kernel=nto + os=`echo "$basic_os" | sed -e 's|nto-qnx|qnx|'` + ;; + *-*) + # shellcheck disable=SC2162 + saved_IFS=$IFS + IFS="-" read kernel os <&2 - exit 1 + # No normalization, but not necessarily accepted, that comes below. ;; esac + else # Here we handle the default operating systems that come with various machines. @@ -1543,258 +1527,363 @@ else # will signal an error saying that MANUFACTURER isn't an operating # system, and we'll never get to this point. -case $basic_machine in +kernel= +case $cpu-$vendor in score-*) - os=-elf + os=elf ;; spu-*) - os=-elf + os=elf ;; *-acorn) - os=-riscix1.2 + os=riscix1.2 ;; arm*-rebel) - os=-linux + kernel=linux + os=gnu ;; arm*-semi) - os=-aout + os=aout ;; c4x-* | tic4x-*) - os=-coff + os=coff ;; c8051-*) - os=-elf + os=elf + ;; + clipper-intergraph) + os=clix ;; hexagon-*) - os=-elf + os=elf ;; tic54x-*) - os=-coff + os=coff ;; tic55x-*) - os=-coff + os=coff ;; tic6x-*) - os=-coff + os=coff ;; # This must come before the *-dec entry. pdp10-*) - os=-tops20 + os=tops20 ;; pdp11-*) - os=-none + os=none ;; *-dec | vax-*) - os=-ultrix4.2 + os=ultrix4.2 ;; m68*-apollo) - os=-domain + os=domain ;; i386-sun) - os=-sunos4.0.2 + os=sunos4.0.2 ;; m68000-sun) - os=-sunos3 + os=sunos3 ;; m68*-cisco) - os=-aout + os=aout ;; mep-*) - os=-elf + os=elf ;; mips*-cisco) - os=-elf + os=elf ;; mips*-*) - os=-elf + os=elf ;; or32-*) - os=-coff + os=coff ;; *-tti) # must be before sparc entry or we get the wrong os. - os=-sysv3 + os=sysv3 ;; sparc-* | *-sun) - os=-sunos4.1.1 + os=sunos4.1.1 ;; pru-*) - os=-elf + os=elf ;; *-be) - os=-beos + os=beos ;; *-ibm) - os=-aix + os=aix ;; *-knuth) - os=-mmixware + os=mmixware ;; *-wec) - os=-proelf + os=proelf ;; *-winbond) - os=-proelf + os=proelf ;; *-oki) - os=-proelf + os=proelf ;; *-hp) - os=-hpux + os=hpux ;; *-hitachi) - os=-hiux + os=hiux ;; i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) - os=-sysv + os=sysv ;; *-cbm) - os=-amigaos + os=amigaos ;; *-dg) - os=-dgux + os=dgux ;; *-dolphin) - os=-sysv3 + os=sysv3 ;; m68k-ccur) - os=-rtu + os=rtu ;; m88k-omron*) - os=-luna + os=luna ;; *-next) - os=-nextstep + os=nextstep ;; *-sequent) - os=-ptx + os=ptx ;; *-crds) - os=-unos + os=unos ;; *-ns) - os=-genix + os=genix ;; i370-*) - os=-mvs + os=mvs ;; *-gould) - os=-sysv + os=sysv ;; *-highlevel) - os=-bsd + os=bsd ;; *-encore) - os=-bsd + os=bsd ;; *-sgi) - os=-irix + os=irix ;; *-siemens) - os=-sysv4 + os=sysv4 ;; *-masscomp) - os=-rtu + os=rtu ;; f30[01]-fujitsu | f700-fujitsu) - os=-uxpv + os=uxpv ;; *-rom68k) - os=-coff + os=coff ;; *-*bug) - os=-coff + os=coff ;; *-apple) - os=-macos + os=macos ;; *-atari*) - os=-mint + os=mint + ;; + *-wrs) + os=vxworks ;; *) - os=-none + os=none ;; esac + fi +# Now, validate our (potentially fixed-up) OS. +case $os in + # Sometimes we do "kernel-libc", so those need to count as OSes. + musl* | newlib* | relibc* | uclibc*) + ;; + # Likewise for "kernel-abi" + eabi* | gnueabi*) + ;; + # VxWorks passes extra cpu info in the 4th filed. + simlinux | simwindows | spe) + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + gnu* | android* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]* \ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | plan9* | psp* | sim* | xray* | os68k* | v88r* \ + | hiux* | abug | nacl* | netware* | windows* \ + | os9* | macos* | osx* | ios* \ + | mpw* | magic* | mmixware* | mon960* | lnews* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* | twizzler* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | mirbsd* | netbsd* | dicos* | openedition* | ose* \ + | bitrig* | openbsd* | secbsd* | solidbsd* | libertybsd* | os108* \ + | ekkobsd* | freebsd* | riscix* | lynxos* | os400* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* | serenity* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | mint* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* | morphos* \ + | scout* | superux* | sysv* | rtmk* | tpf* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \ + | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \ + | fiwix* ) + ;; + # This one is extra strict with allowed versions + sco3.2v2 | sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + none) + ;; + *) + echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac + +# As a final step for OS-related things, validate the OS-kernel combination +# (given a valid OS), if there is a kernel. +case $kernel-$os in + linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \ + | linux-musl* | linux-relibc* | linux-uclibc* ) + ;; + uclinux-uclibc* ) + ;; + -dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* ) + # These are just libc implementations, not actual OSes, and thus + # require a kernel. + echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2 + exit 1 + ;; + kfreebsd*-gnu* | kopensolaris*-gnu*) + ;; + vxworks-simlinux | vxworks-simwindows | vxworks-spe) + ;; + nto-qnx*) + ;; + os2-emx) + ;; + *-eabi* | *-gnueabi*) + ;; + -*) + # Blank kernel with real OS is always fine. + ;; + *-*) + echo "Invalid configuration \`$1': Kernel \`$kernel' not known to work with OS \`$os'." 1>&2 + exit 1 + ;; +esac + # Here we handle the case where we know the os, and the CPU type, but not the # manufacturer. We pick the logical manufacturer. -vendor=unknown -case $basic_machine in - *-unknown) - case $os in - -riscix*) +case $vendor in + unknown) + case $cpu-$os in + *-riscix*) vendor=acorn ;; - -sunos*) + *-sunos*) vendor=sun ;; - -cnk*|-aix*) + *-cnk* | *-aix*) vendor=ibm ;; - -beos*) + *-beos*) vendor=be ;; - -hpux*) + *-hpux*) vendor=hp ;; - -mpeix*) + *-mpeix*) vendor=hp ;; - -hiux*) + *-hiux*) vendor=hitachi ;; - -unos*) + *-unos*) vendor=crds ;; - -dgux*) + *-dgux*) vendor=dg ;; - -luna*) + *-luna*) vendor=omron ;; - -genix*) + *-genix*) vendor=ns ;; - -mvs* | -opened*) + *-clix*) + vendor=intergraph + ;; + *-mvs* | *-opened*) + vendor=ibm + ;; + *-os400*) vendor=ibm ;; - -os400*) + s390-* | s390x-*) vendor=ibm ;; - -ptx*) + *-ptx*) vendor=sequent ;; - -tpf*) + *-tpf*) vendor=ibm ;; - -vxsim* | -vxworks* | -windiss*) + *-vxsim* | *-vxworks* | *-windiss*) vendor=wrs ;; - -aux*) + *-aux*) vendor=apple ;; - -hms*) + *-hms*) vendor=hitachi ;; - -mpw* | -macos*) + *-mpw* | *-macos*) vendor=apple ;; - -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + *-*mint | *-mint[0-9]* | *-*MiNT | *-MiNT[0-9]*) vendor=atari ;; - -vos*) + *-vos*) vendor=stratus ;; esac - basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo "$basic_machine$os" +echo "$cpu-$vendor-${kernel:+$kernel-}$os" exit # Local variables: -# eval: (add-hook 'write-file-functions 'time-stamp) +# eval: (add-hook 'before-save-hook 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/auto/depcomp b/auto/depcomp index 6b391623..715e3431 100755 --- a/auto/depcomp +++ b/auto/depcomp @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2020 Free Software Foundation, Inc. +# Copyright (C) 1999-2021 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/auto/ltmain.sh b/auto/ltmain.sh index 21e5e078..540a92ab 100755 --- a/auto/ltmain.sh +++ b/auto/ltmain.sh @@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.6 Debian-2.4.6-15" +VERSION="2.4.6 Debian-2.4.6-15build2" package_revision=2.4.6 @@ -2141,7 +2141,7 @@ include the following information: compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.6-15 + version: $progname $scriptversion Debian-2.4.6-15build2 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` diff --git a/auto/missing b/auto/missing index 8d0eaad2..1fe1611f 100755 --- a/auto/missing +++ b/auto/missing @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2020 Free Software Foundation, Inc. +# Copyright (C) 1996-2021 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify diff --git a/configure b/configure index 435f6a10..d475f3ff 100755 --- a/configure +++ b/configure @@ -1,9 +1,10 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for stunnel 5.65. +# Generated by GNU Autoconf 2.71 for stunnel 5.71. # # -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Inc. # # # This configure script is free software; the Free Software Foundation @@ -14,14 +15,16 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -31,46 +34,46 @@ esac fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -94,8 +90,12 @@ case $0 in #(( for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -107,30 +107,10 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. @@ -152,20 +132,22 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + as_bourne_compatible="as_nop=: +if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else +else \$as_nop case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( @@ -185,12 +167,15 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : +if ( set x; as_fn_ret_success y && test x = \"\$1\" ) +then : -else +else \$as_nop exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 +blah=\$(echo \$(echo blah)) +test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO @@ -205,30 +190,38 @@ test \$(( 1 + 1 )) = 2 || exit 1 PATH=/empty FPATH=/empty; export PATH FPATH test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" - if (eval "$as_required") 2>/dev/null; then : + if (eval "$as_required") 2>/dev/null +then : as_have_required=yes -else +else $as_nop as_have_required=no fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null +then : -else +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base + as_shell=$as_dir$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null +then : break 2 fi fi @@ -236,14 +229,21 @@ fi esac as_found=false done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi +fi - if test "x$CONFIG_SHELL" != x; then : + if test "x$CONFIG_SHELL" != x +then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also @@ -261,18 +261,19 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." + if test x$as_have_required = xno +then : + printf "%s\n" "$0: This script requires a shell more modern than all" + printf "%s\n" "$0: the shells that I found on your system." + if test ${ZSH_VERSION+y} ; then + printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" + printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." else - $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, + printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." @@ -299,6 +300,7 @@ as_fn_unset () } as_unset=as_fn_unset + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -316,6 +318,14 @@ as_fn_exit () as_fn_set_status $1 exit $1 } # as_fn_exit +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -330,7 +340,7 @@ as_fn_mkdir_p () as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -339,7 +349,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -378,12 +388,13 @@ as_fn_executable_p () # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -395,18 +406,27 @@ fi # as_fn_append # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -418,9 +438,9 @@ as_fn_error () as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -447,7 +467,7 @@ as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -491,7 +511,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall @@ -505,6 +525,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits exit } + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -518,6 +542,13 @@ case `echo -n x` in #((((( ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -587,48 +618,44 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='stunnel' PACKAGE_TARNAME='stunnel' -PACKAGE_VERSION='5.65' -PACKAGE_STRING='stunnel 5.65' +PACKAGE_VERSION='5.71' +PACKAGE_STRING='stunnel 5.71' PACKAGE_BUGREPORT='' PACKAGE_URL='' ac_unique_file="src/stunnel.c" # Factoring default headers for most tests. ac_includes_default="\ -#include -#ifdef HAVE_SYS_TYPES_H -# include -#endif -#ifdef HAVE_SYS_STAT_H -# include +#include +#ifdef HAVE_STDIO_H +# include #endif -#ifdef STDC_HEADERS +#ifdef HAVE_STDLIB_H # include -# include -#else -# ifdef HAVE_STDLIB_H -# include -# endif #endif #ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include -# endif # include #endif -#ifdef HAVE_STRINGS_H -# include -#endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif #ifdef HAVE_UNISTD_H # include #endif" +ac_header_c_list= ac_subst_vars='am__EXEEXT_FALSE am__EXEEXT_TRUE LTLIBOBJS @@ -666,10 +693,6 @@ GREP CPP SED bashcompdir -with_bashcompdir -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG am__fastdepCC_FALSE am__fastdepCC_TRUE CCDEPMODE @@ -796,10 +819,6 @@ CFLAGS LDFLAGS LIBS CPPFLAGS -PKG_CONFIG -PKG_CONFIG_PATH -PKG_CONFIG_LIBDIR -with_bashcompdir CPP LT_SYS_LIBRARY_PATH' @@ -870,8 +889,6 @@ do *) ac_optarg=yes ;; esac - # Accept the important Cygnus configure options, so we can diagnose typos. - case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; @@ -912,9 +929,9 @@ do ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -938,9 +955,9 @@ do ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid feature name: $ac_useropt" + as_fn_error $? "invalid feature name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" @@ -1151,9 +1168,9 @@ do ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1167,9 +1184,9 @@ do ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && - as_fn_error $? "invalid package name: $ac_useropt" + as_fn_error $? "invalid package name: \`$ac_useropt'" ac_useropt_orig=$ac_useropt - ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + ac_useropt=`printf "%s\n" "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" @@ -1213,9 +1230,9 @@ Try \`$0 --help' for more information" *) # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; @@ -1231,7 +1248,7 @@ if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; - *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + *) printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi @@ -1295,7 +1312,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | +printf "%s\n" X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -1352,7 +1369,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures stunnel 5.65 to adapt to many kinds of systems. +\`configure' configures stunnel 5.71 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1423,7 +1440,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of stunnel 5.65:";; + short | recursive ) echo "Configuration of stunnel 5.71:";; esac cat <<\_ACEOF @@ -1473,14 +1490,6 @@ Some influential environment variables: LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory - PKG_CONFIG path to pkg-config utility - PKG_CONFIG_PATH - directories to add to pkg-config's search path - PKG_CONFIG_LIBDIR - path overriding pkg-config's built-in search path - with_bashcompdir - value of completionsdir for bash-completion, overriding - pkg-config CPP C preprocessor LT_SYS_LIBRARY_PATH User-defined run-time library search path. @@ -1504,9 +1513,9 @@ if test "$ac_init_help" = "recursive"; then case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -1534,7 +1543,8 @@ esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. + # Check for configure.gnu first; this name is used for a wrapper for + # Metaconfig's "Configure" on case-insensitive file systems. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive @@ -1542,7 +1552,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix echo && $SHELL "$ac_srcdir/configure" --help=recursive else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done @@ -1551,10 +1561,10 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -stunnel configure 5.65 -generated by GNU Autoconf 2.69 +stunnel configure 5.71 +generated by GNU Autoconf 2.71 -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1571,14 +1581,14 @@ fi ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext + rm -f conftest.$ac_objext conftest.beam if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1586,14 +1596,15 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err - } && test -s conftest.$ac_objext; then : + } && test -s conftest.$ac_objext +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1609,14 +1620,14 @@ fi ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext + rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1624,17 +1635,18 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext - }; then : + } +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1661,7 +1673,7 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1669,14 +1681,15 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err - }; then : + } +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1693,83 +1706,44 @@ fi ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. @@ -1777,16 +1751,9 @@ else #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer to if __STDC__ is defined, since - exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include -#else -# include -#endif + which can conflict with char $2 (); below. */ +#include #undef $2 /* Override any GCC internal prototype to avoid an error. @@ -1804,24 +1771,25 @@ choke me #endif int -main () +main (void) { return $2 (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func @@ -1833,11 +1801,12 @@ $as_echo "$ac_res" >&6; } ac_fn_c_find_intX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 -$as_echo_n "checking for int$2_t... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 +printf %s "checking for int$2_t... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop eval "$3=no" # Order is important - never check a type that is potentially smaller # than half of the expected target width. @@ -1848,7 +1817,7 @@ else $ac_includes_default enum { N = $2 / 2 - 1 }; int -main () +main (void) { static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; test_array [0] = 0; @@ -1858,13 +1827,14 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default enum { N = $2 / 2 - 1 }; int -main () +main (void) { static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; @@ -1875,9 +1845,10 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop case $ac_type in #( int$2_t) : eval "$3=yes" ;; #( @@ -1885,19 +1856,20 @@ else eval "$3=\$ac_type" ;; esac fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if eval test \"x\$"$3"\" = x"no"; then : +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no" +then : -else +else $as_nop break fi done fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_find_intX_t @@ -1909,11 +1881,12 @@ $as_echo "$ac_res" >&6; } ac_fn_c_find_uintX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 -$as_echo_n "checking for uint$2_t... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uint$2_t" >&5 +printf %s "checking for uint$2_t... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop eval "$3=no" # Order is important - never check a type that is potentially smaller # than half of the expected target width. @@ -1923,7 +1896,7 @@ else /* end confdefs.h. */ $ac_includes_default int -main () +main (void) { static int test_array [1 - 2 * !((($ac_type) -1 >> ($2 / 2 - 1)) >> ($2 / 2 - 1) == 3)]; test_array [0] = 0; @@ -1933,7 +1906,8 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : case $ac_type in #( uint$2_t) : eval "$3=yes" ;; #( @@ -1941,17 +1915,18 @@ if ac_fn_c_try_compile "$LINENO"; then : eval "$3=\$ac_type" ;; esac fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if eval test \"x\$"$3"\" = x"no"; then : +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + if eval test \"x\$"$3"\" = x"no" +then : -else +else $as_nop break fi done fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_find_uintX_t @@ -1963,17 +1938,18 @@ $as_echo "$ac_res" >&6; } ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof ($2)) return 0; @@ -1981,12 +1957,13 @@ if (sizeof ($2)) return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof (($2))) return 0; @@ -1994,109 +1971,23 @@ if (sizeof (($2))) return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop eval "$3=yes" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including @@ -2104,16 +1995,17 @@ fi ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +printf %s "checking for $2.$3... " >&6; } +if eval test \${$4+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (ac_aggr.$3) @@ -2122,14 +2014,15 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (sizeof ac_aggr.$3) @@ -2138,29 +2031,50 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop eval "$4=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member +ac_configure_args_raw= +for ac_arg +do + case $ac_arg in + *\'*) + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append ac_configure_args_raw " '$ac_arg'" +done + +case $ac_configure_args_raw in + *$as_nl*) + ac_safe_unquote= ;; + *) + ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab. + ac_unsafe_a="$ac_unsafe_z#~" + ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g" + ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;; +esac + cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by stunnel $as_me 5.65, which was -generated by GNU Autoconf 2.69. Invocation command line was +It was created by stunnel $as_me 5.71, which was +generated by GNU Autoconf 2.71. Invocation command line was - $ $0 $@ + $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log @@ -2193,8 +2107,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + printf "%s\n" "PATH: $as_dir" done IFS=$as_save_IFS @@ -2229,7 +2147,7 @@ do | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; @@ -2264,11 +2182,13 @@ done # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? + # Sanitize IFS. + IFS=" "" $as_nl" # Save into config.log some information that might help in debugging. { echo - $as_echo "## ---------------- ## + printf "%s\n" "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo @@ -2279,8 +2199,8 @@ trap 'exit_status=$? case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -2304,7 +2224,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ) echo - $as_echo "## ----------------- ## + printf "%s\n" "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo @@ -2312,14 +2232,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## + printf "%s\n" "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo @@ -2327,15 +2247,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then - $as_echo "## ----------- ## + printf "%s\n" "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo @@ -2343,8 +2263,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; echo fi test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" + printf "%s\n" "$as_me: caught signal $ac_signal" + printf "%s\n" "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && @@ -2358,63 +2278,48 @@ ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h -$as_echo "/* confdefs.h */" > confdefs.h +printf "%s\n" "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF +printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF +printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF +printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF +printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF +printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_URL "$PACKAGE_URL" -_ACEOF +printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac + ac_site_files="$CONFIG_SITE" elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site + ac_site_files="$prefix/share/config.site $prefix/etc/config.site" else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site + ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" + +for ac_site_file in $ac_site_files do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} + case $ac_site_file in #( + */*) : + ;; #( + *) : + ac_site_file=./$ac_site_file ;; +esac + if test -f "$ac_site_file" && test -r "$ac_site_file"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi @@ -2424,19 +2329,434 @@ if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +printf "%s\n" "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +printf "%s\n" "$as_me: creating cache $cache_file" >&6;} >$cache_file fi +# Test code for whether the C compiler supports C89 (global declarations) +ac_c_conftest_c89_globals=' +/* Does the compiler advertise C89 conformance? + Do not test the value of __STDC__, because some compilers set it to 0 + while being otherwise adequately conformant. */ +#if !defined __STDC__ +# error "Compiler does not advertise C89 conformance" +#endif + +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ +struct buf { int x; }; +struct buf * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not \xHH hex character constants. + These do not provoke an error unfortunately, instead are silently treated + as an "x". The following induces an error, until -std is added to get + proper ANSI mode. Curiously \x00 != x always comes out true, for an + array size at least. It is necessary to write \x00 == 0 to get something + that is true only with -std. */ +int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) '\''x'\'' +int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), + int, int);' + +# Test code for whether the C compiler supports C89 (body of main). +ac_c_conftest_c89_main=' +ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); +' + +# Test code for whether the C compiler supports C99 (global declarations) +ac_c_conftest_c99_globals=' +// Does the compiler advertise C99 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L +# error "Compiler does not advertise C99 conformance" +#endif + +#include +extern int puts (const char *); +extern int printf (const char *, ...); +extern int dprintf (int, const char *, ...); +extern void *malloc (size_t); + +// Check varargs macros. These examples are taken from C99 6.10.3.5. +// dprintf is used instead of fprintf to avoid needing to declare +// FILE and stderr. +#define debug(...) dprintf (2, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + #error "your preprocessor is broken" +#endif +#if BIG_OK +#else + #error "your preprocessor is broken" +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; + +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) + continue; + return 0; +} + +// Check varargs and va_copy. +static bool +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str = ""; + int number = 0; + float fnumber = 0; + + while (*format) + { + switch (*format++) + { + case '\''s'\'': // string + str = va_arg (args_copy, const char *); + break; + case '\''d'\'': // int + number = va_arg (args_copy, int); + break; + case '\''f'\'': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); + + return *str && number && fnumber; +} +' + +# Test code for whether the C compiler supports C99 (body of main). +ac_c_conftest_c99_main=' + // Check bool. + _Bool success = false; + success |= (argc != 0); + + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[0] = argv[0][0]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' + || dynamic_array[ni.number - 1] != 543); +' + +# Test code for whether the C compiler supports C11 (global declarations) +ac_c_conftest_c11_globals=' +// Does the compiler advertise C11 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L +# error "Compiler does not advertise C11 conformance" +#endif + +// Check _Alignas. +char _Alignas (double) aligned_as_double; +char _Alignas (0) no_special_alignment; +extern char aligned_as_int; +char _Alignas (0) _Alignas (int) aligned_as_int; + +// Check _Alignof. +enum +{ + int_alignment = _Alignof (int), + int_array_alignment = _Alignof (int[100]), + char_alignment = _Alignof (char) +}; +_Static_assert (0 < -_Alignof (int), "_Alignof is signed"); + +// Check _Noreturn. +int _Noreturn does_not_return (void) { for (;;) continue; } + +// Check _Static_assert. +struct test_static_assert +{ + int x; + _Static_assert (sizeof (int) <= sizeof (long int), + "_Static_assert does not work in struct"); + long int y; +}; + +// Check UTF-8 literals. +#define u8 syntax error! +char const utf8_literal[] = u8"happens to be ASCII" "another string"; + +// Check duplicate typedefs. +typedef long *long_ptr; +typedef long int *long_ptr; +typedef long_ptr long_ptr; + +// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. +struct anonymous +{ + union { + struct { int i; int j; }; + struct { int k; long int l; } w; + }; + int m; +} v1; +' + +# Test code for whether the C compiler supports C11 (body of main). +ac_c_conftest_c11_main=' + _Static_assert ((offsetof (struct anonymous, i) + == offsetof (struct anonymous, w.k)), + "Anonymous union alignment botch"); + v1.i = 2; + v1.w.k = 5; + ok |= v1.i != 5; +' + +# Test code for whether the C compiler supports C11 (complete). +ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} +${ac_c_conftest_c11_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + ${ac_c_conftest_c11_main} + return ok; +} +" + +# Test code for whether the C compiler supports C99 (complete). +ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + return ok; +} +" + +# Test code for whether the C compiler supports C89 (complete). +ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + return ok; +} +" + +as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" +as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" +as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" +as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" +as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" +as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" +as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" +as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" +as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" + +# Auxiliary files required by this configure script. +ac_aux_files="ltmain.sh compile config.guess config.sub missing install-sh" + +# Locations in which to look for auxiliary files. +ac_aux_dir_candidates="${srcdir}/auto" + +# Search for a directory containing all of the required auxiliary files, +# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates. +# If we don't find one directory that contains all the files we need, +# we report the set of missing files from the *first* directory in +# $ac_aux_dir_candidates and give up. +ac_missing_aux_files="" +ac_first_candidate=: +printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5 +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in $ac_aux_dir_candidates +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + as_found=: + + printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5 + ac_aux_dir_found=yes + ac_install_sh= + for ac_aux in $ac_aux_files + do + # As a special case, if "install-sh" is required, that requirement + # can be satisfied by any of "install-sh", "install.sh", or "shtool", + # and $ac_install_sh is set appropriately for whichever one is found. + if test x"$ac_aux" = x"install-sh" + then + if test -f "${as_dir}install-sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5 + ac_install_sh="${as_dir}install-sh -c" + elif test -f "${as_dir}install.sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5 + ac_install_sh="${as_dir}install.sh -c" + elif test -f "${as_dir}shtool"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5 + ac_install_sh="${as_dir}shtool install -c" + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} install-sh" + else + break + fi + fi + else + if test -f "${as_dir}${ac_aux}"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5 + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}" + else + break + fi + fi + fi + done + if test "$ac_aux_dir_found" = yes; then + ac_aux_dir="$as_dir" + break + fi + ac_first_candidate=false + + as_found=false +done +IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +fi + + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +if test -f "${ac_aux_dir}config.guess"; then + ac_config_guess="$SHELL ${ac_aux_dir}config.guess" +fi +if test -f "${ac_aux_dir}config.sub"; then + ac_config_sub="$SHELL ${ac_aux_dir}config.sub" +fi +if test -f "$ac_aux_dir/configure"; then + ac_configure="$SHELL ${ac_aux_dir}configure" +fi + # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -2447,12 +2767,12 @@ for ac_var in $ac_precious_vars; do eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -2461,24 +2781,24 @@ $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in @@ -2488,11 +2808,12 @@ $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi done if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -2505,36 +2826,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** initialization" >&5 -$as_echo "$as_me: **************************************** initialization" >&6;} -ac_aux_dir= -for ac_dir in auto "$srcdir"/auto; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in auto \"$srcdir\"/auto" "$LINENO" 5 -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. - +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** initialization" >&5 +printf "%s\n" "$as_me: **************************************** initialization" >&6;} ac_config_headers="$ac_config_headers src/config.h" @@ -2542,7 +2835,9 @@ ac_config_headers="$ac_config_headers src/config.h" am__api_version='1.16' -# Find a good install program. We prefer a C program (faster), + + + # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install @@ -2556,20 +2851,25 @@ am__api_version='1.16' # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +printf %s "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test ${ac_cv_path_install+y} +then : + printf %s "(cached) " >&6 +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in #(( - ./ | .// | /[cC]/* | \ + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + # Account for fact that we put trailing slashes in our PATH walk. +case $as_dir in #(( + ./ | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; @@ -2579,13 +2879,13 @@ case $as_dir/ in #(( # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else @@ -2593,12 +2893,12 @@ case $as_dir/ in #(( echo one > conftest.one echo two > conftest.two mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c" break 3 fi fi @@ -2614,7 +2914,7 @@ IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi - if test "${ac_cv_path_install+set}" = set; then + if test ${ac_cv_path_install+y}; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a @@ -2624,8 +2924,8 @@ fi INSTALL=$ac_install_sh fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +printf "%s\n" "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. @@ -2635,8 +2935,8 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 -$as_echo_n "checking whether build environment is sane... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +printf %s "checking whether build environment is sane... " >&6; } # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' @@ -2690,8 +2990,8 @@ else as_fn_error $? "newly created file is older than distributed files! Check your system clock" "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= @@ -2710,12 +3010,14 @@ test "$program_suffix" != NONE && # Double any \ or $. # By default was `s,x,x', remove it if useless. ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' -program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` +program_transform_name=`printf "%s\n" "$program_transform_name" | sed "$ac_script"` + # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` -if test x"${MISSING+set}" != xset; then + + if test x"${MISSING+set}" != xset; then MISSING="\${SHELL} '$am_aux_dir/missing'" fi # Use eval to expand $SHELL @@ -2723,8 +3025,8 @@ if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +printf "%s\n" "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi if test x"${install_sh+set}" != xset; then @@ -2744,11 +3046,12 @@ if test "$cross_compiling" != no; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else @@ -2756,11 +3059,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2771,11 +3078,11 @@ fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +printf "%s\n" "$STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -2784,11 +3091,12 @@ if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else @@ -2796,11 +3104,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2811,11 +3123,11 @@ fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +printf "%s\n" "$ac_ct_STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then @@ -2823,8 +3135,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP @@ -2836,25 +3148,31 @@ fi fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 -$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a race-free mkdir -p" >&5 +printf %s "checking for a race-free mkdir -p... " >&6; } if test -z "$MKDIR_P"; then - if ${ac_cv_path_mkdir+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${ac_cv_path_mkdir+y} +then : + printf %s "(cached) " >&6 +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_prog in mkdir gmkdir; do for ac_exec_ext in '' $ac_executable_extensions; do - as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue - case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( - 'mkdir (GNU coreutils) '* | \ - 'mkdir (coreutils) '* | \ + as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext" || continue + case `"$as_dir$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir ('*'coreutils) '* | \ + 'BusyBox '* | \ 'mkdir (fileutils) '4.1*) - ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + ac_cv_path_mkdir=$as_dir$ac_prog$ac_exec_ext break 3;; esac done @@ -2865,7 +3183,7 @@ IFS=$as_save_IFS fi test -d ./--version && rmdir ./--version - if test "${ac_cv_path_mkdir+set}" = set; then + if test ${ac_cv_path_mkdir+y}; then MKDIR_P="$ac_cv_path_mkdir -p" else # As a last resort, use the slow shell script. Don't cache a @@ -2875,18 +3193,19 @@ fi MKDIR_P="$ac_install_sh -d" fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 -$as_echo "$MKDIR_P" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +printf "%s\n" "$MKDIR_P" >&6; } for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AWK+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else @@ -2894,11 +3213,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2909,24 +3232,25 @@ fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +printf "%s\n" "$AWK" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi test -n "$AWK" && break done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 -$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} -ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval test \${ac_cv_prog_make_${ac_make}_set+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @@ -2942,12 +3266,12 @@ esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } SET_MAKE= else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi @@ -2961,7 +3285,8 @@ fi rmdir .tst 2>/dev/null # Check whether --enable-silent-rules was given. -if test "${enable_silent_rules+set}" = set; then : +if test ${enable_silent_rules+y} +then : enableval=$enable_silent_rules; fi @@ -2971,12 +3296,13 @@ case $enable_silent_rules in # ((( *) AM_DEFAULT_VERBOSITY=1;; esac am_make=${MAKE-make} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 -$as_echo_n "checking whether $am_make supports nested variables... " >&6; } -if ${am_cv_make_support_nested_variables+:} false; then : - $as_echo_n "(cached) " >&6 -else - if $as_echo 'TRUE=$(BAR$(V)) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +printf %s "checking whether $am_make supports nested variables... " >&6; } +if test ${am_cv_make_support_nested_variables+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if printf "%s\n" 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 @@ -2988,8 +3314,8 @@ else am_cv_make_support_nested_variables=no fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 -$as_echo "$am_cv_make_support_nested_variables" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' @@ -3021,17 +3347,13 @@ fi # Define the identity of the package. PACKAGE='stunnel' - VERSION='5.65' + VERSION='5.71' -cat >>confdefs.h <<_ACEOF -#define PACKAGE "$PACKAGE" -_ACEOF +printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define VERSION "$VERSION" -_ACEOF +printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h # Some tools Automake needs. @@ -3129,26 +3451,29 @@ END fi -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else + + # Make sure we can run config.sub. +$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5 + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +printf %s "checking build system type... " >&6; } +if test ${ac_cv_build+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_build_alias=$build_alias test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` + ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 +ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +printf "%s\n" "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; @@ -3167,21 +3492,22 @@ IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +printf %s "checking host system type... " >&6; } +if test ${ac_cv_host+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +printf "%s\n" "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; @@ -3202,42 +3528,49 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac -cat >>confdefs.h <<_ACEOF -#define HOST "$host" -_ACEOF +printf "%s\n" "#define HOST \"${host}\"" >>confdefs.h cat >>confdefs.h <<_ACEOF -#define `echo CPU_$host_cpu | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo CPU_${host_cpu} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF cat >>confdefs.h <<_ACEOF -#define `echo VENDOR_$host_vendor | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo VENDOR_${host_vendor} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF cat >>confdefs.h <<_ACEOF -#define `echo OS_$host_os | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 +#define `echo OS_${host_os} | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_` 1 _ACEOF -case "$host_os" in +case "${host_os}" in *darwin*) # OSX does not declare ucontext without _XOPEN_SOURCE -$as_echo "#define _XOPEN_SOURCE 500" >>confdefs.h +printf "%s\n" "#define _XOPEN_SOURCE 500" >>confdefs.h # OSX does not declare chroot() without _DARWIN_C_SOURCE -$as_echo "#define _DARWIN_C_SOURCE 1" >>confdefs.h +printf "%s\n" "#define _DARWIN_C_SOURCE 1" >>confdefs.h ;; *) -$as_echo "#define _GNU_SOURCE 1" >>confdefs.h +printf "%s\n" "#define _GNU_SOURCE 1" >>confdefs.h ;; esac + + + + + + + + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -3248,11 +3581,12 @@ if test -n "$ac_tool_prefix"; then do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3260,11 +3594,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3275,11 +3613,11 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3292,11 +3630,12 @@ if test -z "$CC"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else @@ -3304,11 +3643,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3319,11 +3662,11 @@ fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3335,8 +3678,8 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -3344,23 +3687,23 @@ esac fi -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 -for ac_option in --version -v -V -qversion; do +for ac_option in --version -v -V -qversion -version; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -3370,7 +3713,7 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done @@ -3378,7 +3721,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3390,9 +3733,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +printf %s "checking whether the C compiler works... " >&6; } +ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" @@ -3413,11 +3756,12 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, @@ -3434,7 +3778,7 @@ do # certainly right. break;; *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi @@ -3450,44 +3794,46 @@ do done test "$ac_cv_exeext" = no && ac_cv_exeext= -else +else $as_nop ac_file='' fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 +if test -z "$ac_file" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +printf %s "checking for C compiler default output file name... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +printf "%s\n" "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +printf %s "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with @@ -3501,15 +3847,15 @@ for ac_file in conftest.exe conftest conftest.*; do * ) break;; esac done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +printf "%s\n" "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext @@ -3518,7 +3864,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; @@ -3530,8 +3876,8 @@ _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +printf %s "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in @@ -3539,10 +3885,10 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in @@ -3550,39 +3896,40 @@ $as_echo "$ac_try_echo"; } >&5 *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +printf "%s\n" "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +printf %s "checking for suffix of object files... " >&6; } +if test ${ac_cv_objext+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3596,11 +3943,12 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in @@ -3609,31 +3957,32 @@ $as_echo "$ac_try_echo"; } >&5 break;; esac done -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 +printf %s "checking whether the compiler supports GNU C... " >&6; } +if test ${ac_cv_c_compiler_gnu+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { #ifndef __GNUC__ choke me @@ -3643,29 +3992,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_compiler_gnu=yes -else +else $as_nop ac_compiler_gnu=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } +ac_compiler_gnu=$ac_cv_c_compiler_gnu + if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi -ac_test_CFLAGS=${CFLAGS+set} +ac_test_CFLAGS=${CFLAGS+y} ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +printf %s "checking whether $CC accepts -g... " >&6; } +if test ${ac_cv_prog_cc_g+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no @@ -3674,57 +4027,60 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes -else +else $as_nop CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +printf "%s\n" "$ac_cv_prog_cc_g" >&6; } +if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then @@ -3739,94 +4095,144 @@ else CFLAGS= fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_prog_cc_stdc=no +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 +printf %s "checking for $CC option to enable C11 features... " >&6; } +if test ${ac_cv_prog_cc_c11+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c11=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c11_program +_ACEOF +for ac_arg in '' -std=gnu11 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c11=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c11" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi + +if test "x$ac_cv_prog_cc_c11" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c11" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } + CC="$CC $ac_cv_prog_cc_c11" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 + ac_prog_cc_stdc=c11 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 +printf %s "checking for $CC option to enable C99 features... " >&6; } +if test ${ac_cv_prog_cc_c99+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c99_program +_ACEOF +for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi + +if test "x$ac_cv_prog_cc_c99" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c99" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } + CC="$CC $ac_cv_prog_cc_c99" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 + ac_prog_cc_stdc=c99 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 +printf %s "checking for $CC option to enable C89 features... " >&6; } +if test ${ac_cv_prog_cc_c89+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include -#include -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; - -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; - -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} +$ac_c_conftest_c89_program _ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_c89=$ac_arg fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC - fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : +if test "x$ac_cv_prog_cc_c89" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c89" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } + CC="$CC $ac_cv_prog_cc_c89" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 + ac_prog_cc_stdc=c89 +fi fi ac_ext=c @@ -3835,21 +4241,23 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -ac_ext=c + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 -$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } -if ${am_cv_prog_cc_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +printf %s "checking whether $CC understands -c and -o together... " >&6; } +if test ${am_cv_prog_cc_c_o+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3877,8 +4285,8 @@ _ACEOF rm -f core conftest* unset am_i fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 -$as_echo "$am_cv_prog_cc_c_o" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +printf "%s\n" "$am_cv_prog_cc_c_o" >&6; } if test "$am_cv_prog_cc_c_o" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. @@ -3897,8 +4305,8 @@ DEPDIR="${am__leading_dot}deps" ac_config_commands="$ac_config_commands depfiles" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 -$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +printf %s "checking whether ${MAKE-make} supports the include directive... " >&6; } cat > confinc.mk << 'END' am__doit: @echo this is the am__doit target >confinc.out @@ -3934,11 +4342,12 @@ esac fi done rm -f confinc.* confmf.* -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 -$as_echo "${_am_result}" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +printf "%s\n" "${_am_result}" >&6; } # Check whether --enable-dependency-tracking was given. -if test "${enable_dependency_tracking+set}" = set; then : +if test ${enable_dependency_tracking+y} +then : enableval=$enable_dependency_tracking; fi @@ -3959,11 +4368,12 @@ fi depcc="$CC" am_compiler_list= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 -$as_echo_n "checking dependency style of $depcc... " >&6; } -if ${am_cv_CC_dependencies_compiler_type+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +printf %s "checking dependency style of $depcc... " >&6; } +if test ${am_cv_CC_dependencies_compiler_type+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For @@ -4070,8 +4480,8 @@ else fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 -$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +printf "%s\n" "$am_cv_CC_dependencies_compiler_type" >&6; } CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type if @@ -4087,13 +4497,14 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 -$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} -ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval test \${ac_cv_prog_make_${ac_make}_set+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @@ -4109,18 +4520,19 @@ esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } SET_MAKE= else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi # silent build by default # Check whether --enable-silent-rules was given. -if test "${enable_silent_rules+set}" = set; then : +if test ${enable_silent_rules+y} +then : enableval=$enable_silent_rules; fi @@ -4130,12 +4542,13 @@ case $enable_silent_rules in # ((( *) AM_DEFAULT_VERBOSITY=0;; esac am_make=${MAKE-make} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 -$as_echo_n "checking whether $am_make supports nested variables... " >&6; } -if ${am_cv_make_support_nested_variables+:} false; then : - $as_echo_n "(cached) " >&6 -else - if $as_echo 'TRUE=$(BAR$(V)) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +printf %s "checking whether $am_make supports nested variables... " >&6; } +if test ${am_cv_make_support_nested_variables+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if printf "%s\n" 'TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 @@ -4147,8 +4560,8 @@ else am_cv_make_support_nested_variables=no fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 -$as_echo "$am_cv_make_support_nested_variables" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +printf "%s\n" "$am_cv_make_support_nested_variables" >&6; } if test $am_cv_make_support_nested_variables = yes; then AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' @@ -4159,174 +4572,37 @@ fi AM_BACKSLASH='\' -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** bash completion" >&5 -$as_echo "$as_me: **************************************** bash completion" >&6;} - - - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** bash completion" >&5 +printf "%s\n" "$as_me: **************************************** bash completion" >&6;} +# define a dummy PKG_CHECK_VAR if pkg-config is not installed - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi -else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" -fi -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - PKG_CONFIG="" - fi -fi # Check whether --with-bashcompdir was given. -if test "${with_bashcompdir+set}" = set; then : +if test ${with_bashcompdir+y} +then : withval=$with_bashcompdir; -else - -if test -n "$with_bashcompdir"; then - pkg_cv_with_bashcompdir="$with_bashcompdir" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"bash-completion\""; } >&5 - ($PKG_CONFIG --exists --print-errors "bash-completion") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_with_bashcompdir=`$PKG_CONFIG --variable="completionsdir" "bash-completion" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried +else $as_nop + false fi -with_bashcompdir=$pkg_cv_with_bashcompdir -if test "x$with_bashcompdir" = x""; then : - with_bashcompdir="${datarootdir}/bash-completion/completions" -fi -fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for bashcompdir" >&5 +printf %s "checking for bashcompdir... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${with_bashcompdir}" >&5 +printf "%s\n" "${with_bashcompdir}" >&6; } +bashcompdir=${with_bashcompdir} -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for bashcompdir" >&5 -$as_echo_n "checking for bashcompdir... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_bashcompdir" >&5 -$as_echo "$with_bashcompdir" >&6; } -bashcompdir=$with_bashcompdir - -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** thread model" >&5 -$as_echo "$as_me: **************************************** thread model" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** thread model" >&5 +printf "%s\n" "$as_me: **************************************** thread model" >&6;} # thread detection should be done first, as it may change the CC variable -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +printf %s "checking for a sed that does not truncate output... " >&6; } +if test ${ac_cv_path_SED+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" @@ -4340,10 +4616,15 @@ else for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in sed gsed + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + ac_path_SED="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED @@ -4352,13 +4633,13 @@ case `"$ac_path_SED" --version 2>&1` in ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" + printf "%s\n" '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -4386,8 +4667,8 @@ else fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +printf "%s\n" "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed @@ -4397,40 +4678,36 @@ ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +printf %s "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + if test ${ac_cv_prog_CPP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + # Double quotes because $CC needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif +#include Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -4442,10 +4719,11 @@ rm -f conftest.err conftest.i conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -4455,7 +4733,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : break fi @@ -4467,29 +4746,24 @@ fi else ac_cv_prog_CPP=$CPP fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +printf "%s\n" "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif +#include Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -4501,10 +4775,11 @@ rm -f conftest.err conftest.i conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -4514,11 +4789,12 @@ rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi @@ -4530,11 +4806,12 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST @@ -4542,10 +4819,15 @@ else for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP @@ -4554,13 +4836,13 @@ case `"$ac_path_GREP" --version 2>&1` in ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -4588,16 +4870,17 @@ else fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else @@ -4608,10 +4891,15 @@ else for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP @@ -4620,13 +4908,13 @@ case `"$ac_path_EGREP" --version 2>&1` in ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -4655,26 +4943,27 @@ fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" # Check whether --with-threads was given. -if test "${with_threads+set}" = set; then : +if test ${with_threads+y} +then : withval=$with_threads; - case "$withval" in + case "${withval}" in ucontext) - { $as_echo "$as_me:${as_lineno-$LINENO}: UCONTEXT mode selected" >&5 -$as_echo "$as_me: UCONTEXT mode selected" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: UCONTEXT mode selected" >&5 +printf "%s\n" "$as_me: UCONTEXT mode selected" >&6;} -$as_echo "#define USE_UCONTEXT 1" >>confdefs.h +printf "%s\n" "#define USE_UCONTEXT 1" >>confdefs.h ;; pthread) - { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD mode selected" >&5 -$as_echo "$as_me: PTHREAD mode selected" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD mode selected" >&5 +printf "%s\n" "$as_me: PTHREAD mode selected" >&6;} @@ -4698,41 +4987,41 @@ if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then ax_pthread_save_CC="$CC" ax_pthread_save_CFLAGS="$CFLAGS" ax_pthread_save_LIBS="$LIBS" - if test "x$PTHREAD_CC" != "x"; then : + if test "x$PTHREAD_CC" != "x" +then : CC="$PTHREAD_CC" fi - if test "x$PTHREAD_CXX" != "x"; then : + if test "x$PTHREAD_CXX" != "x" +then : CXX="$PTHREAD_CXX" fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5 -$as_echo_n "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5 +printf %s "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char pthread_join (); int -main () +main (void) { return pthread_join (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 +printf "%s\n" "$ax_pthread_ok" >&6; } if test "x$ax_pthread_ok" = "xno"; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" @@ -4810,11 +5099,12 @@ case $host_os in _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 -$as_echo "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} + $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1 +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 +printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} fi -rm -f conftest* +rm -rf conftest* ;; @@ -4834,11 +5124,12 @@ esac # Are we compiling with Clang? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5 -$as_echo_n "checking whether $CC is Clang... " >&6; } -if ${ax_cv_PTHREAD_CLANG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5 +printf %s "checking whether $CC is Clang... " >&6; } +if test ${ax_cv_PTHREAD_CLANG+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_CLANG=no # Note that Autoconf sets GCC=yes for Clang as well as GCC if test "x$GCC" = "xyes"; then @@ -4851,16 +5142,17 @@ else _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1; then : + $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1 +then : ax_cv_PTHREAD_CLANG=yes fi -rm -f conftest* +rm -rf conftest* fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 +printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; } ax_pthread_clang="$ax_cv_PTHREAD_CLANG" @@ -4874,13 +5166,15 @@ ax_pthread_clang="$ax_cv_PTHREAD_CLANG" # [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 # To solve this, first try -pthread together with -lpthread for GCC -if test "x$GCC" = "xyes"; then : +if test "x$GCC" = "xyes" +then : ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags" fi # Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first -if test "x$ax_pthread_clang" = "xyes"; then : +if test "x$ax_pthread_clang" = "xyes" +then : ax_pthread_flags="-pthread,-lpthread -pthread" fi @@ -4902,9 +5196,10 @@ case $host_os in ax_pthread_check_macro="--" ;; esac -if test "x$ax_pthread_check_macro" = "x--"; then : +if test "x$ax_pthread_check_macro" = "x--" +then : ax_pthread_check_cond=0 -else +else $as_nop ax_pthread_check_cond="!defined($ax_pthread_check_macro)" fi @@ -4914,31 +5209,32 @@ for ax_pthread_try_flag in $ax_pthread_flags; do case $ax_pthread_try_flag in none) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 -$as_echo_n "checking whether pthreads work without any flags... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 +printf %s "checking whether pthreads work without any flags... " >&6; } ;; *,*) PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"" >&5 -$as_echo_n "checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"" >&5 +printf %s "checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"... " >&6; } ;; -*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5 -$as_echo_n "checking whether pthreads work with $ax_pthread_try_flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5 +printf %s "checking whether pthreads work with $ax_pthread_try_flag... " >&6; } PTHREAD_CFLAGS="$ax_pthread_try_flag" ;; pthread-config) # Extract the first word of "pthread-config", so it can be a program name with args. set dummy pthread-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ax_pthread_config+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ax_pthread_config+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ax_pthread_config"; then ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. else @@ -4946,11 +5242,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ax_pthread_config="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -4962,15 +5262,16 @@ fi fi ax_pthread_config=$ac_cv_prog_ax_pthread_config if test -n "$ax_pthread_config"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 -$as_echo "$ax_pthread_config" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 +printf "%s\n" "$ax_pthread_config" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi - if test "x$ax_pthread_config" = "xno"; then : + if test "x$ax_pthread_config" = "xno" +then : continue fi PTHREAD_CFLAGS="`pthread-config --cflags`" @@ -4978,8 +5279,8 @@ fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5 -$as_echo_n "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5 +printf %s "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } PTHREAD_LIBS="-l$ax_pthread_try_flag" ;; esac @@ -5014,7 +5315,7 @@ $as_echo_n "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } } static void *start_routine(void *a) { return a; } int -main () +main (void) { pthread_t th; pthread_attr_t attr; pthread_create(&th, 0, start_routine, 0); @@ -5026,18 +5327,20 @@ pthread_t th; pthread_attr_t attr; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ax_pthread_save_CFLAGS" LIBS="$ax_pthread_save_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test "x$ax_pthread_ok" = "xyes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 +printf "%s\n" "$ax_pthread_ok" >&6; } + if test "x$ax_pthread_ok" = "xyes" +then : break fi @@ -5083,11 +5386,12 @@ if test "x$ax_pthread_clang" = "xyes"; then # that build with -Werror. So if the active version of Clang has # this misfeature, we search for an option to squash it. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5 -$as_echo_n "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; } -if ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5 +printf %s "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; } +if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown # Create an alternate version of $ac_link that compiles and # links in two steps (.c -> .o, .o -> exe) instead of one @@ -5095,11 +5399,12 @@ else # step ax_pthread_save_ac_link="$ac_link" ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' - ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"` + ax_pthread_link_step=`printf "%s\n" "$ac_link" | sed "$ax_pthread_sed"` ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" ax_pthread_save_CFLAGS="$CFLAGS" for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do - if test "x$ax_pthread_try" = "xunknown"; then : + if test "x$ax_pthread_try" = "xunknown" +then : break fi CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" @@ -5108,32 +5413,35 @@ fi /* end confdefs.h. */ int main(void){return 0;} _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_link="$ax_pthread_2step_ac_link" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void){return 0;} _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : break fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done ac_link="$ax_pthread_save_ac_link" CFLAGS="$ax_pthread_save_CFLAGS" - if test "x$ax_pthread_try" = "x"; then : + if test "x$ax_pthread_try" = "x" +then : ax_pthread_try=no fi ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 +printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in no | unknown) ;; @@ -5152,51 +5460,53 @@ if test "x$ax_pthread_ok" = "xyes"; then LIBS="$PTHREAD_LIBS $LIBS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 -$as_echo_n "checking for joinable pthread attribute... " >&6; } -if ${ax_cv_PTHREAD_JOINABLE_ATTR+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 +printf %s "checking for joinable pthread attribute... " >&6; } +if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_JOINABLE_ATTR=unknown for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { int attr = $ax_pthread_attr; return attr /* ; */ ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 -$as_echo "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 +printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } if test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ - test "x$ax_pthread_joinable_attr_defined" != "xyes"; then : + test "x$ax_pthread_joinable_attr_defined" != "xyes" +then : -cat >>confdefs.h <<_ACEOF -#define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR -_ACEOF +printf "%s\n" "#define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR" >>confdefs.h ax_pthread_joinable_attr_defined=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5 -$as_echo_n "checking whether more special flags are required for pthreads... " >&6; } -if ${ax_cv_PTHREAD_SPECIAL_FLAGS+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5 +printf %s "checking whether more special flags are required for pthreads... " >&6; } +if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_SPECIAL_FLAGS=no case $host_os in solaris*) @@ -5205,24 +5515,26 @@ else esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 -$as_echo "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 +printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } if test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ - test "x$ax_pthread_special_flags_added" != "xyes"; then : + test "x$ax_pthread_special_flags_added" != "xyes" +then : PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" ax_pthread_special_flags_added=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 -$as_echo_n "checking for PTHREAD_PRIO_INHERIT... " >&6; } -if ${ax_cv_PTHREAD_PRIO_INHERIT+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 +printf %s "checking for PTHREAD_PRIO_INHERIT... " >&6; } +if test ${ax_cv_PTHREAD_PRIO_INHERIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { int i = PTHREAD_PRIO_INHERIT; return i; @@ -5230,21 +5542,23 @@ int i = PTHREAD_PRIO_INHERIT; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_PTHREAD_PRIO_INHERIT=yes -else +else $as_nop ax_cv_PTHREAD_PRIO_INHERIT=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 -$as_echo "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 +printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ - test "x$ax_pthread_prio_inherit_defined" != "xyes"; then : + test "x$ax_pthread_prio_inherit_defined" != "xyes" +then : -$as_echo "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h ax_pthread_prio_inherit_defined=yes @@ -5263,11 +5577,14 @@ fi case "x$CC" in #( x/*) : - if as_fn_executable_p ${CC}_r; then : + if as_fn_executable_p ${CC}_r +then : PTHREAD_CC="${CC}_r" fi - if test "x${CXX}" != "x"; then : - if as_fn_executable_p ${CXX}_r; then : + if test "x${CXX}" != "x" +then : + if as_fn_executable_p ${CXX}_r +then : PTHREAD_CXX="${CXX}_r" fi fi @@ -5278,11 +5595,12 @@ fi do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PTHREAD_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else @@ -5290,11 +5608,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -5305,11 +5627,11 @@ fi fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 -$as_echo "$PTHREAD_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 +printf "%s\n" "$PTHREAD_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -5317,16 +5639,18 @@ fi done test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - if test "x${CXX}" != "x"; then : + if test "x${CXX}" != "x" +then : for ac_prog in ${CXX}_r do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CXX+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PTHREAD_CXX+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$PTHREAD_CXX"; then ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test. else @@ -5334,11 +5658,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CXX="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -5349,11 +5677,11 @@ fi fi PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX if test -n "$PTHREAD_CXX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CXX" >&5 -$as_echo "$PTHREAD_CXX" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CXX" >&5 +printf "%s\n" "$PTHREAD_CXX" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -5385,7 +5713,7 @@ test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX" # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test "x$ax_pthread_ok" = "xyes"; then -$as_echo "#define HAVE_PTHREAD 1" >>confdefs.h +printf "%s\n" "#define HAVE_PTHREAD 1" >>confdefs.h : else @@ -5399,18 +5727,18 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" -$as_echo "#define USE_PTHREAD 1" >>confdefs.h +printf "%s\n" "#define USE_PTHREAD 1" >>confdefs.h ;; fork) - { $as_echo "$as_me:${as_lineno-$LINENO}: FORK mode selected" >&5 -$as_echo "$as_me: FORK mode selected" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: FORK mode selected" >&5 +printf "%s\n" "$as_me: FORK mode selected" >&6;} -$as_echo "#define USE_FORK 1" >>confdefs.h +printf "%s\n" "#define USE_FORK 1" >>confdefs.h ;; *) @@ -5418,7 +5746,7 @@ $as_echo "#define USE_FORK 1" >>confdefs.h ;; esac -else +else $as_nop # do not attempt to autodetect UCONTEXT threading @@ -5444,41 +5772,41 @@ if test "x$PTHREAD_CFLAGS$PTHREAD_LIBS" != "x"; then ax_pthread_save_CC="$CC" ax_pthread_save_CFLAGS="$CFLAGS" ax_pthread_save_LIBS="$LIBS" - if test "x$PTHREAD_CC" != "x"; then : + if test "x$PTHREAD_CC" != "x" +then : CC="$PTHREAD_CC" fi - if test "x$PTHREAD_CXX" != "x"; then : + if test "x$PTHREAD_CXX" != "x" +then : CXX="$PTHREAD_CXX" fi CFLAGS="$CFLAGS $PTHREAD_CFLAGS" LIBS="$PTHREAD_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5 -$as_echo_n "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS" >&5 +printf %s "checking for pthread_join using $CC $PTHREAD_CFLAGS $PTHREAD_LIBS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char pthread_join (); int -main () +main (void) { return pthread_join (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 +printf "%s\n" "$ax_pthread_ok" >&6; } if test "x$ax_pthread_ok" = "xno"; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" @@ -5556,11 +5884,12 @@ case $host_os in _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 -$as_echo "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} + $EGREP "AX_PTHREAD_ZOS_MISSING" >/dev/null 2>&1 +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&5 +printf "%s\n" "$as_me: WARNING: IBM z/OS requires -D_OPEN_THREADS or -D_UNIX03_THREADS to enable pthreads support." >&2;} fi -rm -f conftest* +rm -rf conftest* ;; @@ -5580,11 +5909,12 @@ esac # Are we compiling with Clang? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5 -$as_echo_n "checking whether $CC is Clang... " >&6; } -if ${ax_cv_PTHREAD_CLANG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC is Clang" >&5 +printf %s "checking whether $CC is Clang... " >&6; } +if test ${ax_cv_PTHREAD_CLANG+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_CLANG=no # Note that Autoconf sets GCC=yes for Clang as well as GCC if test "x$GCC" = "xyes"; then @@ -5597,16 +5927,17 @@ else _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1; then : + $EGREP "AX_PTHREAD_CC_IS_CLANG" >/dev/null 2>&1 +then : ax_cv_PTHREAD_CLANG=yes fi -rm -f conftest* +rm -rf conftest* fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG" >&5 +printf "%s\n" "$ax_cv_PTHREAD_CLANG" >&6; } ax_pthread_clang="$ax_cv_PTHREAD_CLANG" @@ -5620,13 +5951,15 @@ ax_pthread_clang="$ax_cv_PTHREAD_CLANG" # [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 # To solve this, first try -pthread together with -lpthread for GCC -if test "x$GCC" = "xyes"; then : +if test "x$GCC" = "xyes" +then : ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags" fi # Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first -if test "x$ax_pthread_clang" = "xyes"; then : +if test "x$ax_pthread_clang" = "xyes" +then : ax_pthread_flags="-pthread,-lpthread -pthread" fi @@ -5648,9 +5981,10 @@ case $host_os in ax_pthread_check_macro="--" ;; esac -if test "x$ax_pthread_check_macro" = "x--"; then : +if test "x$ax_pthread_check_macro" = "x--" +then : ax_pthread_check_cond=0 -else +else $as_nop ax_pthread_check_cond="!defined($ax_pthread_check_macro)" fi @@ -5660,31 +5994,32 @@ for ax_pthread_try_flag in $ax_pthread_flags; do case $ax_pthread_try_flag in none) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 -$as_echo_n "checking whether pthreads work without any flags... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 +printf %s "checking whether pthreads work without any flags... " >&6; } ;; *,*) PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"" >&5 -$as_echo_n "checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"" >&5 +printf %s "checking whether pthreads work with \"$PTHREAD_CFLAGS\" and \"$PTHREAD_LIBS\"... " >&6; } ;; -*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5 -$as_echo_n "checking whether pthreads work with $ax_pthread_try_flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $ax_pthread_try_flag" >&5 +printf %s "checking whether pthreads work with $ax_pthread_try_flag... " >&6; } PTHREAD_CFLAGS="$ax_pthread_try_flag" ;; pthread-config) # Extract the first word of "pthread-config", so it can be a program name with args. set dummy pthread-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ax_pthread_config+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ax_pthread_config+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ax_pthread_config"; then ac_cv_prog_ax_pthread_config="$ax_pthread_config" # Let the user override the test. else @@ -5692,11 +6027,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ax_pthread_config="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -5708,15 +6047,16 @@ fi fi ax_pthread_config=$ac_cv_prog_ax_pthread_config if test -n "$ax_pthread_config"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 -$as_echo "$ax_pthread_config" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_config" >&5 +printf "%s\n" "$ax_pthread_config" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi - if test "x$ax_pthread_config" = "xno"; then : + if test "x$ax_pthread_config" = "xno" +then : continue fi PTHREAD_CFLAGS="`pthread-config --cflags`" @@ -5724,8 +6064,8 @@ fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5 -$as_echo_n "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$ax_pthread_try_flag" >&5 +printf %s "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } PTHREAD_LIBS="-l$ax_pthread_try_flag" ;; esac @@ -5760,7 +6100,7 @@ $as_echo_n "checking for the pthreads library -l$ax_pthread_try_flag... " >&6; } } static void *start_routine(void *a) { return a; } int -main () +main (void) { pthread_t th; pthread_attr_t attr; pthread_create(&th, 0, start_routine, 0); @@ -5772,18 +6112,20 @@ pthread_t th; pthread_attr_t attr; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ax_pthread_save_CFLAGS" LIBS="$ax_pthread_save_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 -$as_echo "$ax_pthread_ok" >&6; } - if test "x$ax_pthread_ok" = "xyes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_pthread_ok" >&5 +printf "%s\n" "$ax_pthread_ok" >&6; } + if test "x$ax_pthread_ok" = "xyes" +then : break fi @@ -5829,11 +6171,12 @@ if test "x$ax_pthread_clang" = "xyes"; then # that build with -Werror. So if the active version of Clang has # this misfeature, we search for an option to squash it. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5 -$as_echo_n "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; } -if ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread" >&5 +printf %s "checking whether Clang needs flag to prevent \"argument unused\" warning when linking with -pthread... " >&6; } +if test ${ax_cv_PTHREAD_CLANG_NO_WARN_FLAG+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_CLANG_NO_WARN_FLAG=unknown # Create an alternate version of $ac_link that compiles and # links in two steps (.c -> .o, .o -> exe) instead of one @@ -5841,11 +6184,12 @@ else # step ax_pthread_save_ac_link="$ac_link" ax_pthread_sed='s/conftest\.\$ac_ext/conftest.$ac_objext/g' - ax_pthread_link_step=`$as_echo "$ac_link" | sed "$ax_pthread_sed"` + ax_pthread_link_step=`printf "%s\n" "$ac_link" | sed "$ax_pthread_sed"` ax_pthread_2step_ac_link="($ac_compile) && (echo ==== >&5) && ($ax_pthread_link_step)" ax_pthread_save_CFLAGS="$CFLAGS" for ax_pthread_try in '' -Qunused-arguments -Wno-unused-command-line-argument unknown; do - if test "x$ax_pthread_try" = "xunknown"; then : + if test "x$ax_pthread_try" = "xunknown" +then : break fi CFLAGS="-Werror -Wunknown-warning-option $ax_pthread_try -pthread $ax_pthread_save_CFLAGS" @@ -5854,32 +6198,35 @@ fi /* end confdefs.h. */ int main(void){return 0;} _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_link="$ax_pthread_2step_ac_link" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main(void){return 0;} _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : break fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done ac_link="$ax_pthread_save_ac_link" CFLAGS="$ax_pthread_save_CFLAGS" - if test "x$ax_pthread_try" = "x"; then : + if test "x$ax_pthread_try" = "x" +then : ax_pthread_try=no fi ax_cv_PTHREAD_CLANG_NO_WARN_FLAG="$ax_pthread_try" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 -$as_echo "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&5 +printf "%s\n" "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" >&6; } case "$ax_cv_PTHREAD_CLANG_NO_WARN_FLAG" in no | unknown) ;; @@ -5898,51 +6245,53 @@ if test "x$ax_pthread_ok" = "xyes"; then LIBS="$PTHREAD_LIBS $LIBS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 -$as_echo_n "checking for joinable pthread attribute... " >&6; } -if ${ax_cv_PTHREAD_JOINABLE_ATTR+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 +printf %s "checking for joinable pthread attribute... " >&6; } +if test ${ax_cv_PTHREAD_JOINABLE_ATTR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_JOINABLE_ATTR=unknown for ax_pthread_attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { int attr = $ax_pthread_attr; return attr /* ; */ ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_PTHREAD_JOINABLE_ATTR=$ax_pthread_attr; break fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 -$as_echo "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_JOINABLE_ATTR" >&5 +printf "%s\n" "$ax_cv_PTHREAD_JOINABLE_ATTR" >&6; } if test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xunknown" && \ test "x$ax_cv_PTHREAD_JOINABLE_ATTR" != "xPTHREAD_CREATE_JOINABLE" && \ - test "x$ax_pthread_joinable_attr_defined" != "xyes"; then : + test "x$ax_pthread_joinable_attr_defined" != "xyes" +then : -cat >>confdefs.h <<_ACEOF -#define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR -_ACEOF +printf "%s\n" "#define PTHREAD_CREATE_JOINABLE $ax_cv_PTHREAD_JOINABLE_ATTR" >>confdefs.h ax_pthread_joinable_attr_defined=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5 -$as_echo_n "checking whether more special flags are required for pthreads... " >&6; } -if ${ax_cv_PTHREAD_SPECIAL_FLAGS+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether more special flags are required for pthreads" >&5 +printf %s "checking whether more special flags are required for pthreads... " >&6; } +if test ${ax_cv_PTHREAD_SPECIAL_FLAGS+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_cv_PTHREAD_SPECIAL_FLAGS=no case $host_os in solaris*) @@ -5951,24 +6300,26 @@ else esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 -$as_echo "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_SPECIAL_FLAGS" >&5 +printf "%s\n" "$ax_cv_PTHREAD_SPECIAL_FLAGS" >&6; } if test "x$ax_cv_PTHREAD_SPECIAL_FLAGS" != "xno" && \ - test "x$ax_pthread_special_flags_added" != "xyes"; then : + test "x$ax_pthread_special_flags_added" != "xyes" +then : PTHREAD_CFLAGS="$ax_cv_PTHREAD_SPECIAL_FLAGS $PTHREAD_CFLAGS" ax_pthread_special_flags_added=yes fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 -$as_echo_n "checking for PTHREAD_PRIO_INHERIT... " >&6; } -if ${ax_cv_PTHREAD_PRIO_INHERIT+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PTHREAD_PRIO_INHERIT" >&5 +printf %s "checking for PTHREAD_PRIO_INHERIT... " >&6; } +if test ${ax_cv_PTHREAD_PRIO_INHERIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int -main () +main (void) { int i = PTHREAD_PRIO_INHERIT; return i; @@ -5976,21 +6327,23 @@ int i = PTHREAD_PRIO_INHERIT; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ax_cv_PTHREAD_PRIO_INHERIT=yes -else +else $as_nop ax_cv_PTHREAD_PRIO_INHERIT=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 -$as_echo "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_PTHREAD_PRIO_INHERIT" >&5 +printf "%s\n" "$ax_cv_PTHREAD_PRIO_INHERIT" >&6; } if test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes" && \ - test "x$ax_pthread_prio_inherit_defined" != "xyes"; then : + test "x$ax_pthread_prio_inherit_defined" != "xyes" +then : -$as_echo "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h +printf "%s\n" "#define HAVE_PTHREAD_PRIO_INHERIT 1" >>confdefs.h ax_pthread_prio_inherit_defined=yes @@ -6009,11 +6362,14 @@ fi case "x$CC" in #( x/*) : - if as_fn_executable_p ${CC}_r; then : + if as_fn_executable_p ${CC}_r +then : PTHREAD_CC="${CC}_r" fi - if test "x${CXX}" != "x"; then : - if as_fn_executable_p ${CXX}_r; then : + if test "x${CXX}" != "x" +then : + if as_fn_executable_p ${CXX}_r +then : PTHREAD_CXX="${CXX}_r" fi fi @@ -6024,11 +6380,12 @@ fi do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PTHREAD_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else @@ -6036,11 +6393,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -6051,11 +6412,11 @@ fi fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 -$as_echo "$PTHREAD_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 +printf "%s\n" "$PTHREAD_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -6063,16 +6424,18 @@ fi done test -n "$PTHREAD_CC" || PTHREAD_CC="$CC" - if test "x${CXX}" != "x"; then : + if test "x${CXX}" != "x" +then : for ac_prog in ${CXX}_r do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CXX+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PTHREAD_CXX+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$PTHREAD_CXX"; then ac_cv_prog_PTHREAD_CXX="$PTHREAD_CXX" # Let the user override the test. else @@ -6080,11 +6443,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CXX="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -6095,11 +6462,11 @@ fi fi PTHREAD_CXX=$ac_cv_prog_PTHREAD_CXX if test -n "$PTHREAD_CXX"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CXX" >&5 -$as_echo "$PTHREAD_CXX" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CXX" >&5 +printf "%s\n" "$PTHREAD_CXX" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -6131,23 +6498,23 @@ test -n "$PTHREAD_CXX" || PTHREAD_CXX="$CXX" # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test "x$ax_pthread_ok" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: PTHREAD thread model detected" >&5 -$as_echo "$as_me: PTHREAD thread model detected" >&6;} - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: PTHREAD thread model detected" >&5 +printf "%s\n" "$as_me: PTHREAD thread model detected" >&6;} + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" -$as_echo "#define USE_PTHREAD 1" >>confdefs.h +printf "%s\n" "#define USE_PTHREAD 1" >>confdefs.h : else ax_pthread_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: FORK thread model detected" >&5 -$as_echo "$as_me: FORK thread model detected" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: FORK thread model detected" >&5 +printf "%s\n" "$as_me: FORK thread model detected" >&6;} -$as_echo "#define USE_FORK 1" >>confdefs.h +printf "%s\n" "#define USE_FORK 1" >>confdefs.h fi @@ -6162,20 +6529,21 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** compiler/linker flags" >&5 -$as_echo "$as_me: **************************************** compiler/linker flags" >&6;} -if test "$GCC" = yes; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** compiler/linker flags" >&5 +printf "%s\n" "$as_me: **************************************** compiler/linker flags" >&6;} +if test "${GCC}" = yes; then for flag in -Wall; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6183,58 +6551,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6245,12 +6616,13 @@ done for flag in -Wextra; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6258,58 +6630,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6320,12 +6695,13 @@ done for flag in -Wpedantic; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6333,58 +6709,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6395,87 +6774,13 @@ done for flag in -Wformat=2; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else - - ax_check_save_flags=$CFLAGS - CFLAGS="$CFLAGS $flag" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - eval "$as_CACHEVAR=yes" -else - eval "$as_CACHEVAR=no" -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - CFLAGS=$ax_check_save_flags -fi -eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : - -if ${CFLAGS+:} false; then : - - case " $CFLAGS " in #( - *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 - (: CFLAGS already contains $flag) 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } ;; #( - *) : - - as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 - (: CFLAGS="$CFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - ;; -esac - -else - - CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 - (: CFLAGS="$CFLAGS") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } - -fi - -else - : -fi - -done - - - - - -for flag in -Wconversion; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6483,58 +6788,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6544,13 +6852,14 @@ done -for flag in -Wno-long-long; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else +for flag in -Wconversion; do + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6558,58 +6867,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6620,12 +6932,13 @@ done for flag in -Wno-deprecated-declarations; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6633,58 +6946,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6695,12 +7011,13 @@ done for flag in -fPIE; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6708,58 +7025,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6774,12 +7094,13 @@ done for flag in -fstack-protector; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -6787,58 +7108,61 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6851,12 +7175,13 @@ done for flag in -fPIE -pie; do - as_CACHEVAR=`$as_echo "ax_cv_check_ldflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 -$as_echo_n "checking whether the linker accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_ldflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 +printf %s "checking whether the linker accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $flag" @@ -6864,59 +7189,62 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 (: LDFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -6927,12 +7255,13 @@ done for flag in -Wl,-z,relro; do - as_CACHEVAR=`$as_echo "ax_cv_check_ldflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 -$as_echo_n "checking whether the linker accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_ldflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 +printf %s "checking whether the linker accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $flag" @@ -6940,59 +7269,62 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 (: LDFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -7003,12 +7335,13 @@ done for flag in -Wl,-z,now; do - as_CACHEVAR=`$as_echo "ax_cv_check_ldflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 -$as_echo_n "checking whether the linker accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_ldflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 +printf %s "checking whether the linker accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $flag" @@ -7016,59 +7349,62 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 (: LDFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -7079,12 +7415,13 @@ done for flag in -Wl,-z,noexecstack; do - as_CACHEVAR=`$as_echo "ax_cv_check_ldflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 -$as_echo_n "checking whether the linker accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_ldflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts $flag" >&5 +printf %s "checking whether the linker accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$LDFLAGS LDFLAGS="$LDFLAGS $flag" @@ -7092,59 +7429,62 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${LDFLAGS+:} false; then : +if test ${LDFLAGS+y} +then : case " $LDFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS already contains \$flag"; } >&5 (: LDFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append LDFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop LDFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : LDFLAGS=\"\$LDFLAGS\""; } >&5 (: LDFLAGS="$LDFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi @@ -7156,12 +7496,13 @@ fi for flag in -D_FORTIFY_SOURCE=2; do - as_CACHEVAR=`$as_echo "ax_cv_check_cflags__$flag" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 -$as_echo_n "checking whether C compiler accepts $flag... " >&6; } -if eval \${$as_CACHEVAR+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_CACHEVAR=`printf "%s\n" "ax_cv_check_cflags__$flag" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts $flag" >&5 +printf %s "checking whether C compiler accepts $flag... " >&6; } +if eval test \${$as_CACHEVAR+y} +then : + printf %s "(cached) " >&6 +else $as_nop ax_check_save_flags=$CFLAGS CFLAGS="$CFLAGS $flag" @@ -7169,70 +7510,73 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_CACHEVAR=yes" -else +else $as_nop eval "$as_CACHEVAR=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS=$ax_check_save_flags fi eval ac_res=\$$as_CACHEVAR - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_CACHEVAR"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_CACHEVAR"\" = x"yes" +then : -if ${CFLAGS+:} false; then : +if test ${CFLAGS+y} +then : case " $CFLAGS " in #( *" $flag "*) : - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS already contains \$flag"; } >&5 (: CFLAGS already contains $flag) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; #( *) : as_fn_append CFLAGS " $flag" - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } ;; esac -else +else $as_nop CFLAGS=$flag - { { $as_echo "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: : CFLAGS=\"\$CFLAGS\""; } >&5 (: CFLAGS="$CFLAGS") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } fi -else +else $as_nop : fi done -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** libtool" >&5 -$as_echo "$as_me: **************************************** libtool" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** libtool" >&5 +printf "%s\n" "$as_me: **************************************** libtool" >&6;} case `pwd` in *\ * | *\ *) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 -$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +printf "%s\n" "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; esac @@ -7252,6 +7596,7 @@ macro_revision='2.4.6' + ltmain=$ac_aux_dir/ltmain.sh # Backslashify metacharacters that are still active within @@ -7275,8 +7620,8 @@ ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 -$as_echo_n "checking how to print strings... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +printf %s "checking how to print strings... " >&6; } # Test print first, because it will be a builtin if present. if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then @@ -7302,12 +7647,12 @@ func_echo_all () } case $ECHO in - printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 -$as_echo "printf" >&6; } ;; - print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 -$as_echo "print -r" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 -$as_echo "cat" >&6; } ;; + printf*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +printf "%s\n" "printf" >&6; } ;; + print*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +printf "%s\n" "print -r" >&6; } ;; + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +printf "%s\n" "cat" >&6; } ;; esac @@ -7323,11 +7668,12 @@ esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 -$as_echo_n "checking for a sed that does not truncate output... " >&6; } -if ${ac_cv_path_SED+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +printf %s "checking for a sed that does not truncate output... " >&6; } +if test ${ac_cv_path_SED+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ for ac_i in 1 2 3 4 5 6 7; do ac_script="$ac_script$as_nl$ac_script" @@ -7341,10 +7687,15 @@ else for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in sed gsed; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in sed gsed + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + ac_path_SED="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_SED" || continue # Check for GNU ac_path_SED and select it if it is found. # Check for GNU $ac_path_SED @@ -7353,13 +7704,13 @@ case `"$ac_path_SED" --version 2>&1` in ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo '' >> "conftest.nl" + printf "%s\n" '' >> "conftest.nl" "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -7387,8 +7738,8 @@ else fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 -$as_echo "$ac_cv_path_SED" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +printf "%s\n" "$ac_cv_path_SED" >&6; } SED="$ac_cv_path_SED" rm -f conftest.sed @@ -7405,11 +7756,12 @@ Xsed="$SED -e 1s/^X//" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 -$as_echo_n "checking for fgrep... " >&6; } -if ${ac_cv_path_FGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +printf %s "checking for fgrep... " >&6; } +if test ${ac_cv_path_FGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 then ac_cv_path_FGREP="$GREP -F" else @@ -7420,10 +7772,15 @@ else for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in fgrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in fgrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_FGREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_FGREP" || continue # Check for GNU ac_path_FGREP and select it if it is found. # Check for GNU $ac_path_FGREP @@ -7432,13 +7789,13 @@ case `"$ac_path_FGREP" --version 2>&1` in ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'FGREP' >> "conftest.nl" + printf "%s\n" 'FGREP' >> "conftest.nl" "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -7467,8 +7824,8 @@ fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 -$as_echo "$ac_cv_path_FGREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +printf "%s\n" "$ac_cv_path_FGREP" >&6; } FGREP="$ac_cv_path_FGREP" @@ -7493,17 +7850,18 @@ test -z "$GREP" && GREP=grep # Check whether --with-gnu-ld was given. -if test "${with_gnu_ld+set}" = set; then : +if test ${with_gnu_ld+y} +then : withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes -else +else $as_nop with_gnu_ld=no fi ac_prog=ld if test yes = "$GCC"; then # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 -$as_echo_n "checking for ld used by $CC... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +printf %s "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return, which upsets mingw @@ -7532,15 +7890,16 @@ $as_echo_n "checking for ld used by $CC... " >&6; } ;; esac elif test yes = "$with_gnu_ld"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 -$as_echo_n "checking for GNU ld... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +printf %s "checking for GNU ld... " >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 -$as_echo_n "checking for non-GNU ld... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +printf %s "checking for non-GNU ld... " >&6; } fi -if ${lt_cv_path_LD+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test ${lt_cv_path_LD+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$LD"; then lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do @@ -7569,18 +7928,19 @@ fi LD=$lt_cv_path_LD if test -n "$LD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 -$as_echo "$LD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +printf "%s\n" "$LD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 -$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if ${lt_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +printf %s "checking if the linker ($LD) is GNU ld... " >&6; } +if test ${lt_cv_prog_gnu_ld+y} +then : + printf %s "(cached) " >&6 +else $as_nop # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 &1 &5 -$as_echo "$lt_cv_prog_gnu_ld" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 +printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld @@ -7603,11 +7963,12 @@ with_gnu_ld=$lt_cv_prog_gnu_ld -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 -$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } -if ${lt_cv_path_NM+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +printf %s "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if test ${lt_cv_path_NM+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$NM"; then # Let the user override the test. lt_cv_path_NM=$NM @@ -7657,8 +8018,8 @@ else : ${lt_cv_path_NM=no} fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 -$as_echo "$lt_cv_path_NM" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +printf "%s\n" "$lt_cv_path_NM" >&6; } if test no != "$lt_cv_path_NM"; then NM=$lt_cv_path_NM else @@ -7671,11 +8032,12 @@ else do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DUMPBIN+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DUMPBIN"; then ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. else @@ -7683,11 +8045,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7698,11 +8064,11 @@ fi fi DUMPBIN=$ac_cv_prog_DUMPBIN if test -n "$DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 -$as_echo "$DUMPBIN" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +printf "%s\n" "$DUMPBIN" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -7715,11 +8081,12 @@ if test -z "$DUMPBIN"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DUMPBIN+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DUMPBIN"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. else @@ -7727,11 +8094,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -7742,11 +8113,11 @@ fi fi ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN if test -n "$ac_ct_DUMPBIN"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 -$as_echo "$ac_ct_DUMPBIN" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +printf "%s\n" "$ac_ct_DUMPBIN" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -7758,8 +8129,8 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DUMPBIN=$ac_ct_DUMPBIN @@ -7787,11 +8158,12 @@ test -z "$NM" && NM=nm -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 -$as_echo_n "checking the name lister ($NM) interface... " >&6; } -if ${lt_cv_nm_interface+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +printf %s "checking the name lister ($NM) interface... " >&6; } +if test ${lt_cv_nm_interface+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) @@ -7807,26 +8179,27 @@ else fi rm -f conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 -$as_echo "$lt_cv_nm_interface" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +printf "%s\n" "$lt_cv_nm_interface" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 -$as_echo_n "checking whether ln -s works... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +printf %s "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 -$as_echo "no, using $LN_S" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +printf "%s\n" "no, using $LN_S" >&6; } fi # find the maximum length of command line arguments -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 -$as_echo_n "checking the maximum length of command line arguments... " >&6; } -if ${lt_cv_sys_max_cmd_len+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +printf %s "checking the maximum length of command line arguments... " >&6; } +if test ${lt_cv_sys_max_cmd_len+y} +then : + printf %s "(cached) " >&6 +else $as_nop i=0 teststring=ABCD @@ -7953,11 +8326,11 @@ else fi if test -n "$lt_cv_sys_max_cmd_len"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 -$as_echo "$lt_cv_sys_max_cmd_len" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +printf "%s\n" "$lt_cv_sys_max_cmd_len" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } fi max_cmd_len=$lt_cv_sys_max_cmd_len @@ -8001,11 +8374,12 @@ esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 -$as_echo_n "checking how to convert $build file names to $host format... " >&6; } -if ${lt_cv_to_host_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +printf %s "checking how to convert $build file names to $host format... " >&6; } +if test ${lt_cv_to_host_file_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $host in *-*-mingw* ) case $build in @@ -8041,18 +8415,19 @@ esac fi to_host_file_cmd=$lt_cv_to_host_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 -$as_echo "$lt_cv_to_host_file_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +printf "%s\n" "$lt_cv_to_host_file_cmd" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 -$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } -if ${lt_cv_to_tool_file_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +printf %s "checking how to convert $build file names to toolchain format... " >&6; } +if test ${lt_cv_to_tool_file_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop #assume ordinary cross tools, or native build. lt_cv_to_tool_file_cmd=func_convert_file_noop case $host in @@ -8068,22 +8443,23 @@ esac fi to_tool_file_cmd=$lt_cv_to_tool_file_cmd -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 -$as_echo "$lt_cv_to_tool_file_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +printf "%s\n" "$lt_cv_to_tool_file_cmd" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 -$as_echo_n "checking for $LD option to reload object files... " >&6; } -if ${lt_cv_ld_reload_flag+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +printf %s "checking for $LD option to reload object files... " >&6; } +if test ${lt_cv_ld_reload_flag+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_reload_flag='-r' fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 -$as_echo "$lt_cv_ld_reload_flag" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +printf "%s\n" "$lt_cv_ld_reload_flag" >&6; } reload_flag=$lt_cv_ld_reload_flag case $reload_flag in "" | " "*) ;; @@ -8116,11 +8492,12 @@ esac if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. set dummy ${ac_tool_prefix}objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OBJDUMP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OBJDUMP"; then ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. else @@ -8128,11 +8505,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8143,11 +8524,11 @@ fi fi OBJDUMP=$ac_cv_prog_OBJDUMP if test -n "$OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 -$as_echo "$OBJDUMP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +printf "%s\n" "$OBJDUMP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8156,11 +8537,12 @@ if test -z "$ac_cv_prog_OBJDUMP"; then ac_ct_OBJDUMP=$OBJDUMP # Extract the first word of "objdump", so it can be a program name with args. set dummy objdump; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OBJDUMP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OBJDUMP"; then ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. else @@ -8168,11 +8550,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OBJDUMP="objdump" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8183,11 +8569,11 @@ fi fi ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP if test -n "$ac_ct_OBJDUMP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 -$as_echo "$ac_ct_OBJDUMP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +printf "%s\n" "$ac_ct_OBJDUMP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OBJDUMP" = x; then @@ -8195,8 +8581,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OBJDUMP=$ac_ct_OBJDUMP @@ -8215,11 +8601,12 @@ test -z "$OBJDUMP" && OBJDUMP=objdump -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 -$as_echo_n "checking how to recognize dependent libraries... " >&6; } -if ${lt_cv_deplibs_check_method+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +printf %s "checking how to recognize dependent libraries... " >&6; } +if test ${lt_cv_deplibs_check_method+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_file_magic_cmd='$MAGIC_CMD' lt_cv_file_magic_test_file= lt_cv_deplibs_check_method='unknown' @@ -8415,8 +8802,8 @@ os2*) esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 -$as_echo "$lt_cv_deplibs_check_method" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +printf "%s\n" "$lt_cv_deplibs_check_method" >&6; } file_magic_glob= want_nocaseglob=no @@ -8460,11 +8847,12 @@ test -z "$deplibs_check_method" && deplibs_check_method=unknown if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. set dummy ${ac_tool_prefix}dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DLLTOOL"; then ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. else @@ -8472,11 +8860,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8487,11 +8879,11 @@ fi fi DLLTOOL=$ac_cv_prog_DLLTOOL if test -n "$DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 -$as_echo "$DLLTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +printf "%s\n" "$DLLTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8500,11 +8892,12 @@ if test -z "$ac_cv_prog_DLLTOOL"; then ac_ct_DLLTOOL=$DLLTOOL # Extract the first word of "dlltool", so it can be a program name with args. set dummy dlltool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DLLTOOL"; then ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. else @@ -8512,11 +8905,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DLLTOOL="dlltool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8527,11 +8924,11 @@ fi fi ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL if test -n "$ac_ct_DLLTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 -$as_echo "$ac_ct_DLLTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +printf "%s\n" "$ac_ct_DLLTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_DLLTOOL" = x; then @@ -8539,8 +8936,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DLLTOOL=$ac_ct_DLLTOOL @@ -8560,11 +8957,12 @@ test -z "$DLLTOOL" && DLLTOOL=dlltool -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 -$as_echo_n "checking how to associate runtime and link libraries... " >&6; } -if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +printf %s "checking how to associate runtime and link libraries... " >&6; } +if test ${lt_cv_sharedlib_from_linklib_cmd+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_sharedlib_from_linklib_cmd='unknown' case $host_os in @@ -8587,8 +8985,8 @@ cygwin* | mingw* | pw32* | cegcc*) esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 -$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +printf "%s\n" "$lt_cv_sharedlib_from_linklib_cmd" >&6; } sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO @@ -8603,11 +9001,12 @@ if test -n "$ac_tool_prefix"; then do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AR"; then ac_cv_prog_AR="$AR" # Let the user override the test. else @@ -8615,11 +9014,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AR="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8630,11 +9033,11 @@ fi fi AR=$ac_cv_prog_AR if test -n "$AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 -$as_echo "$AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +printf "%s\n" "$AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8647,11 +9050,12 @@ if test -z "$AR"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_AR+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_AR+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_AR"; then ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. else @@ -8659,11 +9063,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_AR="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8674,11 +9082,11 @@ fi fi ac_ct_AR=$ac_cv_prog_ac_ct_AR if test -n "$ac_ct_AR"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 -$as_echo "$ac_ct_AR" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +printf "%s\n" "$ac_ct_AR" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8690,8 +9098,8 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac AR=$ac_ct_AR @@ -8711,30 +9119,32 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 -$as_echo_n "checking for archiver @FILE support... " >&6; } -if ${lt_cv_ar_at_file+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +printf %s "checking for archiver @FILE support... " >&6; } +if test ${lt_cv_ar_at_file+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ar_at_file=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : echo conftest.$ac_objext > conftest.lst lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -eq "$ac_status"; then # Ensure the archiver fails upon bogus file names. @@ -8742,7 +9152,7 @@ if ac_fn_c_try_compile "$LINENO"; then : { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 (eval $lt_ar_try) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if test 0 -ne "$ac_status"; then lt_cv_ar_at_file=@ @@ -8751,11 +9161,11 @@ if ac_fn_c_try_compile "$LINENO"; then : rm -f conftest.* libconftest.a fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 -$as_echo "$lt_cv_ar_at_file" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +printf "%s\n" "$lt_cv_ar_at_file" >&6; } if test no = "$lt_cv_ar_at_file"; then archiver_list_spec= @@ -8772,11 +9182,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$STRIP"; then ac_cv_prog_STRIP="$STRIP" # Let the user override the test. else @@ -8784,11 +9195,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_STRIP="${ac_tool_prefix}strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8799,11 +9214,11 @@ fi fi STRIP=$ac_cv_prog_STRIP if test -n "$STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 -$as_echo "$STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +printf "%s\n" "$STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8812,11 +9227,12 @@ if test -z "$ac_cv_prog_STRIP"; then ac_ct_STRIP=$STRIP # Extract the first word of "strip", so it can be a program name with args. set dummy strip; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_STRIP+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_STRIP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_STRIP"; then ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. else @@ -8824,11 +9240,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_STRIP="strip" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8839,11 +9259,11 @@ fi fi ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP if test -n "$ac_ct_STRIP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 -$as_echo "$ac_ct_STRIP" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +printf "%s\n" "$ac_ct_STRIP" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then @@ -8851,8 +9271,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac STRIP=$ac_ct_STRIP @@ -8871,11 +9291,12 @@ test -z "$STRIP" && STRIP=: if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else @@ -8883,11 +9304,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8898,11 +9323,11 @@ fi fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 -$as_echo "$RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +printf "%s\n" "$RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -8911,11 +9336,12 @@ if test -z "$ac_cv_prog_RANLIB"; then ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_RANLIB+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_RANLIB"; then ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. else @@ -8923,11 +9349,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_RANLIB="ranlib" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -8938,11 +9368,11 @@ fi fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 -$as_echo "$ac_ct_RANLIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +printf "%s\n" "$ac_ct_RANLIB" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_RANLIB" = x; then @@ -8950,8 +9380,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac RANLIB=$ac_ct_RANLIB @@ -9040,11 +9470,12 @@ compiler=$CC # Check for command to grab the raw symbol name followed by C symbol from nm. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 -$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } -if ${lt_cv_sys_global_symbol_pipe+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +printf %s "checking command to parse $NM output from $compiler object... " >&6; } +if test ${lt_cv_sys_global_symbol_pipe+y} +then : + printf %s "(cached) " >&6 +else $as_nop # These are sane defaults that work on at least a few old systems. # [They come from Ultrix. What could be older than Ultrix?!! ;)] @@ -9196,7 +9627,7 @@ _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then # Now try to grab the symbols. nlist=conftest.nm @@ -9269,7 +9700,7 @@ _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s conftest$ac_exeext; then pipe_works=yes fi @@ -9304,11 +9735,11 @@ if test -z "$lt_cv_sys_global_symbol_pipe"; then lt_cv_sys_global_symbol_to_cdecl= fi if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +printf "%s\n" "ok" >&6; } fi # Response file support. @@ -9354,13 +9785,14 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 -$as_echo_n "checking for sysroot... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +printf %s "checking for sysroot... " >&6; } # Check whether --with-sysroot was given. -if test "${with_sysroot+set}" = set; then : +if test ${with_sysroot+y} +then : withval=$with_sysroot; -else +else $as_nop with_sysroot=no fi @@ -9378,24 +9810,25 @@ case $with_sysroot in #( no|'') ;; #( *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 -$as_echo "$with_sysroot" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +printf "%s\n" "$with_sysroot" >&6; } as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 -$as_echo "${lt_sysroot:-no}" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +printf "%s\n" "${lt_sysroot:-no}" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 -$as_echo_n "checking for a working dd... " >&6; } -if ${ac_cv_path_lt_DD+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +printf %s "checking for a working dd... " >&6; } +if test ${ac_cv_path_lt_DD+y} +then : + printf %s "(cached) " >&6 +else $as_nop printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i : ${lt_DD:=$DD} @@ -9406,10 +9839,15 @@ if test -z "$lt_DD"; then for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in dd; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in dd + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + ac_path_lt_DD="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_lt_DD" || continue if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then cmp -s conftest.i conftest.out \ @@ -9429,15 +9867,16 @@ fi rm -f conftest.i conftest2.i conftest.out fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 -$as_echo "$ac_cv_path_lt_DD" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +printf "%s\n" "$ac_cv_path_lt_DD" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 -$as_echo_n "checking how to truncate binary pipes... " >&6; } -if ${lt_cv_truncate_bin+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +printf %s "checking how to truncate binary pipes... " >&6; } +if test ${lt_cv_truncate_bin+y} +then : + printf %s "(cached) " >&6 +else $as_nop printf 0123456789abcdef0123456789abcdef >conftest.i cat conftest.i conftest.i >conftest2.i lt_cv_truncate_bin= @@ -9448,8 +9887,8 @@ fi rm -f conftest.i conftest2.i conftest.out test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 -$as_echo "$lt_cv_truncate_bin" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +printf "%s\n" "$lt_cv_truncate_bin" >&6; } @@ -9472,7 +9911,8 @@ func_cc_basename () } # Check whether --enable-libtool-lock was given. -if test "${enable_libtool_lock+set}" = set; then : +if test ${enable_libtool_lock+y} +then : enableval=$enable_libtool_lock; fi @@ -9488,7 +9928,7 @@ ia64-*-hpux*) if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.$ac_objext` in *ELF-32*) @@ -9508,7 +9948,7 @@ ia64-*-hpux*) if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then if test yes = "$lt_cv_prog_gnu_ld"; then case `/usr/bin/file conftest.$ac_objext` in @@ -9546,7 +9986,7 @@ mips64*-*linux*) if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then emul=elf case `/usr/bin/file conftest.$ac_objext` in @@ -9587,7 +10027,7 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *32-bit*) @@ -9650,11 +10090,12 @@ s390*-*linux*|s390*-*tpf*|sparc*-*linux*) # On SCO OpenServer 5, we need -belf to get full-featured binaries. SAVE_CFLAGS=$CFLAGS CFLAGS="$CFLAGS -belf" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 -$as_echo_n "checking whether the C compiler needs -belf... " >&6; } -if ${lt_cv_cc_needs_belf+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +printf %s "checking whether the C compiler needs -belf... " >&6; } +if test ${lt_cv_cc_needs_belf+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -9665,19 +10106,20 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_cc_needs_belf=yes -else +else $as_nop lt_cv_cc_needs_belf=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext ac_ext=c ac_cpp='$CPP $CPPFLAGS' @@ -9686,8 +10128,8 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 -$as_echo "$lt_cv_cc_needs_belf" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +printf "%s\n" "$lt_cv_cc_needs_belf" >&6; } if test yes != "$lt_cv_cc_needs_belf"; then # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf CFLAGS=$SAVE_CFLAGS @@ -9700,7 +10142,7 @@ $as_echo "$lt_cv_cc_needs_belf" >&6; } if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then case `/usr/bin/file conftest.o` in *64-bit*) @@ -9737,11 +10179,12 @@ need_locks=$enable_libtool_lock if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. set dummy ${ac_tool_prefix}mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_MANIFEST_TOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$MANIFEST_TOOL"; then ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. else @@ -9749,11 +10192,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9764,11 +10211,11 @@ fi fi MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL if test -n "$MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 -$as_echo "$MANIFEST_TOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +printf "%s\n" "$MANIFEST_TOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9777,11 +10224,12 @@ if test -z "$ac_cv_prog_MANIFEST_TOOL"; then ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL # Extract the first word of "mt", so it can be a program name with args. set dummy mt; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_MANIFEST_TOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_MANIFEST_TOOL"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. else @@ -9789,11 +10237,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9804,11 +10256,11 @@ fi fi ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL if test -n "$ac_ct_MANIFEST_TOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 -$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +printf "%s\n" "$ac_ct_MANIFEST_TOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_MANIFEST_TOOL" = x; then @@ -9816,8 +10268,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL @@ -9827,11 +10279,12 @@ else fi test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 -$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } -if ${lt_cv_path_mainfest_tool+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +printf %s "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if test ${lt_cv_path_mainfest_tool+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_path_mainfest_tool=no echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out @@ -9841,8 +10294,8 @@ else fi rm -f conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 -$as_echo "$lt_cv_path_mainfest_tool" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +printf "%s\n" "$lt_cv_path_mainfest_tool" >&6; } if test yes != "$lt_cv_path_mainfest_tool"; then MANIFEST_TOOL=: fi @@ -9857,11 +10310,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DSYMUTIL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$DSYMUTIL"; then ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. else @@ -9869,11 +10323,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9884,11 +10342,11 @@ fi fi DSYMUTIL=$ac_cv_prog_DSYMUTIL if test -n "$DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 -$as_echo "$DSYMUTIL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +printf "%s\n" "$DSYMUTIL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9897,11 +10355,12 @@ if test -z "$ac_cv_prog_DSYMUTIL"; then ac_ct_DSYMUTIL=$DSYMUTIL # Extract the first word of "dsymutil", so it can be a program name with args. set dummy dsymutil; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DSYMUTIL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_DSYMUTIL"; then ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. else @@ -9909,11 +10368,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9924,11 +10387,11 @@ fi fi ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL if test -n "$ac_ct_DSYMUTIL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 -$as_echo "$ac_ct_DSYMUTIL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +printf "%s\n" "$ac_ct_DSYMUTIL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_DSYMUTIL" = x; then @@ -9936,8 +10399,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac DSYMUTIL=$ac_ct_DSYMUTIL @@ -9949,11 +10412,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. set dummy ${ac_tool_prefix}nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_NMEDIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$NMEDIT"; then ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. else @@ -9961,11 +10425,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9976,11 +10444,11 @@ fi fi NMEDIT=$ac_cv_prog_NMEDIT if test -n "$NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 -$as_echo "$NMEDIT" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +printf "%s\n" "$NMEDIT" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9989,11 +10457,12 @@ if test -z "$ac_cv_prog_NMEDIT"; then ac_ct_NMEDIT=$NMEDIT # Extract the first word of "nmedit", so it can be a program name with args. set dummy nmedit; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_NMEDIT+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_NMEDIT"; then ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. else @@ -10001,11 +10470,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_NMEDIT="nmedit" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10016,11 +10489,11 @@ fi fi ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT if test -n "$ac_ct_NMEDIT"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 -$as_echo "$ac_ct_NMEDIT" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +printf "%s\n" "$ac_ct_NMEDIT" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_NMEDIT" = x; then @@ -10028,8 +10501,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac NMEDIT=$ac_ct_NMEDIT @@ -10041,11 +10514,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. set dummy ${ac_tool_prefix}lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_LIPO+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$LIPO"; then ac_cv_prog_LIPO="$LIPO" # Let the user override the test. else @@ -10053,11 +10527,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_LIPO="${ac_tool_prefix}lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10068,11 +10546,11 @@ fi fi LIPO=$ac_cv_prog_LIPO if test -n "$LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 -$as_echo "$LIPO" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +printf "%s\n" "$LIPO" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10081,11 +10559,12 @@ if test -z "$ac_cv_prog_LIPO"; then ac_ct_LIPO=$LIPO # Extract the first word of "lipo", so it can be a program name with args. set dummy lipo; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_LIPO+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_LIPO+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_LIPO"; then ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. else @@ -10093,11 +10572,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_LIPO="lipo" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10108,11 +10591,11 @@ fi fi ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO if test -n "$ac_ct_LIPO"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 -$as_echo "$ac_ct_LIPO" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +printf "%s\n" "$ac_ct_LIPO" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_LIPO" = x; then @@ -10120,8 +10603,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac LIPO=$ac_ct_LIPO @@ -10133,11 +10616,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. set dummy ${ac_tool_prefix}otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OTOOL"; then ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. else @@ -10145,11 +10629,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL="${ac_tool_prefix}otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10160,11 +10648,11 @@ fi fi OTOOL=$ac_cv_prog_OTOOL if test -n "$OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 -$as_echo "$OTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +printf "%s\n" "$OTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10173,11 +10661,12 @@ if test -z "$ac_cv_prog_OTOOL"; then ac_ct_OTOOL=$OTOOL # Extract the first word of "otool", so it can be a program name with args. set dummy otool; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OTOOL"; then ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. else @@ -10185,11 +10674,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL="otool" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10200,11 +10693,11 @@ fi fi ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL if test -n "$ac_ct_OTOOL"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 -$as_echo "$ac_ct_OTOOL" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +printf "%s\n" "$ac_ct_OTOOL" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OTOOL" = x; then @@ -10212,8 +10705,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL=$ac_ct_OTOOL @@ -10225,11 +10718,12 @@ fi if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. set dummy ${ac_tool_prefix}otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_OTOOL64+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$OTOOL64"; then ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. else @@ -10237,11 +10731,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10252,11 +10750,11 @@ fi fi OTOOL64=$ac_cv_prog_OTOOL64 if test -n "$OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 -$as_echo "$OTOOL64" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +printf "%s\n" "$OTOOL64" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10265,11 +10763,12 @@ if test -z "$ac_cv_prog_OTOOL64"; then ac_ct_OTOOL64=$OTOOL64 # Extract the first word of "otool64", so it can be a program name with args. set dummy otool64; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_OTOOL64+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_OTOOL64"; then ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. else @@ -10277,11 +10776,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_OTOOL64="otool64" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10292,11 +10795,11 @@ fi fi ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 if test -n "$ac_ct_OTOOL64"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 -$as_echo "$ac_ct_OTOOL64" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +printf "%s\n" "$ac_ct_OTOOL64" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_OTOOL64" = x; then @@ -10304,8 +10807,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac OTOOL64=$ac_ct_OTOOL64 @@ -10340,11 +10843,12 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 -$as_echo_n "checking for -single_module linker flag... " >&6; } -if ${lt_cv_apple_cc_single_mod+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +printf %s "checking for -single_module linker flag... " >&6; } +if test ${lt_cv_apple_cc_single_mod+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_apple_cc_single_mod=no if test -z "$LT_MULTI_MODULE"; then # By default we will add the -single_module flag. You can override @@ -10373,14 +10877,15 @@ else rm -f conftest.* fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 -$as_echo "$lt_cv_apple_cc_single_mod" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +printf "%s\n" "$lt_cv_apple_cc_single_mod" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 -$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } -if ${lt_cv_ld_exported_symbols_list+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +printf %s "checking for -exported_symbols_list linker flag... " >&6; } +if test ${lt_cv_ld_exported_symbols_list+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_exported_symbols_list=no save_LDFLAGS=$LDFLAGS echo "_main" > conftest.sym @@ -10389,31 +10894,33 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_ld_exported_symbols_list=yes -else +else $as_nop lt_cv_ld_exported_symbols_list=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 -$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +printf "%s\n" "$lt_cv_ld_exported_symbols_list" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 -$as_echo_n "checking for -force_load linker flag... " >&6; } -if ${lt_cv_ld_force_load+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +printf %s "checking for -force_load linker flag... " >&6; } +if test ${lt_cv_ld_force_load+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_ld_force_load=no cat > conftest.c << _LT_EOF int forced_loaded() { return 2;} @@ -10441,8 +10948,8 @@ _LT_EOF rm -rf conftest.dSYM fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 -$as_echo "$lt_cv_ld_force_load" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +printf "%s\n" "$lt_cv_ld_force_load" >&6; } case $host_os in rhapsody* | darwin1.[012]) _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; @@ -10513,155 +11020,51 @@ func_munge_path_list () esac } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#include -#include - -int -main () -{ - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no -fi -rm -f conftest* - -fi - -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : +ac_header= ac_cache= +for ac_item in $ac_header_c_list +do + if test $ac_cache; then + ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" + if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then + printf "%s\n" "#define $ac_item 1" >> confdefs.h + fi + ac_header= ac_cache= + elif test $ac_header; then + ac_cache=$ac_item + else + ac_header=$ac_item + fi +done -else - ac_cv_header_stdc=no -fi -rm -f conftest* -fi -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include -#include -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then -$as_echo "#define STDC_HEADERS 1" >>confdefs.h -fi +if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes +then : -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h fi - -done - - -for ac_header in dlfcn.h -do : - ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default " -if test "x$ac_cv_header_dlfcn_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_DLFCN_H 1 -_ACEOF +if test "x$ac_cv_header_dlfcn_h" = xyes +then : + printf "%s\n" "#define HAVE_DLFCN_H 1" >>confdefs.h fi -done - # Set options # Check whether --enable-static was given. -if test "${enable_static+set}" = set; then : +if test ${enable_static+y} +then : enableval=$enable_static; p=${PACKAGE-default} case $enableval in yes) enable_static=yes ;; @@ -10679,7 +11082,7 @@ if test "${enable_static+set}" = set; then : IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_static=no fi @@ -10699,7 +11102,8 @@ fi # Check whether --enable-shared was given. -if test "${enable_shared+set}" = set; then : +if test ${enable_shared+y} +then : enableval=$enable_shared; p=${PACKAGE-default} case $enableval in yes) enable_shared=yes ;; @@ -10717,7 +11121,7 @@ if test "${enable_shared+set}" = set; then : IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_shared=yes fi @@ -10732,7 +11136,8 @@ fi # Check whether --with-pic was given. -if test "${with_pic+set}" = set; then : +if test ${with_pic+y} +then : withval=$with_pic; lt_p=${PACKAGE-default} case $withval in yes|no) pic_mode=$withval ;; @@ -10749,7 +11154,7 @@ if test "${with_pic+set}" = set; then : IFS=$lt_save_ifs ;; esac -else +else $as_nop pic_mode=default fi @@ -10761,7 +11166,8 @@ fi # Check whether --enable-fast-install was given. -if test "${enable_fast_install+set}" = set; then : +if test ${enable_fast_install+y} +then : enableval=$enable_fast_install; p=${PACKAGE-default} case $enableval in yes) enable_fast_install=yes ;; @@ -10779,7 +11185,7 @@ if test "${enable_fast_install+set}" = set; then : IFS=$lt_save_ifs ;; esac -else +else $as_nop enable_fast_install=yes fi @@ -10793,11 +11199,12 @@ fi shared_archive_member_spec= case $host,$enable_shared in power*-*-aix[5-9]*,yes) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 -$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +printf %s "checking which variant of shared library versioning to provide... " >&6; } # Check whether --with-aix-soname was given. -if test "${with_aix_soname+set}" = set; then : +if test ${with_aix_soname+y} +then : withval=$with_aix_soname; case $withval in aix|svr4|both) ;; @@ -10806,18 +11213,19 @@ if test "${with_aix_soname+set}" = set; then : ;; esac lt_cv_with_aix_soname=$with_aix_soname -else - if ${lt_cv_with_aix_soname+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + if test ${lt_cv_with_aix_soname+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_with_aix_soname=aix fi with_aix_soname=$lt_cv_with_aix_soname fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 -$as_echo "$with_aix_soname" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +printf "%s\n" "$with_aix_soname" >&6; } if test aix != "$with_aix_soname"; then # For the AIX way of multilib, we name the shared archive member # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', @@ -10899,11 +11307,12 @@ if test -n "${ZSH_VERSION+set}"; then setopt NO_GLOB_SUBST fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 -$as_echo_n "checking for objdir... " >&6; } -if ${lt_cv_objdir+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +printf %s "checking for objdir... " >&6; } +if test ${lt_cv_objdir+y} +then : + printf %s "(cached) " >&6 +else $as_nop rm -f .libs 2>/dev/null mkdir .libs 2>/dev/null if test -d .libs; then @@ -10914,17 +11323,15 @@ else fi rmdir .libs 2>/dev/null fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 -$as_echo "$lt_cv_objdir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +printf "%s\n" "$lt_cv_objdir" >&6; } objdir=$lt_cv_objdir -cat >>confdefs.h <<_ACEOF -#define LT_OBJDIR "$lt_cv_objdir/" -_ACEOF +printf "%s\n" "#define LT_OBJDIR \"$lt_cv_objdir/\"" >>confdefs.h @@ -10970,11 +11377,12 @@ test -z "$MAGIC_CMD" && MAGIC_CMD=file case $deplibs_check_method in file_magic*) if test "$file_magic_cmd" = '$MAGIC_CMD'; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 -$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +printf %s "checking for ${ac_tool_prefix}file... " >&6; } +if test ${lt_cv_path_MAGIC_CMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. @@ -11023,11 +11431,11 @@ fi MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +printf "%s\n" "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -11036,11 +11444,12 @@ fi if test -z "$lt_cv_path_MAGIC_CMD"; then if test -n "$ac_tool_prefix"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 -$as_echo_n "checking for file... " >&6; } -if ${lt_cv_path_MAGIC_CMD+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +printf %s "checking for file... " >&6; } +if test ${lt_cv_path_MAGIC_CMD+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $MAGIC_CMD in [\\/*] | ?:[\\/]*) lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. @@ -11089,11 +11498,11 @@ fi MAGIC_CMD=$lt_cv_path_MAGIC_CMD if test -n "$MAGIC_CMD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 -$as_echo "$MAGIC_CMD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +printf "%s\n" "$MAGIC_CMD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -11178,11 +11587,12 @@ if test yes = "$GCC"; then lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 -$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } -if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +printf %s "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if test ${lt_cv_prog_compiler_rtti_exceptions+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_rtti_exceptions=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext @@ -11213,8 +11623,8 @@ else $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 -$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +printf "%s\n" "$lt_cv_prog_compiler_rtti_exceptions" >&6; } if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" @@ -11577,26 +11987,28 @@ case $host_os in ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 -$as_echo_n "checking for $compiler option to produce PIC... " >&6; } -if ${lt_cv_prog_compiler_pic+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +printf %s "checking for $compiler option to produce PIC... " >&6; } +if test ${lt_cv_prog_compiler_pic+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_pic=$lt_prog_compiler_pic fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 -$as_echo "$lt_cv_prog_compiler_pic" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic" >&6; } lt_prog_compiler_pic=$lt_cv_prog_compiler_pic # # Check to make sure the PIC flag actually works. # if test -n "$lt_prog_compiler_pic"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 -$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } -if ${lt_cv_prog_compiler_pic_works+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +printf %s "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if test ${lt_cv_prog_compiler_pic_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_pic_works=no ac_outfile=conftest.$ac_objext echo "$lt_simple_compile_test_code" > conftest.$ac_ext @@ -11627,8 +12039,8 @@ else $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 -$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_pic_works" >&6; } if test yes = "$lt_cv_prog_compiler_pic_works"; then case $lt_prog_compiler_pic in @@ -11656,11 +12068,12 @@ fi # Check to make sure the static flag actually works. # wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 -$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } -if ${lt_cv_prog_compiler_static_works+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +printf %s "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if test ${lt_cv_prog_compiler_static_works+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_static_works=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $lt_tmp_static_flag" @@ -11684,8 +12097,8 @@ else LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 -$as_echo "$lt_cv_prog_compiler_static_works" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +printf "%s\n" "$lt_cv_prog_compiler_static_works" >&6; } if test yes = "$lt_cv_prog_compiler_static_works"; then : @@ -11699,11 +12112,12 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test ${lt_cv_prog_compiler_c_o+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest @@ -11746,19 +12160,20 @@ else $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 -$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } -if ${lt_cv_prog_compiler_c_o+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +printf %s "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if test ${lt_cv_prog_compiler_c_o+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler_c_o=no $RM -r conftest 2>/dev/null mkdir conftest @@ -11801,8 +12216,8 @@ else $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 -$as_echo "$lt_cv_prog_compiler_c_o" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +printf "%s\n" "$lt_cv_prog_compiler_c_o" >&6; } @@ -11810,19 +12225,19 @@ $as_echo "$lt_cv_prog_compiler_c_o" >&6; } hard_links=nottested if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then # do not overwrite the value of need_locks provided by the user - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 -$as_echo_n "checking if we can lock with hard links... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +printf %s "checking if we can lock with hard links... " >&6; } hard_links=yes $RM conftest* ln conftest.a conftest.b 2>/dev/null && hard_links=no touch conftest.a ln conftest.a conftest.b 2>&5 || hard_links=no ln conftest.a conftest.b 2>/dev/null && hard_links=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 -$as_echo "$hard_links" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +printf "%s\n" "$hard_links" >&6; } if test no = "$hard_links"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 -$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +printf "%s\n" "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} need_locks=warn fi else @@ -11834,8 +12249,8 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 -$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +printf %s "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } runpath_var= allow_undefined_flag= @@ -12393,21 +12808,23 @@ _LT_EOF if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_aix_libpath_+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -12422,7 +12839,7 @@ if ac_fn_c_try_link "$LINENO"; then : lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib @@ -12446,21 +12863,23 @@ fi if test set = "${lt_cv_aix_libpath+set}"; then aix_libpath=$lt_cv_aix_libpath else - if ${lt_cv_aix_libpath_+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_aix_libpath_+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_aix_libpath_sed=' /Import File Strings/,/^$/ { @@ -12475,7 +12894,7 @@ if ac_fn_c_try_link "$LINENO"; then : lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test -z "$lt_cv_aix_libpath_"; then lt_cv_aix_libpath_=/usr/lib:/lib @@ -12726,11 +13145,12 @@ fi # Older versions of the 11.00 compiler do not understand -b yet # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 -$as_echo_n "checking if $CC understands -b... " >&6; } -if ${lt_cv_prog_compiler__b+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +printf %s "checking if $CC understands -b... " >&6; } +if test ${lt_cv_prog_compiler__b+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_prog_compiler__b=no save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -b" @@ -12754,8 +13174,8 @@ else LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 -$as_echo "$lt_cv_prog_compiler__b" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +printf "%s\n" "$lt_cv_prog_compiler__b" >&6; } if test yes = "$lt_cv_prog_compiler__b"; then archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' @@ -12795,28 +13215,30 @@ fi # work, assume that -exports_file does not work either and # implicitly export all symbols. # This should be the same for all languages, so no per-tag cache variable. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 -$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } -if ${lt_cv_irix_exported_symbol+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +printf %s "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if test ${lt_cv_irix_exported_symbol+y} +then : + printf %s "(cached) " >&6 +else $as_nop save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int foo (void) { return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : lt_cv_irix_exported_symbol=yes -else +else $as_nop lt_cv_irix_exported_symbol=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 -$as_echo "$lt_cv_irix_exported_symbol" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +printf "%s\n" "$lt_cv_irix_exported_symbol" >&6; } if test yes = "$lt_cv_irix_exported_symbol"; then archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' fi @@ -13097,8 +13519,8 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 -$as_echo "$ld_shlibs" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +printf "%s\n" "$ld_shlibs" >&6; } test no = "$ld_shlibs" && can_build_shared=no with_gnu_ld=$with_gnu_ld @@ -13134,18 +13556,19 @@ x|xyes) # Test whether the compiler implicitly links with -lc since on some # systems, -lgcc has to come before -lc. If gcc already passes -lc # to ld, don't add -lc before -lgcc. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 -$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } -if ${lt_cv_archive_cmds_need_lc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +printf %s "checking whether -lc should be explicitly linked in... " >&6; } +if test ${lt_cv_archive_cmds_need_lc+y} +then : + printf %s "(cached) " >&6 +else $as_nop $RM conftest* echo "$lt_simple_compile_test_code" > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } 2>conftest.err; then soname=conftest lib=conftest @@ -13163,7 +13586,7 @@ else if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } then lt_cv_archive_cmds_need_lc=no @@ -13177,8 +13600,8 @@ else $RM conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 -$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +printf "%s\n" "$lt_cv_archive_cmds_need_lc" >&6; } archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc ;; esac @@ -13337,8 +13760,8 @@ esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 -$as_echo_n "checking dynamic linker characteristics... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +printf %s "checking dynamic linker characteristics... " >&6; } if test yes = "$GCC"; then case $host_os in @@ -13899,9 +14322,10 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) shlibpath_overrides_runpath=no # Some binutils ld are patched to set DT_RUNPATH - if ${lt_cv_shlibpath_overrides_runpath+:} false; then : - $as_echo_n "(cached) " >&6 -else + if test ${lt_cv_shlibpath_overrides_runpath+y} +then : + printf %s "(cached) " >&6 +else $as_nop lt_cv_shlibpath_overrides_runpath=no save_LDFLAGS=$LDFLAGS save_libdir=$libdir @@ -13911,19 +14335,21 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : +if ac_fn_c_try_link "$LINENO" +then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null +then : lt_cv_shlibpath_overrides_runpath=yes fi fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LDFLAGS=$save_LDFLAGS libdir=$save_libdir @@ -14167,8 +14593,8 @@ uts4*) dynamic_linker=no ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 -$as_echo "$dynamic_linker" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +printf "%s\n" "$dynamic_linker" >&6; } test no = "$dynamic_linker" && can_build_shared=no variables_saved_for_relink="PATH $shlibpath_var $runpath_var" @@ -14289,8 +14715,8 @@ configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH - { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 -$as_echo_n "checking how to hardcode library paths into programs... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +printf %s "checking how to hardcode library paths into programs... " >&6; } hardcode_action= if test -n "$hardcode_libdir_flag_spec" || test -n "$runpath_var" || @@ -14314,8 +14740,8 @@ else # directories. hardcode_action=unsupported fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 -$as_echo "$hardcode_action" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +printf "%s\n" "$hardcode_action" >&6; } if test relink = "$hardcode_action" || test yes = "$inherit_rpath"; then @@ -14359,11 +14785,12 @@ else darwin*) # if libdl is installed we need to link against it - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +printf %s "checking for dlopen in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14372,32 +14799,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dl_dlopen=yes -else +else $as_nop ac_cv_lib_dl_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else +else $as_nop lt_cv_dlopen=dyld lt_cv_dlopen_libs= @@ -14417,14 +14843,16 @@ fi *) ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" -if test "x$ac_cv_func_shl_load" = xyes; then : +if test "x$ac_cv_func_shl_load" = xyes +then : lt_cv_dlopen=shl_load -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 -$as_echo_n "checking for shl_load in -ldld... " >&6; } -if ${ac_cv_lib_dld_shl_load+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +printf %s "checking for shl_load in -ldld... " >&6; } +if test ${ac_cv_lib_dld_shl_load+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14433,41 +14861,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char shl_load (); int -main () +main (void) { return shl_load (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dld_shl_load=yes -else +else $as_nop ac_cv_lib_dld_shl_load=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 -$as_echo "$ac_cv_lib_dld_shl_load" >&6; } -if test "x$ac_cv_lib_dld_shl_load" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +printf "%s\n" "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes +then : lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld -else +else $as_nop ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" -if test "x$ac_cv_func_dlopen" = xyes; then : +if test "x$ac_cv_func_dlopen" = xyes +then : lt_cv_dlopen=dlopen -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 -$as_echo_n "checking for dlopen in -ldl... " >&6; } -if ${ac_cv_lib_dl_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +printf %s "checking for dlopen in -ldl... " >&6; } +if test ${ac_cv_lib_dl_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14476,37 +14905,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dl_dlopen=yes -else +else $as_nop ac_cv_lib_dl_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 -$as_echo "$ac_cv_lib_dl_dlopen" >&6; } -if test "x$ac_cv_lib_dl_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 -$as_echo_n "checking for dlopen in -lsvld... " >&6; } -if ${ac_cv_lib_svld_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +printf %s "checking for dlopen in -lsvld... " >&6; } +if test ${ac_cv_lib_svld_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lsvld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14515,37 +14944,37 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_svld_dlopen=yes -else +else $as_nop ac_cv_lib_svld_dlopen=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 -$as_echo "$ac_cv_lib_svld_dlopen" >&6; } -if test "x$ac_cv_lib_svld_dlopen" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +printf "%s\n" "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes +then : lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 -$as_echo_n "checking for dld_link in -ldld... " >&6; } -if ${ac_cv_lib_dld_dld_link+:} false; then : - $as_echo_n "(cached) " >&6 -else +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +printf %s "checking for dld_link in -ldld... " >&6; } +if test ${ac_cv_lib_dld_dld_link+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-ldld $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -14554,30 +14983,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dld_link (); int -main () +main (void) { return dld_link (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_dld_dld_link=yes -else +else $as_nop ac_cv_lib_dld_dld_link=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 -$as_echo "$ac_cv_lib_dld_dld_link" >&6; } -if test "x$ac_cv_lib_dld_dld_link" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +printf "%s\n" "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes +then : lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld fi @@ -14616,11 +15044,12 @@ fi save_LIBS=$LIBS LIBS="$lt_cv_dlopen_libs $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 -$as_echo_n "checking whether a program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +printf %s "checking whether a program can dlopen itself... " >&6; } +if test ${lt_cv_dlopen_self+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test yes = "$cross_compiling"; then : lt_cv_dlopen_self=cross else @@ -14699,7 +15128,7 @@ _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? @@ -14717,16 +15146,17 @@ rm -fr conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 -$as_echo "$lt_cv_dlopen_self" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +printf "%s\n" "$lt_cv_dlopen_self" >&6; } if test yes = "$lt_cv_dlopen_self"; then wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 -$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } -if ${lt_cv_dlopen_self_static+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +printf %s "checking whether a statically linked program can dlopen itself... " >&6; } +if test ${lt_cv_dlopen_self_static+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test yes = "$cross_compiling"; then : lt_cv_dlopen_self_static=cross else @@ -14805,7 +15235,7 @@ _LT_EOF if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 (eval $ac_link) 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then (./conftest; exit; ) >&5 2>/dev/null lt_status=$? @@ -14823,8 +15253,8 @@ rm -fr conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 -$as_echo "$lt_cv_dlopen_self_static" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +printf "%s\n" "$lt_cv_dlopen_self_static" >&6; } fi CPPFLAGS=$save_CPPFLAGS @@ -14862,13 +15292,13 @@ fi striplib= old_striplib= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 -$as_echo_n "checking whether stripping libraries is possible... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +printf %s "checking whether stripping libraries is possible... " >&6; } if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" test -z "$striplib" && striplib="$STRIP --strip-unneeded" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else # FIXME - insert some real tests, host_os isn't really good enough case $host_os in @@ -14876,16 +15306,16 @@ else if test -n "$STRIP"; then striplib="$STRIP -x" old_striplib="$STRIP -S" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; esac fi @@ -14902,13 +15332,13 @@ fi # Report what library types will actually be built - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 -$as_echo_n "checking if libtool supports shared libraries... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 -$as_echo "$can_build_shared" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +printf %s "checking if libtool supports shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +printf "%s\n" "$can_build_shared" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 -$as_echo_n "checking whether to build shared libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +printf %s "checking whether to build shared libraries... " >&6; } test no = "$can_build_shared" && enable_shared=no # On AIX, shared libraries and static libraries use the same namespace, and @@ -14932,15 +15362,15 @@ $as_echo_n "checking whether to build shared libraries... " >&6; } fi ;; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 -$as_echo "$enable_shared" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +printf "%s\n" "$enable_shared" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 -$as_echo_n "checking whether to build static libraries... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +printf %s "checking whether to build static libraries... " >&6; } # Make sure either enable_shared or enable_static is yes. test yes = "$enable_shared" || enable_static=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 -$as_echo "$enable_static" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +printf "%s\n" "$enable_static" >&6; } @@ -14978,16 +15408,14 @@ CC=$lt_save_CC -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** types" >&5 -$as_echo "$as_me: **************************************** types" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** types" >&5 +printf "%s\n" "$as_me: **************************************** types" >&6;} ac_fn_c_find_intX_t "$LINENO" "8" "ac_cv_c_int8_t" case $ac_cv_c_int8_t in #( no|yes) ;; #( *) -cat >>confdefs.h <<_ACEOF -#define int8_t $ac_cv_c_int8_t -_ACEOF +printf "%s\n" "#define int8_t $ac_cv_c_int8_t" >>confdefs.h ;; esac @@ -14996,9 +15424,7 @@ case $ac_cv_c_int16_t in #( no|yes) ;; #( *) -cat >>confdefs.h <<_ACEOF -#define int16_t $ac_cv_c_int16_t -_ACEOF +printf "%s\n" "#define int16_t $ac_cv_c_int16_t" >>confdefs.h ;; esac @@ -15007,9 +15433,7 @@ case $ac_cv_c_int32_t in #( no|yes) ;; #( *) -cat >>confdefs.h <<_ACEOF -#define int32_t $ac_cv_c_int32_t -_ACEOF +printf "%s\n" "#define int32_t $ac_cv_c_int32_t" >>confdefs.h ;; esac @@ -15018,9 +15442,7 @@ case $ac_cv_c_int64_t in #( no|yes) ;; #( *) -cat >>confdefs.h <<_ACEOF -#define int64_t $ac_cv_c_int64_t -_ACEOF +printf "%s\n" "#define int64_t $ac_cv_c_int64_t" >>confdefs.h ;; esac @@ -15029,12 +15451,10 @@ case $ac_cv_c_uint8_t in #( no|yes) ;; #( *) -$as_echo "#define _UINT8_T 1" >>confdefs.h +printf "%s\n" "#define _UINT8_T 1" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define uint8_t $ac_cv_c_uint8_t -_ACEOF +printf "%s\n" "#define uint8_t $ac_cv_c_uint8_t" >>confdefs.h ;; esac @@ -15044,9 +15464,7 @@ case $ac_cv_c_uint16_t in #( *) -cat >>confdefs.h <<_ACEOF -#define uint16_t $ac_cv_c_uint16_t -_ACEOF +printf "%s\n" "#define uint16_t $ac_cv_c_uint16_t" >>confdefs.h ;; esac @@ -15055,12 +15473,10 @@ case $ac_cv_c_uint32_t in #( no|yes) ;; #( *) -$as_echo "#define _UINT32_T 1" >>confdefs.h +printf "%s\n" "#define _UINT32_T 1" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define uint32_t $ac_cv_c_uint32_t -_ACEOF +printf "%s\n" "#define uint32_t $ac_cv_c_uint32_t" >>confdefs.h ;; esac @@ -15069,119 +15485,117 @@ case $ac_cv_c_uint64_t in #( no|yes) ;; #( *) -$as_echo "#define _UINT64_T 1" >>confdefs.h - +printf "%s\n" "#define _UINT64_T 1" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define uint64_t $ac_cv_c_uint64_t -_ACEOF + +printf "%s\n" "#define uint64_t $ac_cv_c_uint64_t" >>confdefs.h ;; esac ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" -if test "x$ac_cv_type_size_t" = xyes; then : +if test "x$ac_cv_type_size_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define size_t unsigned int -_ACEOF +printf "%s\n" "#define size_t unsigned int" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" -if test "x$ac_cv_type_ssize_t" = xyes; then : +if test "x$ac_cv_type_ssize_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define ssize_t int -_ACEOF +printf "%s\n" "#define ssize_t int" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 -$as_echo_n "checking for uid_t in sys/types.h... " >&6; } -if ${ac_cv_type_uid_t+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +printf %s "checking for uid_t in sys/types.h... " >&6; } +if test ${ac_cv_type_uid_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "uid_t" >/dev/null 2>&1; then : + $EGREP "uid_t" >/dev/null 2>&1 +then : ac_cv_type_uid_t=yes -else +else $as_nop ac_cv_type_uid_t=no fi -rm -f conftest* +rm -rf conftest* fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 -$as_echo "$ac_cv_type_uid_t" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +printf "%s\n" "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then -$as_echo "#define uid_t int" >>confdefs.h +printf "%s\n" "#define uid_t int" >>confdefs.h -$as_echo "#define gid_t int" >>confdefs.h +printf "%s\n" "#define gid_t int" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 -$as_echo_n "checking for socklen_t... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 +printf %s "checking for socklen_t... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "socklen_t" >/dev/null 2>&1; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (defined as int)" >&5 -$as_echo "no (defined as int)" >&6; } + $EGREP "socklen_t" >/dev/null 2>&1 +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no (defined as int)" >&5 +printf "%s\n" "no (defined as int)" >&6; } -$as_echo "#define socklen_t int" >>confdefs.h +printf "%s\n" "#define socklen_t int" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* ac_fn_c_check_type "$LINENO" "struct sockaddr_un" "ac_cv_type_struct_sockaddr_un" "#include " -if test "x$ac_cv_type_struct_sockaddr_un" = xyes; then : +if test "x$ac_cv_type_struct_sockaddr_un" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_SOCKADDR_UN 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_SOCKADDR_UN 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "struct addrinfo" "ac_cv_type_struct_addrinfo" "#include " -if test "x$ac_cv_type_struct_addrinfo" = xyes; then : +if test "x$ac_cv_type_struct_addrinfo" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_ADDRINFO 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_ADDRINFO 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** PTY device files" >&5 -$as_echo "$as_me: **************************************** PTY device files" >&6;} -if test "x$cross_compiling" = "xno"; then - as_ac_File=`$as_echo "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 -$as_echo_n "checking for \"/dev/ptmx\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** PTY device files" >&5 +printf "%s\n" "$as_me: **************************************** PTY device files" >&6;} +if test "x${cross_compiling}" = "xno"; then + as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/ptmx"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptmx\"" >&5 +printf %s "checking for \"/dev/ptmx\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r ""/dev/ptmx""; then @@ -15191,20 +15605,22 @@ else fi fi eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : -$as_echo "#define HAVE_DEV_PTMX 1" >>confdefs.h +printf "%s\n" "#define HAVE_DEV_PTMX 1" >>confdefs.h fi - as_ac_File=`$as_echo "ac_cv_file_"/dev/ptc"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 -$as_echo_n "checking for \"/dev/ptc\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/ptc"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/ptc\"" >&5 +printf %s "checking for \"/dev/ptc\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r ""/dev/ptc""; then @@ -15214,52 +15630,54 @@ else fi fi eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : -$as_echo "#define HAVE_DEV_PTS_AND_PTC 1" >>confdefs.h +printf "%s\n" "#define HAVE_DEV_PTS_AND_PTC 1" >>confdefs.h fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&5 -$as_echo "$as_me: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&5 +printf "%s\n" "$as_me: WARNING: cross-compilation: assuming /dev/ptmx and /dev/ptc are not available" >&2;} fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** entropy sources" >&5 -$as_echo "$as_me: **************************************** entropy sources" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** entropy sources" >&5 +printf "%s\n" "$as_me: **************************************** entropy sources" >&6;} -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then # Check whether --with-egd-socket was given. -if test "${with_egd_socket+set}" = set; then : - withval=$with_egd_socket; EGD_SOCKET="$withval" +if test ${with_egd_socket+y} +then : + withval=$with_egd_socket; EGD_SOCKET="${withval}" fi - if test -n "$EGD_SOCKET"; then + if test -n "${EGD_SOCKET}"; then -cat >>confdefs.h <<_ACEOF -#define EGD_SOCKET "$EGD_SOCKET" -_ACEOF +printf "%s\n" "#define EGD_SOCKET \"${EGD_SOCKET}\"" >>confdefs.h fi # Check for user-specified random device # Check whether --with-random was given. -if test "${with_random+set}" = set; then : - withval=$with_random; RANDOM_FILE="$withval" -else +if test ${with_random+y} +then : + withval=$with_random; RANDOM_FILE="${withval}" +else $as_nop # Check for random device - as_ac_File=`$as_echo "ac_cv_file_"/dev/urandom"" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for \"/dev/urandom\"" >&5 -$as_echo_n "checking for \"/dev/urandom\"... " >&6; } -if eval \${$as_ac_File+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_ac_File=`printf "%s\n" "ac_cv_file_"/dev/urandom"" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for \"/dev/urandom\"" >&5 +printf %s "checking for \"/dev/urandom\"... " >&6; } +if eval test \${$as_ac_File+y} +then : + printf %s "(cached) " >&6 +else $as_nop test "$cross_compiling" = yes && as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 if test -r ""/dev/urandom""; then @@ -15269,9 +15687,10 @@ else fi fi eval ac_res=\$$as_ac_File - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_File"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_File"\" = x"yes" +then : RANDOM_FILE="/dev/urandom" fi @@ -15279,46 +15698,46 @@ fi fi - if test -n "$RANDOM_FILE"; then + if test -n "${RANDOM_FILE}"; then -cat >>confdefs.h <<_ACEOF -#define RANDOM_FILE "$RANDOM_FILE" -_ACEOF +printf "%s\n" "#define RANDOM_FILE \"${RANDOM_FILE}\"" >>confdefs.h fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming entropy sources are not available" >&5 -$as_echo "$as_me: WARNING: cross-compilation: assuming entropy sources are not available" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming entropy sources are not available" >&5 +printf "%s\n" "$as_me: WARNING: cross-compilation: assuming entropy sources are not available" >&2;} fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** default group" >&5 -$as_echo "$as_me: **************************************** default group" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** default group" >&5 +printf "%s\n" "$as_me: **************************************** default group" >&6;} DEFAULT_GROUP=nobody -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup else - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming nogroup is not available" >&5 -$as_echo "$as_me: WARNING: cross-compilation: assuming nogroup is not available" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cross-compilation: assuming nogroup is not available" >&5 +printf "%s\n" "$as_me: WARNING: cross-compilation: assuming nogroup is not available" >&2;} fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default group" >&5 -$as_echo_n "checking for default group... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $DEFAULT_GROUP" >&5 -$as_echo "$DEFAULT_GROUP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for default group" >&5 +printf %s "checking for default group... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${DEFAULT_GROUP}" >&5 +printf "%s\n" "${DEFAULT_GROUP}" >&6; } # Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : +if test ${enable_largefile+y} +then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +printf %s "checking for special C compiler options needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC @@ -15332,44 +15751,47 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_largefile_CC=' -n32'; break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test ${ac_cv_sys_file_offset_bits+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15378,22 +15800,23 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 @@ -15402,43 +15825,43 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=64; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF +printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } +if test ${ac_cv_sys_large_files+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15447,22 +15870,23 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 @@ -15471,132 +15895,242 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=1; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +printf "%s\n" "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF +printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h ;; esac rm -rf conftest* fi - - fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** header files" >&5 -$as_echo "$as_me: **************************************** header files" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** header files" >&5 +printf "%s\n" "$as_me: **************************************** header files" >&6;} # AC_HEADER_DIRENT # AC_HEADER_STDC # AC_HEADER_SYS_WAIT -for ac_header in stdint.h inttypes.h malloc.h ucontext.h pthread.h poll.h \ - tcpd.h stropts.h grp.h unistd.h util.h libutil.h pty.h limits.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_header_compile "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes +then : + printf "%s\n" "#define HAVE_STDINT_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default" +if test "x$ac_cv_header_inttypes_h" = xyes +then : + printf "%s\n" "#define HAVE_INTTYPES_H 1" >>confdefs.h -done +fi +ac_fn_c_check_header_compile "$LINENO" "malloc.h" "ac_cv_header_malloc_h" "$ac_includes_default" +if test "x$ac_cv_header_malloc_h" = xyes +then : + printf "%s\n" "#define HAVE_MALLOC_H 1" >>confdefs.h -for ac_header in sys/types.h sys/select.h sys/poll.h sys/socket.h sys/un.h \ - sys/ioctl.h sys/filio.h sys/resource.h sys/uio.h sys/syscall.h \ - sys/param.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +fi +ac_fn_c_check_header_compile "$LINENO" "ucontext.h" "ac_cv_header_ucontext_h" "$ac_includes_default" +if test "x$ac_cv_header_ucontext_h" = xyes +then : + printf "%s\n" "#define HAVE_UCONTEXT_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" +if test "x$ac_cv_header_pthread_h" = xyes +then : + printf "%s\n" "#define HAVE_PTHREAD_H 1" >>confdefs.h -done +fi +ac_fn_c_check_header_compile "$LINENO" "poll.h" "ac_cv_header_poll_h" "$ac_includes_default" +if test "x$ac_cv_header_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_POLL_H 1" >>confdefs.h -for ac_header in linux/sched.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "linux/sched.h" "ac_cv_header_linux_sched_h" "$ac_includes_default" -if test "x$ac_cv_header_linux_sched_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LINUX_SCHED_H 1 -_ACEOF +fi +ac_fn_c_check_header_compile "$LINENO" "tcpd.h" "ac_cv_header_tcpd_h" "$ac_includes_default" +if test "x$ac_cv_header_tcpd_h" = xyes +then : + printf "%s\n" "#define HAVE_TCPD_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "stropts.h" "ac_cv_header_stropts_h" "$ac_includes_default" +if test "x$ac_cv_header_stropts_h" = xyes +then : + printf "%s\n" "#define HAVE_STROPTS_H 1" >>confdefs.h -done +fi +ac_fn_c_check_header_compile "$LINENO" "grp.h" "ac_cv_header_grp_h" "$ac_includes_default" +if test "x$ac_cv_header_grp_h" = xyes +then : + printf "%s\n" "#define HAVE_GRP_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" +if test "x$ac_cv_header_unistd_h" = xyes +then : + printf "%s\n" "#define HAVE_UNISTD_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "util.h" "ac_cv_header_util_h" "$ac_includes_default" +if test "x$ac_cv_header_util_h" = xyes +then : + printf "%s\n" "#define HAVE_UTIL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "libutil.h" "ac_cv_header_libutil_h" "$ac_includes_default" +if test "x$ac_cv_header_libutil_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBUTIL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "pty.h" "ac_cv_header_pty_h" "$ac_includes_default" +if test "x$ac_cv_header_pty_h" = xyes +then : + printf "%s\n" "#define HAVE_PTY_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "limits.h" "ac_cv_header_limits_h" "$ac_includes_default" +if test "x$ac_cv_header_limits_h" = xyes +then : + printf "%s\n" "#define HAVE_LIMITS_H 1" >>confdefs.h + +fi + +ac_fn_c_check_header_compile "$LINENO" "sys/types.h" "ac_cv_header_sys_types_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_types_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_TYPES_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_select_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_poll_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_POLL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_socket_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SOCKET_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/un.h" "ac_cv_header_sys_un_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_un_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_UN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/ioctl.h" "ac_cv_header_sys_ioctl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_ioctl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_IOCTL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/filio.h" "ac_cv_header_sys_filio_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_filio_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_FILIO_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/resource.h" "ac_cv_header_sys_resource_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_resource_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_RESOURCE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_uio_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/syscall.h" "ac_cv_header_sys_syscall_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_syscall_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSCALL_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_param_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h + +fi + +ac_fn_c_check_header_compile "$LINENO" "linux/sched.h" "ac_cv_header_linux_sched_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_sched_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_SCHED_H 1" >>confdefs.h + +fi ac_fn_c_check_member "$LINENO" "struct msghdr" "msg_control" "ac_cv_member_struct_msghdr_msg_control" " $ac_includes_default #include " -if test "x$ac_cv_member_struct_msghdr_msg_control" = xyes; then : +if test "x$ac_cv_member_struct_msghdr_msg_control" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_MSGHDR_MSG_CONTROL 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_MSGHDR_MSG_CONTROL 1" >>confdefs.h -$as_echo "#define HAVE_MSGHDR_MSG_CONTROL 1" >>confdefs.h +printf "%s\n" "#define HAVE_MSGHDR_MSG_CONTROL 1" >>confdefs.h fi -for ac_header in linux/netfilter_ipv4.h -do : - ac_fn_c_check_header_compile "$LINENO" "linux/netfilter_ipv4.h" "ac_cv_header_linux_netfilter_ipv4_h" " +ac_fn_c_check_header_compile "$LINENO" "linux/netfilter_ipv4.h" "ac_cv_header_linux_netfilter_ipv4_h" " #include #include #include #include " -if test "x$ac_cv_header_linux_netfilter_ipv4_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LINUX_NETFILTER_IPV4_H 1 -_ACEOF +if test "x$ac_cv_header_linux_netfilter_ipv4_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_NETFILTER_IPV4_H 1" >>confdefs.h fi -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** libraries" >&5 -$as_echo "$as_me: **************************************** libraries" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** libraries" >&5 +printf "%s\n" "$as_me: **************************************** libraries" >&6;} # Checks for standard libraries -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 -$as_echo_n "checking for library containing gethostbyname... " >&6; } -if ${ac_cv_search_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +printf %s "checking for library containing gethostbyname... " >&6; } +if test ${ac_cv_search_gethostbyname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15604,55 +16138,58 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gethostbyname (); int -main () +main (void) { return gethostbyname (); ; return 0; } _ACEOF -for ac_lib in '' nsl; do +for ac_lib in '' nsl +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_gethostbyname=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_gethostbyname+:} false; then : + if test ${ac_cv_search_gethostbyname+y} +then : break fi done -if ${ac_cv_search_gethostbyname+:} false; then : +if test ${ac_cv_search_gethostbyname+y} +then : -else +else $as_nop ac_cv_search_gethostbyname=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 -$as_echo "$ac_cv_search_gethostbyname" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +printf "%s\n" "$ac_cv_search_gethostbyname" >&6; } ac_res=$ac_cv_search_gethostbyname -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing yp_get_default_domain" >&5 -$as_echo_n "checking for library containing yp_get_default_domain... " >&6; } -if ${ac_cv_search_yp_get_default_domain+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing yp_get_default_domain" >&5 +printf %s "checking for library containing yp_get_default_domain... " >&6; } +if test ${ac_cv_search_yp_get_default_domain+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15660,55 +16197,58 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char yp_get_default_domain (); int -main () +main (void) { return yp_get_default_domain (); ; return 0; } _ACEOF -for ac_lib in '' nsl; do +for ac_lib in '' nsl +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_yp_get_default_domain=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_yp_get_default_domain+:} false; then : + if test ${ac_cv_search_yp_get_default_domain+y} +then : break fi done -if ${ac_cv_search_yp_get_default_domain+:} false; then : +if test ${ac_cv_search_yp_get_default_domain+y} +then : -else +else $as_nop ac_cv_search_yp_get_default_domain=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yp_get_default_domain" >&5 -$as_echo "$ac_cv_search_yp_get_default_domain" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_yp_get_default_domain" >&5 +printf "%s\n" "$ac_cv_search_yp_get_default_domain" >&6; } ac_res=$ac_cv_search_yp_get_default_domain -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 -$as_echo_n "checking for library containing socket... " >&6; } -if ${ac_cv_search_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 +printf %s "checking for library containing socket... " >&6; } +if test ${ac_cv_search_socket+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15716,55 +16256,58 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char socket (); int -main () +main (void) { return socket (); ; return 0; } _ACEOF -for ac_lib in '' socket; do +for ac_lib in '' socket +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_socket=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_socket+:} false; then : + if test ${ac_cv_search_socket+y} +then : break fi done -if ${ac_cv_search_socket+:} false; then : +if test ${ac_cv_search_socket+y} +then : -else +else $as_nop ac_cv_search_socket=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 -$as_echo "$ac_cv_search_socket" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 +printf "%s\n" "$ac_cv_search_socket" >&6; } ac_res=$ac_cv_search_socket -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 -$as_echo_n "checking for library containing openpty... " >&6; } -if ${ac_cv_search_openpty+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing openpty" >&5 +printf %s "checking for library containing openpty... " >&6; } +if test ${ac_cv_search_openpty+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15772,56 +16315,59 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char openpty (); int -main () +main (void) { return openpty (); ; return 0; } _ACEOF -for ac_lib in '' util; do +for ac_lib in '' util +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_openpty=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_openpty+:} false; then : + if test ${ac_cv_search_openpty+y} +then : break fi done -if ${ac_cv_search_openpty+:} false; then : +if test ${ac_cv_search_openpty+y} +then : -else +else $as_nop ac_cv_search_openpty=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 -$as_echo "$ac_cv_search_openpty" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_openpty" >&5 +printf "%s\n" "$ac_cv_search_openpty" >&6; } ac_res=$ac_cv_search_openpty -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi # Checks for dynamic loader needed by OpenSSL -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 -$as_echo_n "checking for library containing dlopen... " >&6; } -if ${ac_cv_search_dlopen+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing dlopen" >&5 +printf %s "checking for library containing dlopen... " >&6; } +if test ${ac_cv_search_dlopen+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15829,55 +16375,58 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dlopen (); int -main () +main (void) { return dlopen (); ; return 0; } _ACEOF -for ac_lib in '' dl; do +for ac_lib in '' dl +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_dlopen=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_dlopen+:} false; then : + if test ${ac_cv_search_dlopen+y} +then : break fi done -if ${ac_cv_search_dlopen+:} false; then : +if test ${ac_cv_search_dlopen+y} +then : -else +else $as_nop ac_cv_search_dlopen=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 -$as_echo "$ac_cv_search_dlopen" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlopen" >&5 +printf "%s\n" "$ac_cv_search_dlopen" >&6; } ac_res=$ac_cv_search_dlopen -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing shl_load" >&5 -$as_echo_n "checking for library containing shl_load... " >&6; } -if ${ac_cv_search_shl_load+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing shl_load" >&5 +printf %s "checking for library containing shl_load... " >&6; } +if test ${ac_cv_search_shl_load+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -15885,156 +16434,207 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char shl_load (); int -main () +main (void) { return shl_load (); ; return 0; } _ACEOF -for ac_lib in '' dld; do +for ac_lib in '' dld +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_shl_load=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_shl_load+:} false; then : + if test ${ac_cv_search_shl_load+y} +then : break fi done -if ${ac_cv_search_shl_load+:} false; then : +if test ${ac_cv_search_shl_load+y} +then : -else +else $as_nop ac_cv_search_shl_load=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_shl_load" >&5 -$as_echo "$ac_cv_search_shl_load" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_shl_load" >&5 +printf "%s\n" "$ac_cv_search_shl_load" >&6; } ac_res=$ac_cv_search_shl_load -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi # Add BeOS libraries -if test "x$host_os" = "xbeos"; then - LIBS="$LIBS -lbe -lroot -lbind" +if test "x${host_os}" = "xbeos"; then + LIBS="${LIBS} -lbe -lroot -lbind" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** library functions" >&5 -$as_echo "$as_me: **************************************** library functions" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** library functions" >&5 +printf "%s\n" "$as_me: **************************************** library functions" >&6;} # safe string operations -for ac_func in snprintf vsnprintf -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" +if test "x$ac_cv_func_snprintf" = xyes +then : + printf "%s\n" "#define HAVE_SNPRINTF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" +if test "x$ac_cv_func_vsnprintf" = xyes +then : + printf "%s\n" "#define HAVE_VSNPRINTF 1" >>confdefs.h fi -done # pseudoterminal -for ac_func in openpty _getpty -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" +if test "x$ac_cv_func_openpty" = xyes +then : + printf "%s\n" "#define HAVE_OPENPTY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "_getpty" "ac_cv_func__getpty" +if test "x$ac_cv_func__getpty" = xyes +then : + printf "%s\n" "#define HAVE__GETPTY 1" >>confdefs.h fi -done # Unix -for ac_func in daemon waitpid wait4 setsid setgroups chroot realpath -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "daemon" "ac_cv_func_daemon" +if test "x$ac_cv_func_daemon" = xyes +then : + printf "%s\n" "#define HAVE_DAEMON 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "waitpid" "ac_cv_func_waitpid" +if test "x$ac_cv_func_waitpid" = xyes +then : + printf "%s\n" "#define HAVE_WAITPID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "wait4" "ac_cv_func_wait4" +if test "x$ac_cv_func_wait4" = xyes +then : + printf "%s\n" "#define HAVE_WAIT4 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setsid" "ac_cv_func_setsid" +if test "x$ac_cv_func_setsid" = xyes +then : + printf "%s\n" "#define HAVE_SETSID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setgroups" "ac_cv_func_setgroups" +if test "x$ac_cv_func_setgroups" = xyes +then : + printf "%s\n" "#define HAVE_SETGROUPS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "chroot" "ac_cv_func_chroot" +if test "x$ac_cv_func_chroot" = xyes +then : + printf "%s\n" "#define HAVE_CHROOT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath" +if test "x$ac_cv_func_realpath" = xyes +then : + printf "%s\n" "#define HAVE_REALPATH 1" >>confdefs.h fi -done # limits -for ac_func in sysconf getrlimit -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "sysconf" "ac_cv_func_sysconf" +if test "x$ac_cv_func_sysconf" = xyes +then : + printf "%s\n" "#define HAVE_SYSCONF 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getrlimit" "ac_cv_func_getrlimit" +if test "x$ac_cv_func_getrlimit" = xyes +then : + printf "%s\n" "#define HAVE_GETRLIMIT 1" >>confdefs.h fi -done # threads/reentrant functions -for ac_func in pthread_sigmask localtime_r -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "pthread_sigmask" "ac_cv_func_pthread_sigmask" +if test "x$ac_cv_func_pthread_sigmask" = xyes +then : + printf "%s\n" "#define HAVE_PTHREAD_SIGMASK 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r" +if test "x$ac_cv_func_localtime_r" = xyes +then : + printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h fi -done # threads -for ac_func in getcontext __makecontext_v2 -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "getcontext" "ac_cv_func_getcontext" +if test "x$ac_cv_func_getcontext" = xyes +then : + printf "%s\n" "#define HAVE_GETCONTEXT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "__makecontext_v2" "ac_cv_func___makecontext_v2" +if test "x$ac_cv_func___makecontext_v2" = xyes +then : + printf "%s\n" "#define HAVE___MAKECONTEXT_V2 1" >>confdefs.h fi -done # sockets -for ac_func in poll gethostbyname2 endhostent getnameinfo -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "poll" "ac_cv_func_poll" +if test "x$ac_cv_func_poll" = xyes +then : + printf "%s\n" "#define HAVE_POLL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gethostbyname2" "ac_cv_func_gethostbyname2" +if test "x$ac_cv_func_gethostbyname2" = xyes +then : + printf "%s\n" "#define HAVE_GETHOSTBYNAME2 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "endhostent" "ac_cv_func_endhostent" +if test "x$ac_cv_func_endhostent" = xyes +then : + printf "%s\n" "#define HAVE_ENDHOSTENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getnameinfo" "ac_cv_func_getnameinfo" +if test "x$ac_cv_func_getnameinfo" = xyes +then : + printf "%s\n" "#define HAVE_GETNAMEINFO 1" >>confdefs.h fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 -$as_echo_n "checking for getaddrinfo... " >&6; } -case "$host_os" in +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 +printf %s "checking for getaddrinfo... " >&6; } +case "${host_os}" in *androideabi*) # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no (buggy Android implementation)" >&5 -$as_echo "no (buggy Android implementation)" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no (buggy Android implementation)" >&5 +printf "%s\n" "no (buggy Android implementation)" >&6; } ;; *) # Tru64 UNIX has getaddrinfo() but has it renamed in libc as @@ -16048,7 +16648,7 @@ $ac_includes_default #include int -main () +main (void) { getaddrinfo(NULL, NULL, NULL, NULL); @@ -16057,132 +16657,138 @@ getaddrinfo(NULL, NULL, NULL, NULL); return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; }; -$as_echo "#define HAVE_GETADDRINFO 1" >>confdefs.h +if ac_fn_c_try_link "$LINENO" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; }; +printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext ;; esac # poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for broken poll() implementation" >&5 -$as_echo_n "checking for broken poll() implementation... " >&6; } -case "$host_os" in +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for broken poll() implementation" >&5 +printf %s "checking for broken poll() implementation... " >&6; } +case "${host_os}" in darwin0-8.*) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (poll() disabled)" >&5 -$as_echo "yes (poll() disabled)" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes (poll() disabled)" >&5 +printf "%s\n" "yes (poll() disabled)" >&6; } -$as_echo "#define BROKEN_POLL 1" >>confdefs.h +printf "%s\n" "#define BROKEN_POLL 1" >>confdefs.h ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; esac # GNU extensions -for ac_func in pipe2 accept4 -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "pipe2" "ac_cv_func_pipe2" +if test "x$ac_cv_func_pipe2" = xyes +then : + printf "%s\n" "#define HAVE_PIPE2 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "accept4" "ac_cv_func_accept4" +if test "x$ac_cv_func_accept4" = xyes +then : + printf "%s\n" "#define HAVE_ACCEPT4 1" >>confdefs.h fi -done -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** optional features" >&5 -$as_echo "$as_me: **************************************** optional features" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** optional features" >&5 +printf "%s\n" "$as_me: **************************************** optional features" >&6;} # Use IPv6? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable IPv6 support" >&5 -$as_echo_n "checking whether to enable IPv6 support... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable IPv6 support" >&5 +printf %s "checking whether to enable IPv6 support... " >&6; } # Check whether --enable-ipv6 was given. -if test "${enable_ipv6+set}" = set; then : +if test ${enable_ipv6+y} +then : enableval=$enable_ipv6; - case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + case "${enableval}" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define USE_IPv6 1" >>confdefs.h +printf "%s\n" "#define USE_IPv6 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 -$as_echo "error" >&6; } + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: error" >&5 +printf "%s\n" "error" >&6; } as_fn_error $? "bad value \"${enableval}\"" "$LINENO" 5 ;; esac -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 -$as_echo "yes (default)" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes (default)" >&5 +printf "%s\n" "yes (default)" >&6; } -$as_echo "#define USE_IPv6 1" >>confdefs.h +printf "%s\n" "#define USE_IPv6 1" >>confdefs.h fi # FIPS Mode -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable FIPS support" >&5 -$as_echo_n "checking whether to enable FIPS support... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable FIPS support" >&5 +printf %s "checking whether to enable FIPS support... " >&6; } # Check whether --enable-fips was given. -if test "${enable_fips+set}" = set; then : +if test ${enable_fips+y} +then : enableval=$enable_fips; - case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + case "${enableval}" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } use_fips="yes" -$as_echo "#define USE_FIPS 1" >>confdefs.h +printf "%s\n" "#define USE_FIPS 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } use_fips="no" ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 -$as_echo "error" >&6; } + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: error" >&5 +printf "%s\n" "error" >&6; } as_fn_error $? "bad value \"${enableval}\"" "$LINENO" 5 ;; esac -else +else $as_nop use_fips="auto" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 -$as_echo "autodetecting" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 +printf "%s\n" "autodetecting" >&6; } fi # Disable systemd socket activation support -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable systemd socket activation support" >&5 -$as_echo_n "checking whether to enable systemd socket activation support... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable systemd socket activation support" >&5 +printf %s "checking whether to enable systemd socket activation support... " >&6; } # Check whether --enable-systemd was given. -if test "${enable_systemd+set}" = set; then : +if test ${enable_systemd+y} +then : enableval=$enable_systemd; - case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sd_listen_fds" >&5 -$as_echo_n "checking for library containing sd_listen_fds... " >&6; } -if ${ac_cv_search_sd_listen_fds+:} false; then : - $as_echo_n "(cached) " >&6 -else + case "${enableval}" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sd_listen_fds" >&5 +printf %s "checking for library containing sd_listen_fds... " >&6; } +if test ${ac_cv_search_sd_listen_fds+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16190,73 +16796,76 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char sd_listen_fds (); int -main () +main (void) { return sd_listen_fds (); ; return 0; } _ACEOF -for ac_lib in '' systemd systemd-daemon; do +for ac_lib in '' systemd systemd-daemon +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_sd_listen_fds=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_sd_listen_fds+:} false; then : + if test ${ac_cv_search_sd_listen_fds+y} +then : break fi done -if ${ac_cv_search_sd_listen_fds+:} false; then : +if test ${ac_cv_search_sd_listen_fds+y} +then : -else +else $as_nop ac_cv_search_sd_listen_fds=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sd_listen_fds" >&5 -$as_echo "$ac_cv_search_sd_listen_fds" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sd_listen_fds" >&5 +printf "%s\n" "$ac_cv_search_sd_listen_fds" >&6; } ac_res=$ac_cv_search_sd_listen_fds -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi -$as_echo "#define USE_SYSTEMD 1" >>confdefs.h +printf "%s\n" "#define USE_SYSTEMD 1" >>confdefs.h ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 -$as_echo "error" >&6; } + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: error" >&5 +printf "%s\n" "error" >&6; } as_fn_error $? "Bad value \"${enableval}\"" "$LINENO" 5 ;; esac -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 -$as_echo "autodetecting" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 +printf "%s\n" "autodetecting" >&6; } # the library name has changed to -lsystemd in systemd 209 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing sd_listen_fds" >&5 -$as_echo_n "checking for library containing sd_listen_fds... " >&6; } -if ${ac_cv_search_sd_listen_fds+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing sd_listen_fds" >&5 +printf %s "checking for library containing sd_listen_fds... " >&6; } +if test ${ac_cv_search_sd_listen_fds+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -16264,74 +16873,74 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char sd_listen_fds (); int -main () +main (void) { return sd_listen_fds (); ; return 0; } _ACEOF -for ac_lib in '' systemd systemd-daemon; do +for ac_lib in '' systemd systemd-daemon +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_sd_listen_fds=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_sd_listen_fds+:} false; then : + if test ${ac_cv_search_sd_listen_fds+y} +then : break fi done -if ${ac_cv_search_sd_listen_fds+:} false; then : +if test ${ac_cv_search_sd_listen_fds+y} +then : -else +else $as_nop ac_cv_search_sd_listen_fds=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sd_listen_fds" >&5 -$as_echo "$ac_cv_search_sd_listen_fds" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_sd_listen_fds" >&5 +printf "%s\n" "$ac_cv_search_sd_listen_fds" >&6; } ac_res=$ac_cv_search_sd_listen_fds -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" - for ac_header in systemd/sd-daemon.h + for ac_header in systemd/sd-daemon.h do : - ac_fn_c_check_header_mongrel "$LINENO" "systemd/sd-daemon.h" "ac_cv_header_systemd_sd_daemon_h" "$ac_includes_default" -if test "x$ac_cv_header_systemd_sd_daemon_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYSTEMD_SD_DAEMON_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "systemd/sd-daemon.h" "ac_cv_header_systemd_sd_daemon_h" "$ac_includes_default" +if test "x$ac_cv_header_systemd_sd_daemon_h" = xyes +then : + printf "%s\n" "#define HAVE_SYSTEMD_SD_DAEMON_H 1" >>confdefs.h -$as_echo "#define USE_SYSTEMD 1" >>confdefs.h +printf "%s\n" "#define USE_SYSTEMD 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: systemd support enabled" >&5 -$as_echo "$as_me: systemd support enabled" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: systemd support enabled" >&5 +printf "%s\n" "$as_me: systemd support enabled" >&6;} -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: systemd header not found" >&5 -$as_echo "$as_me: systemd header not found" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: systemd header not found" >&5 +printf "%s\n" "$as_me: systemd header not found" >&6;} fi done +else $as_nop -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: systemd library not found" >&5 -$as_echo "$as_me: systemd library not found" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: systemd library not found" >&5 +printf "%s\n" "$as_me: systemd library not found" >&6;} fi @@ -16342,42 +16951,43 @@ fi # Disable use of libwrap (TCP wrappers) # it should be the last check! -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable TCP wrappers support" >&5 -$as_echo_n "checking whether to enable TCP wrappers support... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to enable TCP wrappers support" >&5 +printf %s "checking whether to enable TCP wrappers support... " >&6; } # Check whether --enable-libwrap was given. -if test "${enable_libwrap+set}" = set; then : +if test ${enable_libwrap+y} +then : enableval=$enable_libwrap; - case "$enableval" in - yes) { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + case "${enableval}" in + yes) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define USE_LIBWRAP 1" >>confdefs.h +printf "%s\n" "#define USE_LIBWRAP 1" >>confdefs.h - LIBS="$LIBS -lwrap" + LIBS="${LIBS} -lwrap" ;; - no) { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + no) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } ;; - *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: error" >&5 -$as_echo "error" >&6; } + *) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: error" >&5 +printf "%s\n" "error" >&6; } as_fn_error $? "Bad value \"${enableval}\"" "$LINENO" 5 ;; esac -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 -$as_echo "autodetecting" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for hosts_access in -lwrap" >&5 -$as_echo_n "checking for hosts_access in -lwrap... " >&6; } - valid_LIBS="$LIBS" - LIBS="$valid_LIBS -lwrap" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: autodetecting" >&5 +printf "%s\n" "autodetecting" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for hosts_access in -lwrap" >&5 +printf %s "checking for hosts_access in -lwrap... " >&6; } + valid_LIBS="${LIBS}" + LIBS="${valid_LIBS} -lwrap" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int hosts_access(); int allow_severity, deny_severity; int -main () +main (void) { hosts_access() ; @@ -16385,35 +16995,36 @@ hosts_access() } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; }; + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; }; -$as_echo "#define USE_LIBWRAP 1" >>confdefs.h +printf "%s\n" "#define USE_LIBWRAP 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: libwrap support enabled" >&5 -$as_echo "$as_me: libwrap support enabled" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: libwrap support enabled" >&5 +printf "%s\n" "$as_me: libwrap support enabled" >&6;} -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$valid_LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: libwrap library not found" >&5 -$as_echo "$as_me: libwrap library not found" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + LIBS="${valid_LIBS}" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: libwrap library not found" >&5 +printf "%s\n" "$as_me: libwrap library not found" >&6;} fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** TLS" >&5 -$as_echo "$as_me: **************************************** TLS" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** TLS" >&5 +printf "%s\n" "$as_me: **************************************** TLS" >&6;} check_ssl_dir() { : test -n "$1" -a -f "$1/include/openssl/ssl.h" && SSLDIR="$1" @@ -16428,7 +17039,7 @@ iterate_ssl_dir() { : # - empty prefix for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$1$main_dir$sub_dir" && return 0 + check_ssl_dir "$1${main_dir}${sub_dir}" && return 0 done done return 1 @@ -16436,111 +17047,104 @@ iterate_ssl_dir() { : find_ssl_dir() { : # try Android *first* - case "$host_os" in + case "${host_os}" in *androideabi*) - iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + iterate_ssl_dir "${ANDROID_NDK}/sysroot" && return ;; esac - test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return - test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return - test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + test -d "${lt_sysroot}" && iterate_ssl_dir "${lt_sysroot}" && return + test "${prefix}" != "NONE" && iterate_ssl_dir "${prefix}" && return + test -d "${ac_default_prefix}" && iterate_ssl_dir "${ac_default_prefix}" && return iterate_ssl_dir "" && return # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` - check_ssl_dir "$sdk_path/usr" && return + check_ssl_dir "${sdk_path}/usr" && return fi check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr" } SSLDIR="" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS directory" >&5 -$as_echo_n "checking for TLS directory... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for TLS directory" >&5 +printf %s "checking for TLS directory... " >&6; } # Check whether --with-ssl was given. -if test "${with_ssl+set}" = set; then : - withval=$with_ssl; check_ssl_dir "$withval" -else +if test ${with_ssl+y} +then : + withval=$with_ssl; check_ssl_dir "${withval}" +else $as_nop find_ssl_dir fi -if test -z "$SSLDIR"; then -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5 -$as_echo "not found" >&6; } +if test -z "${SSLDIR}"; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: not found" >&5 +printf "%s\n" "not found" >&6; } as_fn_error $? " Could not find your TLS library installation dir Use --with-ssl option to fix this problem " "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $SSLDIR" >&5 -$as_echo "$SSLDIR" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${SSLDIR}" >&5 +printf "%s\n" "${SSLDIR}" >&6; } -cat >>confdefs.h <<_ACEOF -#define SSLDIR "$SSLDIR" -_ACEOF +printf "%s\n" "#define SSLDIR \"${SSLDIR}\"" >>confdefs.h -valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" -valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" +valid_CPPFLAGS="${CPPFLAGS}"; CPPFLAGS="${CPPFLAGS} -I${SSLDIR}/include" +valid_LIBS="${LIBS}"; LIBS="${LIBS} -L${SSLDIR}/lib64 -L${SSLDIR}/lib -lssl -lcrypto" -for ac_func in FIPS_mode_set OSSL_PROVIDER_available -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "FIPS_mode_set" "ac_cv_func_FIPS_mode_set" +if test "x$ac_cv_func_FIPS_mode_set" = xyes +then : + printf "%s\n" "#define HAVE_FIPS_MODE_SET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "OSSL_PROVIDER_available" "ac_cv_func_OSSL_PROVIDER_available" +if test "x$ac_cv_func_OSSL_PROVIDER_available" = xyes +then : + printf "%s\n" "#define HAVE_OSSL_PROVIDER_AVAILABLE 1" >>confdefs.h fi -done -if test "x$use_fips" = "xauto"; then - if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then +if test "x${use_fips}" = "xauto"; then + if test "x${ac_cv_func_FIPS_mode_set}" = "xyes" -o "x${ac_cv_func_OSSL_PROVIDER_available}" = "xyes"; then -$as_echo "#define USE_FIPS 1" >>confdefs.h +printf "%s\n" "#define USE_FIPS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: FIPS support enabled" >&5 -$as_echo "$as_me: FIPS support enabled" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: FIPS support enabled" >&5 +printf "%s\n" "$as_me: FIPS support enabled" >&6;} else - { $as_echo "$as_me:${as_lineno-$LINENO}: FIPS support not found" >&5 -$as_echo "$as_me: FIPS support not found" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: FIPS support not found" >&5 +printf "%s\n" "$as_me: FIPS support not found" >&6;} fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether DH parameters need to be updated" >&5 -$as_echo_n "checking whether DH parameters need to be updated... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether DH parameters need to be updated" >&5 +printf %s "checking whether DH parameters need to be updated... " >&6; } # only build src/dhparam.c if sources are located in the current directory -if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ( - echo '/* dhparam.c: initial DH parameters for stunnel */' - echo '#include "prototypes.h"' - echo '#ifndef OPENSSL_NO_DH' - echo '#define DN_new DH_new' - openssl dhparam -noout -C 2048 | sed 's/static DH/DH/' - echo '#endif /* OPENSSL_NO_DH */' - echo "/* built for $PACKAGE_STRING */" - ) > src/dhparam.c - # also update trusted CA certificates - curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' | - sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem +if test -f src/stunnel.c && ! grep -q " built for ${PACKAGE_STRING} " src/dhparam.c; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + $(dirname $0)/makedh.sh "${PACKAGE_STRING}" >src/dhparam.c else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -SYSROOT="$lt_sysroot" -CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating version.txt" >&5 +printf "%s\n" "$as_me: updating version.txt" >&6;} +echo "${PACKAGE_VERSION}" >version.txt + +SYSROOT="${lt_sysroot}" +CPPFLAGS="${valid_CPPFLAGS}" +LIBS="${valid_LIBS}" -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** write the results" >&5 -$as_echo "$as_me: **************************************** write the results" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** write the results" >&5 +printf "%s\n" "$as_me: **************************************** write the results" >&6;} ac_config_files="$ac_config_files Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile tests/certs/Makefile" cat >confcache <<\_ACEOF @@ -16570,8 +17174,8 @@ _ACEOF case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -16601,15 +17205,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; /^ac_cv_env_/b end t clear :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +printf "%s\n" "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else @@ -16623,8 +17227,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;} fi fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache @@ -16641,7 +17245,7 @@ U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" @@ -16652,14 +17256,14 @@ LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 -$as_echo_n "checking that generated files are newer than configure... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +printf %s "checking that generated files are newer than configure... " >&6; } if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 -$as_echo "done" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: done" >&5 +printf "%s\n" "done" >&6; } if test -n "$EXEEXT"; then am__EXEEXT_TRUE= am__EXEEXT_FALSE='#' @@ -16681,8 +17285,8 @@ fi ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL @@ -16705,14 +17309,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -16722,46 +17328,46 @@ esac fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -16770,13 +17376,6 @@ if test "${PATH_SEPARATOR+set}" != set; then fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -16785,8 +17384,12 @@ case $0 in #(( for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -16798,30 +17401,10 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] @@ -16834,13 +17417,14 @@ as_fn_error () as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -16867,18 +17451,20 @@ as_fn_unset () { eval $1=; unset $1;} } as_unset=as_fn_unset + # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -16890,12 +17476,13 @@ fi # as_fn_append # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` @@ -16926,7 +17513,7 @@ as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -16948,6 +17535,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -16961,6 +17552,12 @@ case `echo -n x` in #((((( ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -17002,7 +17599,7 @@ as_fn_mkdir_p () as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -17011,7 +17608,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -17073,8 +17670,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by stunnel $as_me 5.65, which was -generated by GNU Autoconf 2.69. Invocation command line was +This file was extended by stunnel $as_me 5.71, which was +generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -17136,14 +17733,16 @@ $config_commands Report bugs to the package provider." _ACEOF +ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` +ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -stunnel config.status 5.65 -configured by $0, generated by GNU Autoconf 2.69, +stunnel config.status 5.71 +configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -17183,15 +17782,15 @@ do -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; + printf "%s\n" "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; + printf "%s\n" "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" @@ -17199,7 +17798,7 @@ do --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; @@ -17208,7 +17807,7 @@ do as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; + printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; @@ -17236,7 +17835,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" @@ -17250,7 +17849,7 @@ exec 5>>config.log sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX - $as_echo "$ac_log" + printf "%s\n" "$ac_log" } >&5 _ACEOF @@ -17571,9 +18170,9 @@ done # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands + test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files + test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers + test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -17909,7 +18508,7 @@ do esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done @@ -17917,17 +18516,17 @@ do # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +printf "%s\n" "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | + ac_sed_conf_input=`printf "%s\n" "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac @@ -17944,7 +18543,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | +printf "%s\n" X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -17968,9 +18567,9 @@ $as_echo X"$ac_file" | case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -18032,8 +18631,8 @@ ac_sed_dataroot=' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' @@ -18077,9 +18676,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -18095,20 +18694,20 @@ which seems to be undefined. Please make sure it is defined" >&2;} # if test x"$ac_file" != x-; then { - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi @@ -18128,7 +18727,7 @@ $as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$_am_arg" : 'X\(//\)[^/]' \| \ X"$_am_arg" : 'X\(//\)$' \| \ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$_am_arg" | +printf "%s\n" X"$_am_arg" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -18148,8 +18747,8 @@ $as_echo X"$_am_arg" | s/.*/./; q'`/stamp-h$_am_stamp_count ;; - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} + :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +printf "%s\n" "$as_me: executing $ac_file commands" >&6;} ;; esac @@ -18175,7 +18774,7 @@ esac for am_mf do # Strip MF so we end up with the name of the file. - am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + am_mf=`printf "%s\n" "$am_mf" | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile which includes # dependency-tracking related rules and includes. # Grep'ing the whole file directly is not great: AIX grep has a line @@ -18187,7 +18786,7 @@ $as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$am_mf" : 'X\(//\)[^/]' \| \ X"$am_mf" : 'X\(//\)$' \| \ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$am_mf" | +printf "%s\n" X"$am_mf" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -18209,7 +18808,7 @@ $as_echo X"$am_mf" | $as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ X"$am_mf" : 'X\(//\)$' \| \ X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$am_mf" | +printf "%s\n" X/"$am_mf" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -18234,8 +18833,8 @@ $as_echo X/"$am_mf" | (exit $ac_status); } || am_rc=$? done if test $am_rc -ne 0; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments for automatic dependency tracking. If GNU make was not used, consider re-running the configure script with MAKE=\"gmake\" (or whatever is @@ -18778,6 +19377,7 @@ _LT_EOF esac + ltmain=$ac_aux_dir/ltmain.sh @@ -18827,12 +19427,13 @@ if test "$no_create" != yes; then $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: **************************************** success" >&5 -$as_echo "$as_me: **************************************** success" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: **************************************** success" >&5 +printf "%s\n" "$as_me: **************************************** success" >&6;} # vim:ft=automake # End of configure.ac + diff --git a/configure.ac b/configure.ac index 81d37e53..cae2e033 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ # Process this file with autoconf to produce a configure script. -AC_INIT([stunnel],[5.65]) +AC_INIT([stunnel],[5.71]) AC_MSG_NOTICE([**************************************** initialization]) AC_CONFIG_AUX_DIR(auto) AC_CONFIG_MACRO_DIR([m4]) @@ -10,13 +10,13 @@ AM_INIT_AUTOMAKE([foreign]) AC_CANONICAL_HOST AC_SUBST([host]) -AC_DEFINE_UNQUOTED([HOST], ["$host"], [Host description]) +AC_DEFINE_UNQUOTED([HOST], ["${host}"], [Host description]) define([esc], [`echo ]$1[ | tr abcdefghijklmnopqrstuvwxyz.- ABCDEFGHIJKLMNOPQRSTUVWXYZ__ | tr -dc ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_`]) -AC_DEFINE_UNQUOTED(esc(CPU_$host_cpu)) -AC_DEFINE_UNQUOTED(esc(VENDOR_$host_vendor)) -AC_DEFINE_UNQUOTED(esc(OS_$host_os)) +AC_DEFINE_UNQUOTED(esc(CPU_${host_cpu})) +AC_DEFINE_UNQUOTED(esc(VENDOR_${host_vendor})) +AC_DEFINE_UNQUOTED(esc(OS_${host_os})) -case "$host_os" in +case "${host_os}" in *darwin*) # OSX does not declare ucontext without _XOPEN_SOURCE AC_DEFINE([_XOPEN_SOURCE], [500], [Use X/Open 5 with POSIX 1995]) @@ -36,13 +36,25 @@ AC_PROG_MAKE_SET # silent build by default ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +AC_MSG_NOTICE([**************************************** bash completion]) +# define a dummy PKG_CHECK_VAR if pkg-config is not installed +m4_ifndef([PKG_CHECK_VAR], [AC_DEFUN([PKG_CHECK_VAR], [false])]) + +AC_ARG_WITH([bashcompdir], + AS_HELP_STRING([--with-bashcompdir=DIR], [directory for bash completions]), , + [PKG_CHECK_VAR([with_bashcompdir], [bash-completion], [completionsdir], , + [with_bashcompdir="${datarootdir}/bash-completion/completions"])]) +AC_MSG_CHECKING([for bashcompdir]) +AC_MSG_RESULT([${with_bashcompdir}]) +AC_SUBST([bashcompdir], [${with_bashcompdir}]) + AC_MSG_NOTICE([**************************************** thread model]) # thread detection should be done first, as it may change the CC variable AC_ARG_WITH(threads, [ --with-threads=model select threading model (ucontext/pthread/fork)], [ - case "$withval" in + case "${withval}" in ucontext) AC_MSG_NOTICE([UCONTEXT mode selected]) AC_DEFINE([USE_UCONTEXT], [1], [Define to 1 to select UCONTEXT mode]) @@ -50,9 +62,9 @@ AC_ARG_WITH(threads, pthread) AC_MSG_NOTICE([PTHREAD mode selected]) AX_PTHREAD() - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) ;; fork) @@ -60,16 +72,16 @@ AC_ARG_WITH(threads, AC_DEFINE([USE_FORK], [1], [Define to 1 to select FORK mode]) ;; *) - AC_MSG_ERROR([Unknown thread model \"${withval}\"]) + AC_MSG_ERROR([Unknown thread model "${withval}"]) ;; esac ], [ # do not attempt to autodetect UCONTEXT threading AX_PTHREAD([ AC_MSG_NOTICE([PTHREAD thread model detected]) - LIBS="$PTHREAD_LIBS $LIBS" - CFLAGS="$CFLAGS $PTHREAD_CFLAGS" - CC="$PTHREAD_CC" + LIBS="${PTHREAD_LIBS} ${LIBS}" + CFLAGS="${CFLAGS} ${PTHREAD_CFLAGS}" + CC="${PTHREAD_CC}" AC_DEFINE([USE_PTHREAD], [1], [Define to 1 to select PTHREAD mode]) ], [ AC_MSG_NOTICE([FORK thread model detected]) @@ -78,13 +90,12 @@ AC_ARG_WITH(threads, ]) AC_MSG_NOTICE([**************************************** compiler/linker flags]) -if test "$GCC" = yes; then +if test "${GCC}" = yes; then AX_APPEND_COMPILE_FLAGS([-Wall]) AX_APPEND_COMPILE_FLAGS([-Wextra]) AX_APPEND_COMPILE_FLAGS([-Wpedantic]) AX_APPEND_COMPILE_FLAGS([-Wformat=2]) AX_APPEND_COMPILE_FLAGS([-Wconversion]) - AX_APPEND_COMPILE_FLAGS([-Wno-long-long]) AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations]) AX_APPEND_COMPILE_FLAGS([-fPIE]) case "${host}" in @@ -126,7 +137,7 @@ AC_CHECK_TYPES([struct sockaddr_un], [], [], [#include ]) AC_CHECK_TYPES([struct addrinfo], [], [], [#include ]) AC_MSG_NOTICE([**************************************** PTY device files]) -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then AC_CHECK_FILE("/dev/ptmx", AC_DEFINE([HAVE_DEV_PTMX], [1], [Define to 1 if you have '/dev/ptmx' device.])) AC_CHECK_FILE("/dev/ptc", AC_DEFINE([HAVE_DEV_PTS_AND_PTC], [1], @@ -137,28 +148,28 @@ fi AC_MSG_NOTICE([**************************************** entropy sources]) -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then AC_ARG_WITH(egd-socket, [ --with-egd-socket=FILE Entropy Gathering Daemon socket path], - [EGD_SOCKET="$withval"] + [EGD_SOCKET="${withval}"] ) - if test -n "$EGD_SOCKET"; then - AC_DEFINE_UNQUOTED([EGD_SOCKET], ["$EGD_SOCKET"], + if test -n "${EGD_SOCKET}"; then + AC_DEFINE_UNQUOTED([EGD_SOCKET], ["${EGD_SOCKET}"], [Entropy Gathering Daemon socket path]) fi # Check for user-specified random device AC_ARG_WITH(random, [ --with-random=FILE read randomness from file (default=/dev/urandom)], - [RANDOM_FILE="$withval"], + [RANDOM_FILE="${withval}"], [ # Check for random device AC_CHECK_FILE("/dev/urandom", RANDOM_FILE="/dev/urandom") ] ) - if test -n "$RANDOM_FILE"; then + if test -n "${RANDOM_FILE}"; then AC_SUBST([RANDOM_FILE]) - AC_DEFINE_UNQUOTED([RANDOM_FILE], ["$RANDOM_FILE"], [Random file path]) + AC_DEFINE_UNQUOTED([RANDOM_FILE], ["${RANDOM_FILE}"], [Random file path]) fi else AC_MSG_WARN([cross-compilation: assuming entropy sources are not available]) @@ -166,13 +177,13 @@ fi AC_MSG_NOTICE([**************************************** default group]) DEFAULT_GROUP=nobody -if test "x$cross_compiling" = "xno"; then +if test "x${cross_compiling}" = "xno"; then grep '^nogroup:' /etc/group >/dev/null && DEFAULT_GROUP=nogroup else AC_MSG_WARN([cross-compilation: assuming nogroup is not available]) fi AC_MSG_CHECKING([for default group]) -AC_MSG_RESULT([$DEFAULT_GROUP]) +AC_MSG_RESULT([${DEFAULT_GROUP}]) AC_SUBST([DEFAULT_GROUP]) AC_SYS_LARGEFILE @@ -212,8 +223,8 @@ AC_SEARCH_LIBS([dlopen], [dl]) AC_SEARCH_LIBS([shl_load], [dld]) # Add BeOS libraries -if test "x$host_os" = "xbeos"; then - LIBS="$LIBS -lbe -lroot -lbind" +if test "x${host_os}" = "xbeos"; then + LIBS="${LIBS} -lbe -lroot -lbind" fi AC_MSG_NOTICE([**************************************** library functions]) @@ -232,7 +243,7 @@ AC_CHECK_FUNCS(getcontext __makecontext_v2) # sockets AC_CHECK_FUNCS(poll gethostbyname2 endhostent getnameinfo) AC_MSG_CHECKING([for getaddrinfo]) -case "$host_os" in +case "${host_os}" in *androideabi*) # http://stackoverflow.com/questions/7818246/segmentation-fault-in-getaddrinfo AC_MSG_RESULT([no (buggy Android implementation)]) @@ -257,7 +268,7 @@ getaddrinfo(NULL, NULL, NULL, NULL); esac # poll() is not recommended on Mac OS X <= 10.3 and broken on Mac OS X 10.4 AC_MSG_CHECKING([for broken poll() implementation]) -case "$host_os" in +case "${host_os}" in darwin[0-8].*) AC_MSG_RESULT([yes (poll() disabled)]) AC_DEFINE([BROKEN_POLL], [1], [Define to 1 if you have a broken 'poll' implementation.]) @@ -275,7 +286,7 @@ AC_MSG_CHECKING([whether to enable IPv6 support]) AC_ARG_ENABLE(ipv6, [ --disable-ipv6 disable IPv6 support], [ - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT([yes]) AC_DEFINE([USE_IPv6], [1], [Define to 1 to enable IPv6 support]) @@ -283,7 +294,7 @@ AC_ARG_ENABLE(ipv6, no) AC_MSG_RESULT([no]) ;; *) AC_MSG_RESULT([error]) - AC_MSG_ERROR([bad value \"${enableval}\"]) + AC_MSG_ERROR([bad value "${enableval}"]) ;; esac ], [ @@ -340,7 +351,7 @@ AC_MSG_CHECKING([whether to enable FIPS support]) AC_ARG_ENABLE(fips, [ --disable-fips disable OpenSSL FIPS support], [ - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT([yes]) use_fips="yes" AC_DEFINE([USE_FIPS], [1], @@ -350,7 +361,7 @@ AC_ARG_ENABLE(fips, use_fips="no" ;; *) AC_MSG_RESULT([error]) - AC_MSG_ERROR([bad value \"${enableval}\"]) + AC_MSG_ERROR([bad value "${enableval}"]) ;; esac ], @@ -365,7 +376,7 @@ AC_MSG_CHECKING([whether to enable systemd socket activation support]) AC_ARG_ENABLE(systemd, [ --disable-systemd disable systemd socket activation support], [ - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT([yes]) AC_SEARCH_LIBS([sd_listen_fds], [systemd systemd-daemon]) AC_DEFINE([USE_SYSTEMD], [1], @@ -374,7 +385,7 @@ AC_ARG_ENABLE(systemd, no) AC_MSG_RESULT([no]) ;; *) AC_MSG_RESULT([error]) - AC_MSG_ERROR([Bad value \"${enableval}\"]) + AC_MSG_ERROR([Bad value "${enableval}"]) ;; esac ], @@ -400,24 +411,24 @@ AC_MSG_CHECKING([whether to enable TCP wrappers support]) AC_ARG_ENABLE(libwrap, [ --disable-libwrap disable TCP wrappers support], [ - case "$enableval" in + case "${enableval}" in yes) AC_MSG_RESULT([yes]) AC_DEFINE([USE_LIBWRAP], [1], [Define to 1 to enable TCP wrappers support]) - LIBS="$LIBS -lwrap" + LIBS="${LIBS} -lwrap" ;; no) AC_MSG_RESULT([no]) ;; *) AC_MSG_RESULT([error]) - AC_MSG_ERROR([Bad value \"${enableval}\"]) + AC_MSG_ERROR([Bad value "${enableval}"]) ;; esac ], [ AC_MSG_RESULT([autodetecting]) AC_MSG_CHECKING([for hosts_access in -lwrap]) - valid_LIBS="$LIBS" - LIBS="$valid_LIBS -lwrap" + valid_LIBS="${LIBS}" + LIBS="${valid_LIBS} -lwrap" AC_LINK_IFELSE( [ AC_LANG_PROGRAM( @@ -430,7 +441,7 @@ AC_ARG_ENABLE(libwrap, AC_MSG_NOTICE([libwrap support enabled]) ], [ AC_MSG_RESULT([no]) - LIBS="$valid_LIBS" + LIBS="${valid_LIBS}" AC_MSG_NOTICE([libwrap library not found]) ] ) @@ -452,7 +463,7 @@ iterate_ssl_dir() { : # - empty prefix for main_dir in "/usr/local" "/opt" "/opt/local" "/usr/local/opt" "/opt/csw" "/usr/pkg" "/usr/lib" "/usr" ""; do for sub_dir in "/ssl" "/openssl" "/ossl" ""; do - check_ssl_dir "$1$main_dir$sub_dir" && return 0 + check_ssl_dir "$1${main_dir}${sub_dir}" && return 0 done done return 1 @@ -460,21 +471,21 @@ iterate_ssl_dir() { : find_ssl_dir() { : # try Android *first* - case "$host_os" in + case "${host_os}" in *androideabi*) - iterate_ssl_dir "$ANDROID_NDK/sysroot" && return + iterate_ssl_dir "${ANDROID_NDK}/sysroot" && return ;; esac - test -d "$lt_sysroot" && iterate_ssl_dir "$lt_sysroot" && return - test "$prefix" != "NONE" && iterate_ssl_dir "$prefix" && return - test -d "$ac_default_prefix" && iterate_ssl_dir "$ac_default_prefix" && return + test -d "${lt_sysroot}" && iterate_ssl_dir "${lt_sysroot}" && return + test "${prefix}" != "NONE" && iterate_ssl_dir "${prefix}" && return + test -d "${ac_default_prefix}" && iterate_ssl_dir "${ac_default_prefix}" && return iterate_ssl_dir "" && return # try Xcode *last* if test -x "/usr/bin/xcrun"; then sdk_path=`/usr/bin/xcrun --sdk macosx --show-sdk-path` - check_ssl_dir "$sdk_path/usr" && return + check_ssl_dir "${sdk_path}/usr" && return fi check_ssl_dir "/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/swift-migrator/sdk/MacOSX.sdk/usr" } @@ -483,26 +494,26 @@ SSLDIR="" AC_MSG_CHECKING([for TLS directory]) AC_ARG_WITH(ssl, [ --with-ssl=DIR location of installed TLS libraries/include files], - [check_ssl_dir "$withval"], + [check_ssl_dir "${withval}"], [find_ssl_dir] ) -if test -z "$SSLDIR"; then +if test -z "${SSLDIR}"; then AC_MSG_RESULT([not found]) AC_MSG_ERROR([ Could not find your TLS library installation dir Use --with-ssl option to fix this problem ]) fi -AC_MSG_RESULT([$SSLDIR]) +AC_MSG_RESULT([${SSLDIR}]) AC_SUBST([SSLDIR]) -AC_DEFINE_UNQUOTED([SSLDIR], ["$SSLDIR"], [TLS directory]) +AC_DEFINE_UNQUOTED([SSLDIR], ["${SSLDIR}"], [TLS directory]) -valid_CPPFLAGS="$CPPFLAGS"; CPPFLAGS="$CPPFLAGS -I$SSLDIR/include" -valid_LIBS="$LIBS"; LIBS="$LIBS -L$SSLDIR/lib64 -L$SSLDIR/lib -lssl -lcrypto" +valid_CPPFLAGS="${CPPFLAGS}"; CPPFLAGS="${CPPFLAGS} -I${SSLDIR}/include" +valid_LIBS="${LIBS}"; LIBS="${LIBS} -L${SSLDIR}/lib64 -L${SSLDIR}/lib -lssl -lcrypto" AC_CHECK_FUNCS(FIPS_mode_set OSSL_PROVIDER_available) -if test "x$use_fips" = "xauto"; then - if test "x$ac_cv_func_FIPS_mode_set" = "xyes" -o "x$ac_cv_func_OSSL_PROVIDER_available" = "xyes"; then +if test "x${use_fips}" = "xauto"; then + if test "x${ac_cv_func_FIPS_mode_set}" = "xyes" -o "x${ac_cv_func_OSSL_PROVIDER_available}" = "xyes"; then AC_DEFINE([USE_FIPS], [1], [Define to 1 to enable OpenSSL FIPS support]) AC_MSG_NOTICE([FIPS support enabled]) else @@ -512,27 +523,19 @@ fi AC_MSG_CHECKING([whether DH parameters need to be updated]) # only build src/dhparam.c if sources are located in the current directory -if test -f src/stunnel.c && ! grep -q " built for $PACKAGE_STRING " src/dhparam.c; then +if test -f src/stunnel.c && ! grep -q " built for ${PACKAGE_STRING} " src/dhparam.c; then AC_MSG_RESULT([yes]) - ( - echo '/* dhparam.c: initial DH parameters for stunnel */' - echo '#include "prototypes.h"' - echo '#ifndef OPENSSL_NO_DH' - echo '#define DN_new DH_new' - openssl dhparam -noout -C 2048 | sed 's/static DH/DH/' - echo '#endif /* OPENSSL_NO_DH */' - echo "/* built for $PACKAGE_STRING */" - ) > src/dhparam.c - # also update trusted CA certificates - curl 'https://ccadb-public.secure.force.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites' | - sed -e 's/\r//' -e 's/ $//' >tools/ca-certs.pem + $(dirname $0)/makedh.sh "${PACKAGE_STRING}" >src/dhparam.c else AC_MSG_RESULT([no]) fi -SYSROOT="$lt_sysroot" -CPPFLAGS="$valid_CPPFLAGS" -LIBS="$valid_LIBS" +AC_MSG_NOTICE([updating version.txt]) +echo "${PACKAGE_VERSION}" >version.txt + +SYSROOT="${lt_sysroot}" +CPPFLAGS="${valid_CPPFLAGS}" +LIBS="${valid_LIBS}" AC_MSG_NOTICE([**************************************** write the results]) AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile tools/Makefile tests/Makefile tests/certs/Makefile]) diff --git a/doc/Makefile.am b/doc/Makefile.am index f76e72a5..27b4e461 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 EXTRA_DIST = stunnel.pod.in stunnel.8.in stunnel.html.in en EXTRA_DIST += stunnel.pl.pod.in stunnel.pl.8.in stunnel.pl.html.in pl diff --git a/doc/Makefile.in b/doc/Makefile.in index bba37808..d324c4b9 100644 --- a/doc/Makefile.in +++ b/doc/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -219,9 +219,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -289,7 +286,6 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ EXTRA_DIST = stunnel.pod.in stunnel.8.in stunnel.html.in en \ stunnel.pl.pod.in stunnel.pl.8.in stunnel.pl.html.in pl man_MANS = stunnel.8 stunnel.pl.8 diff --git a/doc/stunnel.8.in b/doc/stunnel.8.in index 99aaf933..ccc25d36 100644 --- a/doc/stunnel.8.in +++ b/doc/stunnel.8.in @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -71,7 +71,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2022.03.15" "5.64" "stunnel TLS Proxy" +.TH stunnel 8 "2023.08.14" "5.71" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -163,7 +163,8 @@ An address parameter of an option may be either: .IP "\(bu" 4 A port number. .IP "\(bu" 4 -A colon-separated pair of \s-1IP\s0 address (either IPv4, IPv6, or domain name) and port number. +A colon-separated pair of \s-1IP\s0 address (either IPv4, IPv6, or domain name) and +port number. .IP "\(bu" 4 A Unix socket path (Unix only). .SS "\s-1GLOBAL OPTIONS\s0" @@ -176,7 +177,8 @@ directory to chroot \fBstunnel\fR process and \fIexec\fR are located inside the jail and the patches have to be relative to the directory specified with \fBchroot\fR. .Sp -Several functions of the operating system also need their files to be located within the chroot jail, e.g.: +Several functions of the operating system also need their files to be located +within the chroot jail, e.g.: .RS 4 .IP "\(bu" 4 Delayed resolver typically needs /etc/nsswitch.conf and /etc/resolv.conf. @@ -198,13 +200,18 @@ Deflate is the standard compression method as described in \s-1RFC 1951.\s0 .IX Item "debug = [FACILITY.]LEVEL" debugging level .Sp -Level is one of the syslog level names or numbers -emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), -info (6), or debug (7). All logs for the specified level and -all levels numerically less than it will be shown. Use \fIdebug = debug\fR or -\&\fIdebug = 7\fR for greatest debugging output. The default is notice (5). +Level is one of the syslog level names or numbers emerg (0), alert (1), +crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs +for the specified level and all levels numerically less than it will be shown. +.Sp +The \fIdebug = debug\fR (or the equivalent ) level produces for the +most verbose log output. This logging level is only meant to be understood by +stunnel developers, and not by users. Please either use the debug level when +requested to do so by an stunnel developer, or when you intend to get confused. +.Sp +The default logging level is notice (5). .Sp -The syslog facility 'daemon' will be used unless a facility name is supplied. +The syslog 'daemon' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.) .Sp Case is ignored for both facilities and levels. @@ -220,7 +227,8 @@ select hardware or software cryptographic engine .Sp default: software-only cryptography .Sp -See Examples section for an engine configuration to use the certificate and the corresponding private key from a cryptographic device. +See Examples section for an engine configuration to use the certificate and the +corresponding private key from a cryptographic device. .IP "\fBengineCtrl\fR = COMMAND[:PARAMETER]" 4 .IX Item "engineCtrl = COMMAND[:PARAMETER]" control hardware engine @@ -273,8 +281,8 @@ pixel image. .IX Item "log = append | overwrite" log file handling .Sp -This option allows you to choose whether the log file (specified with the \fIoutput\fR -option) is appended or overwritten when opened or re-opened. +This option allows you to choose whether the log file (specified with the +\&\fIoutput\fR option) is appended or overwritten when opened or re-opened. .Sp default: append .IP "\fBoutput\fR = \s-1FILE\s0" 4 @@ -344,25 +352,36 @@ To listen on all IPv6 addresses use: .Vb 1 \& accept = :::PORT .Ve -.IP "\fBCApath\fR = \s-1DIRECTORY\s0" 4 -.IX Item "CApath = DIRECTORY" -Certificate Authority directory +.IP "\fBCAengine\fR = \s-1ENGINE\-SPECIFIC_CA_CERTIFICATE_IDENTIFIER\s0" 4 +.IX Item "CAengine = ENGINE-SPECIFIC_CA_CERTIFICATE_IDENTIFIER" +load a trusted \s-1CA\s0 certificate from an engine +.Sp +The loaded \s-1CA\s0 certificates will be used with the \fIverifyChain\fR and +\&\fIverifyPeer\fR options. +.Sp +Multiple \fICAengine\fR options are allowed in a single service section. .Sp -This is the directory in which \fBstunnel\fR will look for certificates when using -the \fIverifyChain\fR or \fIverifyPeer\fR options. Note that the certificates in -this directory should be named \s-1XXXXXXXX.0\s0 where \s-1XXXXXXXX\s0 is the hash value of -the \s-1DER\s0 encoded subject of the cert. +Currently supported engines: pkcs11, cng. +.IP "\fBCApath\fR = \s-1CA_DIRECTORY\s0" 4 +.IX Item "CApath = CA_DIRECTORY" +load trusted \s-1CA\s0 certificates from a directory +.Sp +The loaded \s-1CA\s0 certificates will be used with the \fIverifyChain\fR and +\&\fIverifyPeer\fR options. +Note that the certificates in this directory should be named \s-1XXXXXXXX.0\s0 where +\&\s-1XXXXXXXX\s0 is the hash value of the \s-1DER\s0 encoded subject of the cert. .Sp The hash algorithm has been changed in \fBOpenSSL 1.0.0\fR. It is required to -c_rehash the directory on upgrade from \fBOpenSSL 0.x.x\fR to \fBOpenSSL 1.x.x\fR. +c_rehash the directory on upgrade from \fBOpenSSL 0.x.x\fR to \fBOpenSSL 1.x.x\fR +or later. .Sp \&\fICApath\fR path is relative to the \fIchroot\fR directory if specified. .IP "\fBCAfile\fR = \s-1CA_FILE\s0" 4 .IX Item "CAfile = CA_FILE" -Certificate Authority file +load trusted \s-1CA\s0 certificates from a file .Sp -This file contains multiple \s-1CA\s0 certificates, to be used with the \fIverifyChain\fR -and \fIverifyPeer\fR options. +The loaded \s-1CA\s0 certificates will be used with the \fIverifyChain\fR and +\&\fIverifyPeer\fR options. .IP "\fBcert\fR = \s-1CERT_FILE\s0" 4 .IX Item "cert = CERT_FILE" certificate chain file name @@ -379,31 +398,35 @@ This parameter is also used as the certificate identifier when a hardware engine is enabled. .IP "\fBcheckEmail\fR = \s-1EMAIL\s0" 4 .IX Item "checkEmail = EMAIL" -email address of the peer certificate subject +verify the email address of the end-entity (leaf) peer certificate subject .Sp -Multiple \fIcheckEmail\fR options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the email -address of the peer certificate matches any of the email addresses specified -with \fIcheckEmail\fR. +address of the end-entity (leaf) peer certificate matches any of the email +addresses specified with \fIcheckEmail\fR. +.Sp +Multiple \fIcheckEmail\fR options are allowed in a single service section. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBcheckHost\fR = \s-1HOST\s0" 4 .IX Item "checkHost = HOST" -host of the peer certificate subject +verify the host of the end-entity (leaf) peer certificate subject .Sp -Multiple \fIcheckHost\fR options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the host name -of the peer certificate matches any of the hosts specified with \fIcheckHost\fR. +of the end-entity (leaf) peer certificate matches any of the hosts specified +with \fIcheckHost\fR. +.Sp +Multiple \fIcheckHost\fR options are allowed in a single service section. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBcheckIP\fR = \s-1IP\s0" 4 .IX Item "checkIP = IP" -\&\s-1IP\s0 address of the peer certificate subject +verify the \s-1IP\s0 address of the end-entity (leaf) peer certificate subject .Sp -Multiple \fIcheckIP\fR options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the \s-1IP\s0 -address of the peer certificate matches any of the \s-1IP\s0 addresses specified with -\&\fIcheckIP\fR. +address of the end-entity (leaf) peer certificate matches any of the \s-1IP\s0 +addresses specified with \fIcheckIP\fR. +.Sp +Multiple \fIcheckIP\fR options are allowed in a single service section. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBciphers\fR = \s-1CIPHER_LIST\s0" 4 @@ -439,7 +462,8 @@ configuration file. Supported commands are described on the .Sp Several \fIconfig\fR lines can be used to specify multiple configuration commands. .Sp -Use \fIcurves\fR option instead of enabling \fIconfig = Curves:list_curves\fR to support elliptic curves. +Use \fIcurves\fR option instead of enabling \fIconfig = Curves:list_curves\fR to +support elliptic curves. .Sp This option requires OpenSSL 1.0.2 or later. .IP "\fBconnect\fR = [\s-1HOST:\s0]PORT" 4 @@ -449,7 +473,6 @@ connect to a remote address If no host is specified, the host defaults to localhost. .Sp Multiple \fIconnect\fR options are allowed in a single service section. -.Sp If host resolves to multiple addresses and/or if multiple \fIconnect\fR options are specified, then the remote address is chosen using a round-robin algorithm. @@ -592,7 +615,8 @@ use \s-1IDENT\s0 (\s-1RFC 1413\s0) username checking .IX Item "include = DIRECTORY" include all configuration file parts located in \s-1DIRECTORY\s0 .Sp -The files are included in the ascending alphabetical order of their names. The recommended filename convention is +The files are included in the ascending alphabetical order of their names. The +recommended filename convention is .Sp for global options: .Sp @@ -634,7 +658,7 @@ By default, the \s-1IP\s0 address of the outgoing interface is used as the sourc remote connections. Use this option to bind a static local \s-1IP\s0 address instead. .IP "\fB\s-1OCSP\s0\fR = \s-1URL\s0" 4 .IX Item "OCSP = URL" -select \s-1OCSP\s0 responder for certificate verification +select \s-1OCSP\s0 responder for the end-entity (leaf) peer certificate verification .IP "\fBOCSPaia\fR = yes | no" 4 .IX Item "OCSPaia = yes | no" validate certificates with their \s-1AIA OCSP\s0 responders @@ -657,6 +681,15 @@ send and verify the \s-1OCSP\s0 nonce extension This option protects the \s-1OCSP\s0 protocol against replay attacks. Due to its computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public \s-1OCSP\s0 responders. +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +require a conclusive \s-1OCSP\s0 response +.Sp +Disable this option to allow a connection even though no conclusive \s-1OCSP\s0 +response was retrieved from stapling and a direct request to the \s-1OCSP\s0 +responder. +.Sp +default: yes .IP "\fBoptions\fR = \s-1SSL_OPTIONS\s0" 4 .IX Item "options = SSL_OPTIONS" \&\fBOpenSSL\fR library options @@ -684,8 +717,8 @@ default: \& options = NO_SSLv3 .Ve .Sp -Use \fIsslVersionMax\fR or \fIsslVersionMin\fR option instead of disabling specific \s-1TLS\s0 protocol -versions when compiled with \fBOpenSSL 1.1.0\fR or later. +Use \fIsslVersionMax\fR or \fIsslVersionMin\fR option instead of disabling specific +\&\s-1TLS\s0 protocol versions when compiled with \fBOpenSSL 1.1.0\fR or later. .IP "\fBprotocol\fR = \s-1PROTO\s0" 4 .IX Item "protocol = PROTO" application protocol to negotiate \s-1TLS\s0 @@ -854,10 +887,13 @@ attempt to use the \s-1TCP RST\s0 flag to indicate an error This option is not supported on some platforms. .Sp default: yes -.IP "\fBretry\fR = yes | no" 4 -.IX Item "retry = yes | no" +.IP "\fBretry\fR = yes | no | \s-1DELAY\s0" 4 +.IX Item "retry = yes | no | DELAY" reconnect a connect+exec section after it was disconnected .Sp +The \s-1DELAY\s0 value specifies the number of milliseconds before retrying. +\&\*(L"retry = yes\*(R" has the same effect as \*(L"retry = 1000\*(R". +.Sp default: no .IP "\fBsecurityLevel\fR = \s-1LEVEL\s0" 4 .IX Item "securityLevel = LEVEL" @@ -870,19 +906,35 @@ The meaning of each level is described below: Everything is permitted. .IP "level 1" 4 .IX Item "level 1" -The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite using \s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result \s-1RSA, +DSA\s0 and \s-1DH\s0 keys shorter than 1024 bits and \s-1ECC\s0 keys shorter than 160 bits are +prohibited. All export cipher suites are prohibited since they all offer less +than 80 bits of security. \s-1SSL\s0 version 2 is prohibited. Any cipher suite using +\&\s-1MD5\s0 for the \s-1MAC\s0 is also prohibited. .IP "level 2" 4 .IX Item "level 2" -Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. +Security level set to 112 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 2048 bits and \s-1ECC\s0 keys shorter than 224 bits are prohibited. In +addition to the level 1 exclusions any cipher suite using \s-1RC4\s0 is also +prohibited. \s-1SSL\s0 version 3 is also not allowed. Compression is disabled. .IP "level 3" 4 .IX Item "level 3" -Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session tickets are disabled. +Security level set to 128 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 3072 bits and \s-1ECC\s0 keys shorter than 256 bits are prohibited. In +addition to the level 2 exclusions cipher suites not offering forward secrecy +are prohibited. \s-1TLS\s0 versions below 1.1 are not permitted. Session tickets are +disabled. .IP "level 4" 4 .IX Item "level 4" -Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are prohibited. Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 versions below 1.2 are not permitted. +Security level set to 192 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 7680 bits and \s-1ECC\s0 keys shorter than 384 bits are prohibited. +Cipher suites using \s-1SHA1\s0 for the \s-1MAC\s0 are prohibited. \s-1TLS\s0 versions below 1.2 are +not permitted. .IP "level 5" 4 .IX Item "level 5" -Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. +Security level set to 256 bits of security. As a result \s-1RSA, DSA\s0 and \s-1DH\s0 keys +shorter than 15360 bits and \s-1ECC\s0 keys shorter than 512 bits are prohibited. .IP "default: 2" 4 .IX Item "default: 2" .RE @@ -904,16 +956,19 @@ default: no .IX Item "setgid = GROUP (Unix only)" Unix group id .Sp -As a global option: \fBsetgid()\fR to the specified group in daemon mode and clear all other groups. +As a global option: \fBsetgid()\fR to the specified group in daemon mode and clear +all other groups. .Sp -As a service-level option: set the group of the Unix socket specified with \*(L"accept\*(R". +As a service-level option: set the group of the Unix socket specified with +\&\*(L"accept\*(R". .IP "\fBsetuid\fR = \s-1USER\s0 (Unix only)" 4 .IX Item "setuid = USER (Unix only)" Unix user id .Sp As a global option: \fBsetuid()\fR to the specified user in daemon mode. .Sp -As a service-level option: set the owner of the Unix socket specified with \*(L"accept\*(R". +As a service-level option: set the owner of the Unix socket specified with +\&\*(L"accept\*(R". .IP "\fBsessionCacheSize\fR = \s-1NUM_ENTRIES\s0" 4 .IX Item "sessionCacheSize = NUM_ENTRIES" session cache size @@ -938,26 +993,26 @@ default: yes address of sessiond \s-1TLS\s0 cache server .IP "\fBsni\fR = \s-1SERVICE_NAME:SERVER_NAME_PATTERN\s0 (server mode)" 4 .IX Item "sni = SERVICE_NAME:SERVER_NAME_PATTERN (server mode)" -Use the service as a slave service (a name-based virtual server) for Server +Use the service as a secondary service (a name-based virtual server) for Server Name Indication \s-1TLS\s0 extension (\s-1RFC 3546\s0). .Sp -\&\fI\s-1SERVICE_NAME\s0\fR specifies the master service that accepts client connections +\&\fI\s-1SERVICE_NAME\s0\fR specifies the primary service that accepts client connections with the \fIaccept\fR option. \fI\s-1SERVER_NAME_PATTERN\s0\fR specifies the host name to be redirected. The pattern may start with the '*' character, e.g. -\&'*.example.com'. Multiple slave services are normally specified for a single -master service. The \fIsni\fR option can also be specified more than once within -a single slave service. +\&'*.example.com'. Multiple secondary services are normally specified for +a single primary service. The \fIsni\fR option can also be specified more than +once within a single secondary service. .Sp -This service, as well as the master service, may not be configured in client +This service, as well as the primary service, may not be configured in client mode. .Sp -The \fIconnect\fR option of the slave service is ignored when the \fIprotocol\fR +The \fIconnect\fR option of the secondary service is ignored when the \fIprotocol\fR option is specified, as \fIprotocol\fR connects to the remote host before \s-1TLS\s0 handshake. .Sp -Libwrap checks (Unix only) are performed twice: with the master service name -after \s-1TCP\s0 connection is accepted, and with the slave service name during the -\&\s-1TLS\s0 handshake. +Libwrap checks (Unix only) are performed twice: with the primary service name +after \s-1TCP\s0 connection is accepted, and with the secondary service name during +the \s-1TLS\s0 handshake. .Sp The \fIsni\fR option is only available when compiled with \fBOpenSSL 1.0.0\fR and later. @@ -1027,7 +1082,8 @@ linked OpenSSL library. .Sp Availability of specific protocols depends on the linked OpenSSL library. .Sp -The \fIsslVersionMax\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +The \fIsslVersionMax\fR option is only available when compiled with +\&\fBOpenSSL 1.1.0\fR and later. .Sp default: all .IP "\fBsslVersionMin\fR = \s-1SSL_VERSION\s0" 4 @@ -1041,7 +1097,8 @@ linked OpenSSL library. .Sp Availability of specific protocols depends on the linked OpenSSL library. .Sp -The \fIsslVersionMin\fR option is only available when compiled with \fBOpenSSL 1.1.0\fR and later. +The \fIsslVersionMin\fR option is only available when compiled with +\&\fBOpenSSL 1.1.0\fR and later. .Sp default: TLSv1 .IP "\fBstack\fR = \s-1BYTES\s0 (except for \s-1FORK\s0 model)" 4 @@ -1096,10 +1153,13 @@ time to wait for expected data time to wait for close_notify (set to 0 for buggy \s-1MSIE\s0) .IP "\fBTIMEOUTconnect\fR = \s-1SECONDS\s0" 4 .IX Item "TIMEOUTconnect = SECONDS" -time to wait to connect to a remote host +time to wait to connect a remote host .IP "\fBTIMEOUTidle\fR = \s-1SECONDS\s0" 4 .IX Item "TIMEOUTidle = SECONDS" time to keep an idle connection +.IP "\fBTIMEOUTocsp\fR = \s-1SECONDS\s0" 4 +.IX Item "TIMEOUTocsp = SECONDS" +time to wait to connect an \s-1OCSP\s0 responder .IP "\fBtransparent\fR = none | source | destination | both (Unix only)" 4 .IX Item "transparent = none | source | destination | both (Unix only)" enable transparent proxy support on selected platforms @@ -1213,19 +1273,21 @@ and \fIverifyPeer\fR options. .RS 4 .IP "level 0" 4 .IX Item "level 0" -Request and ignore the peer certificate. +Request and ignore the peer certificate chain. .IP "level 1" 4 .IX Item "level 1" -Verify the peer certificate if present. +Verify the peer certificate chain if present. .IP "level 2" 4 .IX Item "level 2" -Verify the peer certificate. +Verify the peer certificate chain. .IP "level 3" 4 .IX Item "level 3" -Verify the peer against a locally installed certificate. +Verify the peer certificate chain and the end-entity (leaf) peer certificate +against a locally installed certificate. .IP "level 4" 4 .IX Item "level 4" -Ignore the chain and only verify the peer certificate. +Ignore the peer certificate chain and only verify the end-entity (leaf) peer +certificate against a locally installed certificate. .IP "default" 4 .IX Item "default" No verify. @@ -1245,9 +1307,9 @@ specified with \fICAfile\fR, or in the directory specified with \fICApath\fR. default: no .IP "\fBverifyPeer\fR = yes | no" 4 .IX Item "verifyPeer = yes | no" -verify the peer certificate +verify the end-entity (leaf) peer certificate .Sp -The peer certificate needs to be stored either in the file +The end-entity (leaf) peer certificate needs to be stored either in the file specified with \fICAfile\fR, or in the directory specified with \fICApath\fR. .Sp default: no @@ -1376,19 +1438,19 @@ An example server mode \s-1SNI\s0 configuration: .PP .Vb 5 \& [virtual] -\& ; master service +\& ; primary service \& accept = 443 \& cert = default.pem \& connect = default.internal.mydomain.com:8080 \& \& [sni1] -\& ; slave service 1 +\& ; secondary service 1 \& sni = virtual:server1.mydomain.com \& cert = server1.pem \& connect = server1.internal.mydomain.com:8081 \& \& [sni2] -\& ; slave service 2 +\& ; secondary service 2 \& sni = virtual:server2.mydomain.com \& cert = server2.pem \& connect = server2.internal.mydomain.com:8082 @@ -1411,7 +1473,8 @@ The client key is automatically selected based on the list of CAs trusted by the \& connect = example.com:8443 .Ve .PP -An example of advanced engine configuration to use the certificate and the corresponding private key from a pkcs11 engine: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a pkcs11 engine: .PP .Vb 3 \& engine = pkcs11 @@ -1427,7 +1490,8 @@ An example of advanced engine configuration to use the certificate and the corre \& key = pkcs11:token=MyToken;object=MyKey .Ve .PP -An example of advanced engine configuration to use the certificate and the corresponding private key from a SoftHSM token: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a SoftHSM token: .PP .Vb 3 \& engine = pkcs11 diff --git a/doc/stunnel.html.in b/doc/stunnel.html.in index 4f84d5c4..d3d3e3e8 100644 --- a/doc/stunnel.html.in +++ b/doc/stunnel.html.in @@ -242,9 +242,13 @@

debugging level

-

Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use debug = debug or debug = 7 for greatest debugging output. The default is notice (5).

+

Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown.

-

The syslog facility 'daemon' will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

+

The debug = debug (or the equivalent <debug = 7>) level produces for the most verbose log output. This logging level is only meant to be understood by stunnel developers, and not by users. Please either use the debug level when requested to do so by an stunnel developer, or when you intend to get confused.

+ +

The default logging level is notice (5).

+ +

The syslog 'daemon' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.)

Case is ignored for both facilities and levels.

@@ -424,17 +428,29 @@

To listen on all IPv6 addresses use:

-
    accept = :::PORT
+
accept = :::PORT
-
CApath = DIRECTORY
+
CAengine = ENGINE-SPECIFIC_CA_CERTIFICATE_IDENTIFIER
-

Certificate Authority directory

+

load a trusted CA certificate from an engine

-

This is the directory in which stunnel will look for certificates when using the verifyChain or verifyPeer options. Note that the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert.

+

The loaded CA certificates will be used with the verifyChain and verifyPeer options.

-

The hash algorithm has been changed in OpenSSL 1.0.0. It is required to c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x.

+

Multiple CAengine options are allowed in a single service section.

+ +

Currently supported engines: pkcs11, cng.

+ +
+
CApath = CA_DIRECTORY
+
+ +

load trusted CA certificates from a directory

+ +

The loaded CA certificates will be used with the verifyChain and verifyPeer options. Note that the certificates in this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of the DER encoded subject of the cert.

+ +

The hash algorithm has been changed in OpenSSL 1.0.0. It is required to c_rehash the directory on upgrade from OpenSSL 0.x.x to OpenSSL 1.x.x or later.

CApath path is relative to the chroot directory if specified.

@@ -442,9 +458,9 @@
CAfile = CA_FILE
-

Certificate Authority file

+

load trusted CA certificates from a file

-

This file contains multiple CA certificates, to be used with the verifyChain and verifyPeer options.

+

The loaded CA certificates will be used with the verifyChain and verifyPeer options.

cert = CERT_FILE
@@ -462,9 +478,11 @@
checkEmail = EMAIL
-

email address of the peer certificate subject

+

verify the email address of the end-entity (leaf) peer certificate subject

+ +

Certificates are accepted if no subject checks were specified, or the email address of the end-entity (leaf) peer certificate matches any of the email addresses specified with checkEmail.

-

Multiple checkEmail options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the email address of the peer certificate matches any of the email addresses specified with checkEmail.

+

Multiple checkEmail options are allowed in a single service section.

This option requires OpenSSL 1.0.2 or later.

@@ -472,9 +490,11 @@
checkHost = HOST
-

host of the peer certificate subject

+

verify the host of the end-entity (leaf) peer certificate subject

-

Multiple checkHost options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the host name of the peer certificate matches any of the hosts specified with checkHost.

+

Certificates are accepted if no subject checks were specified, or the host name of the end-entity (leaf) peer certificate matches any of the hosts specified with checkHost.

+ +

Multiple checkHost options are allowed in a single service section.

This option requires OpenSSL 1.0.2 or later.

@@ -482,9 +502,11 @@
checkIP = IP
-

IP address of the peer certificate subject

+

verify the IP address of the end-entity (leaf) peer certificate subject

+ +

Certificates are accepted if no subject checks were specified, or the IP address of the end-entity (leaf) peer certificate matches any of the IP addresses specified with checkIP.

-

Multiple checkIP options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the IP address of the peer certificate matches any of the IP addresses specified with checkIP.

+

Multiple checkIP options are allowed in a single service section.

This option requires OpenSSL 1.0.2 or later.

@@ -540,9 +562,7 @@

If no host is specified, the host defaults to localhost.

-

Multiple connect options are allowed in a single service section.

- -

If host resolves to multiple addresses and/or if multiple connect options are specified, then the remote address is chosen using a round-robin algorithm.

+

Multiple connect options are allowed in a single service section. If host resolves to multiple addresses and/or if multiple connect options are specified, then the remote address is chosen using a round-robin algorithm.

CRLpath = DIRECTORY
@@ -574,13 +594,13 @@

To get a list of supported curves use:

-
    openssl ecparam -list_curves
+
openssl ecparam -list_curves

default:

-
    X25519:P-256:X448:P-521:P-384 (OpenSSL 1.1.1 or later)
+
X25519:P-256:X448:P-521:P-384 (OpenSSL 1.1.1 or later)
 
-    prime256v1 (OpenSSL older than 1.1.1)

+prime256v1 (OpenSSL older than 1.1.1)
logId = TYPE
@@ -718,13 +738,13 @@

for global options:

-
        00-global.conf
+
00-global.conf

for local service-level options:

-
        01-service.conf
+
01-service.conf
 
-        02-service.conf

+02-service.conf
key = KEY_FILE
@@ -734,7 +754,7 @@

A private key is needed to authenticate the certificate owner. Since this file should be kept secret it should only be readable by its owner. On Unix systems you can use the following command:

-
    chmod 600 keyfile
+
chmod 600 keyfile

This parameter is also used as the private key identifier when a hardware engine is enabled.

@@ -758,7 +778,7 @@
OCSP = URL
-

select OCSP responder for certificate verification

+

select OCSP responder for the end-entity (leaf) peer certificate verification

OCSPaia = yes | no
@@ -786,6 +806,16 @@

This option protects the OCSP protocol against replay attacks. Due to its computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public OCSP responders.

+ +
OCSPrequire = yes | no
+
+ +

require a conclusive OCSP response

+ +

Disable this option to allow a connection even though no conclusive OCSP response was retrieved from stapling and a direct request to the OCSP responder.

+ +

default: yes

+
options = SSL_OPTIONS
@@ -798,12 +828,12 @@

For example, for compatibility with the erroneous Eudora TLS implementation, the following option can be used:

-
    options = DONT_INSERT_EMPTY_FRAGMENTS
+
options = DONT_INSERT_EMPTY_FRAGMENTS

default:

-
    options = NO_SSLv2
-    options = NO_SSLv3
+
options = NO_SSLv2
+options = NO_SSLv3

Use sslVersionMax or sslVersionMin option instead of disabling specific TLS protocol versions when compiled with OpenSSL 1.1.0 or later.

@@ -979,7 +1009,7 @@

Each line of the file in the following format:

-
    IDENTITY:KEY
+
IDENTITY:KEY

Hexadecimal keys are automatically converted to binary form. Keys are required to be at least 16 bytes long, which implies at least 32 characters for hexadecimal keys. The file should neither be world-readable nor world-writable.

@@ -1024,11 +1054,13 @@

default: yes

-
retry = yes | no
+
retry = yes | no | DELAY

reconnect a connect+exec section after it was disconnected

+

The DELAY value specifies the number of milliseconds before retrying. "retry = yes" has the same effect as "retry = 1000".

+

default: no

@@ -1153,15 +1185,15 @@
sni = SERVICE_NAME:SERVER_NAME_PATTERN (server mode)
-

Use the service as a slave service (a name-based virtual server) for Server Name Indication TLS extension (RFC 3546).

+

Use the service as a secondary service (a name-based virtual server) for Server Name Indication TLS extension (RFC 3546).

-

SERVICE_NAME specifies the master service that accepts client connections with the accept option. SERVER_NAME_PATTERN specifies the host name to be redirected. The pattern may start with the '*' character, e.g. '*.example.com'. Multiple slave services are normally specified for a single master service. The sni option can also be specified more than once within a single slave service.

+

SERVICE_NAME specifies the primary service that accepts client connections with the accept option. SERVER_NAME_PATTERN specifies the host name to be redirected. The pattern may start with the '*' character, e.g. '*.example.com'. Multiple secondary services are normally specified for a single primary service. The sni option can also be specified more than once within a single secondary service.

-

This service, as well as the master service, may not be configured in client mode.

+

This service, as well as the primary service, may not be configured in client mode.

-

The connect option of the slave service is ignored when the protocol option is specified, as protocol connects to the remote host before TLS handshake.

+

The connect option of the secondary service is ignored when the protocol option is specified, as protocol connects to the remote host before TLS handshake.

-

Libwrap checks (Unix only) are performed twice: with the master service name after TCP connection is accepted, and with the slave service name during the TLS handshake.

+

Libwrap checks (Unix only) are performed twice: with the primary service name after TCP connection is accepted, and with the secondary service name during the TLS handshake.

The sni option is only available when compiled with OpenSSL 1.0.0 and later.

@@ -1185,15 +1217,15 @@

Examples:

-
    socket = l:SO_LINGER=1:60
-        set one minute timeout for closing local socket
-    socket = r:SO_OOBINLINE=yes
-        place out-of-band data directly into the
-        receive data stream for remote sockets
-    socket = a:SO_REUSEADDR=no
-        disable address reuse (enabled by default)
-    socket = a:SO_BINDTODEVICE=lo
-        only accept connections on loopback interface
+
socket = l:SO_LINGER=1:60
+    set one minute timeout for closing local socket
+socket = r:SO_OOBINLINE=yes
+    place out-of-band data directly into the
+    receive data stream for remote sockets
+socket = a:SO_REUSEADDR=no
+    disable address reuse (enabled by default)
+socket = a:SO_BINDTODEVICE=lo
+    only accept connections on loopback interface
sslVersion = SSL_VERSION
@@ -1209,12 +1241,12 @@

Setting the option

-
    sslVersion = SSL_VERSION
+
sslVersion = SSL_VERSION

is equivalent to options

-
    sslVersionMax = SSL_VERSION
-    sslVersionMin = SSL_VERSION
+
sslVersionMax = SSL_VERSION
+sslVersionMin = SSL_VERSION

when compiled with OpenSSL 1.1.0 and later.

@@ -1306,7 +1338,7 @@
TIMEOUTconnect = SECONDS
-

time to wait to connect to a remote host

+

time to wait to connect a remote host

TIMEOUTidle = SECONDS
@@ -1314,6 +1346,12 @@

time to keep an idle connection

+ +
TIMEOUTocsp = SECONDS
+
+ +

time to wait to connect an OCSP responder

+
transparent = none | source | destination | both (Unix only)
@@ -1346,13 +1384,13 @@

This configuration requires the following setup for iptables and routing (possibly in /etc/rc.local or equivalent file):

-
    iptables -t mangle -N DIVERT
-    iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
-    iptables -t mangle -A DIVERT -j MARK --set-mark 1
-    iptables -t mangle -A DIVERT -j ACCEPT
-    ip rule add fwmark 1 lookup 100
-    ip route add local 0.0.0.0/0 dev lo table 100
-    echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
+
iptables -t mangle -N DIVERT
+iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+iptables -t mangle -A DIVERT -j MARK --set-mark 1
+iptables -t mangle -A DIVERT -j ACCEPT
+ip rule add fwmark 1 lookup 100
+ip route add local 0.0.0.0/0 dev lo table 100
+echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter

stunnel must also to be executed as root and without the setuid option.

@@ -1387,24 +1425,24 @@

A service section for transparent destination may look like this:

-
    [transparent]
-    client = yes
-    accept = <stunnel_port>
-    transparent = destination
+
[transparent]
+client = yes
+accept = <stunnel_port>
+transparent = destination

This configuration requires iptables setup to work, possibly in /etc/rc.local or equivalent file.

For a connect target installed on the same host:

-
    /sbin/iptables -t nat -I OUTPUT -p tcp --dport <redirected_port> \
-        -m ! --uid-owner <stunnel_user_id> \
-        -j DNAT --to-destination <local_ip>:<stunnel_port>
+
/sbin/iptables -t nat -I OUTPUT -p tcp --dport <redirected_port> \
+    -m ! --uid-owner <stunnel_user_id> \
+    -j DNAT --to-destination <local_ip>:<stunnel_port>

For a connect target installed on a remote host:

-
    /sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT
-    /sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \
-        -i eth0 -j DNAT --to-destination <local_ip>:<stunnel_port>
+
/sbin/iptables -I INPUT -i eth0 -p tcp --dport <stunnel_port> -j ACCEPT
+/sbin/iptables -t nat -I PREROUTING -p tcp --dport <redirected_port> \
+    -i eth0 -j DNAT --to-destination <local_ip>:<stunnel_port>

The transparent destination option is currently only supported on Linux.

@@ -1448,31 +1486,31 @@
level 0
-

Request and ignore the peer certificate.

+

Request and ignore the peer certificate chain.

level 1
-

Verify the peer certificate if present.

+

Verify the peer certificate chain if present.

level 2
-

Verify the peer certificate.

+

Verify the peer certificate chain.

level 3
-

Verify the peer against a locally installed certificate.

+

Verify the peer certificate chain and the end-entity (leaf) peer certificate against a locally installed certificate.

level 4
-

Ignore the chain and only verify the peer certificate.

+

Ignore the peer certificate chain and only verify the end-entity (leaf) peer certificate against a locally installed certificate.

default
@@ -1499,9 +1537,9 @@
verifyPeer = yes | no
-

verify the peer certificate

+

verify the end-entity (leaf) peer certificate

-

The peer certificate needs to be stored either in the file specified with CAfile, or in the directory specified with CApath.

+

The end-entity (leaf) peer certificate needs to be stored either in the file specified with CAfile, or in the directory specified with CApath.

default: no

@@ -1575,116 +1613,116 @@

In order to provide TLS encapsulation to your local imapd service, use:

-
    [imapd]
-    accept = 993
-    exec = /usr/sbin/imapd
-    execArgs = imapd
+
[imapd]
+accept = 993
+exec = /usr/sbin/imapd
+execArgs = imapd

or in remote mode:

-
    [imapd]
-    accept = 993
-    connect = 143
+
[imapd]
+accept = 993
+connect = 143

In order to let your local e-mail client connect to a TLS-enabled imapd service on another server, configure the e-mail client to connect to localhost on port 119 and use:

-
    [imap]
-    client = yes
-    accept = 143
-    connect = servername:993
+
[imap]
+client = yes
+accept = 143
+connect = servername:993

If you want to provide tunneling to your pppd daemon on port 2020, use something like:

-
    [vpn]
-    accept = 2020
-    exec = /usr/sbin/pppd
-    execArgs = pppd local
-    pty = yes
+
[vpn]
+accept = 2020
+exec = /usr/sbin/pppd
+execArgs = pppd local
+pty = yes

If you want to use stunnel in inetd mode to launch your imapd process, you'd use this stunnel.conf. Note there must be no [service_name] section.

-
    exec = /usr/sbin/imapd
-    execArgs = imapd
+
exec = /usr/sbin/imapd
+execArgs = imapd

To setup SOCKS VPN configure the following client service:

-
    [socks_client]
-    client = yes
-    accept = 127.0.0.1:1080
-    connect = vpn_server:9080
-    verifyPeer = yes
-    CAfile = stunnel.pem
+
[socks_client]
+client = yes
+accept = 127.0.0.1:1080
+connect = vpn_server:9080
+verifyPeer = yes
+CAfile = stunnel.pem

The corresponding configuration on the vpn_server host:

-
    [socks_server]
-    protocol = socks
-    accept = 9080
-    cert = stunnel.pem
-    key = stunnel.key
+
[socks_server]
+protocol = socks
+accept = 9080
+cert = stunnel.pem
+key = stunnel.key

Now test your configuration on the client machine with:

-
    curl --socks4a localhost http://www.example.com/
+
curl --socks4a localhost http://www.example.com/

An example server mode SNI configuration:

-
    [virtual]
-    ; master service
-    accept = 443
-    cert =  default.pem
-    connect = default.internal.mydomain.com:8080
-
-    [sni1]
-    ; slave service 1
-    sni = virtual:server1.mydomain.com
-    cert = server1.pem
-    connect = server1.internal.mydomain.com:8081
-
-    [sni2]
-    ; slave service 2
-    sni = virtual:server2.mydomain.com
-    cert = server2.pem
-    connect = server2.internal.mydomain.com:8082
-    verifyPeer = yes
-    CAfile = server2-allowed-clients.pem
+
[virtual]
+; primary service
+accept = 443
+cert =  default.pem
+connect = default.internal.mydomain.com:8080
+
+[sni1]
+; secondary service 1
+sni = virtual:server1.mydomain.com
+cert = server1.pem
+connect = server1.internal.mydomain.com:8081
+
+[sni2]
+; secondary service 2
+sni = virtual:server2.mydomain.com
+cert = server2.pem
+connect = server2.internal.mydomain.com:8082
+verifyPeer = yes
+CAfile = server2-allowed-clients.pem

An example of advanced engine configuration allows for authentication with private keys stored in the Windows certificate store (Windows only). With the CAPI engine you don't need to manually select the client key to use. The client key is automatically selected based on the list of CAs trusted by the server.

-
    engine = capi
+
engine = capi
 
-    [service]
-    engineId = capi
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:8443

+[service]
+engineId = capi
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:8443

An example of advanced engine configuration to use the certificate and the corresponding private key from a pkcs11 engine:

-
    engine = pkcs11
-    engineCtrl = MODULE_PATH:opensc-pkcs11.so
-    engineCtrl = PIN:123456
+
engine = pkcs11
+engineCtrl = MODULE_PATH:opensc-pkcs11.so
+engineCtrl = PIN:123456
 
-    [service]
-    engineId = pkcs11
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:843
-    cert = pkcs11:token=MyToken;object=MyCert
-    key = pkcs11:token=MyToken;object=MyKey

+[service]
+engineId = pkcs11
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:843
+cert = pkcs11:token=MyToken;object=MyCert
+key = pkcs11:token=MyToken;object=MyKey

An example of advanced engine configuration to use the certificate and the corresponding private key from a SoftHSM token:

-
    engine = pkcs11
-    engineCtrl = MODULE_PATH:softhsm2.dll
-    engineCtrl = PIN:12345
+
engine = pkcs11
+engineCtrl = MODULE_PATH:softhsm2.dll
+engineCtrl = PIN:12345
 
-    [service]
-    engineId = pkcs11
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:843
-    cert = pkcs11:token=MyToken;object=KeyCert

+[service]
+engineId = pkcs11
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:843
+cert = pkcs11:token=MyToken;object=KeyCert

NOTES

 @@ -1698,7 +1736,7 @@

For example, if you have the following line in inetd.conf:

-
    imaps stream tcp nowait root @bindir@/stunnel stunnel @sysconfdir@/stunnel/imaps.conf
+
imaps stream tcp nowait root @bindir@/stunnel stunnel @sysconfdir@/stunnel/imaps.conf

In these cases, the inetd-style program is responsible for binding a network socket (imaps above) and handing it to stunnel when a connection is received. Thus you do not want stunnel to have any accept option. All the Service Level Options should be placed in the global options section, and no [service_name] section will be present. See the EXAMPLES section for example configurations.

@@ -1708,12 +1746,12 @@

The .pem file should contain the unencrypted private key and a signed certificate (not certificate request). So the file should look like this:

-
    -----BEGIN RSA PRIVATE KEY-----
-    [encoded key]
-    -----END RSA PRIVATE KEY-----
-    -----BEGIN CERTIFICATE-----
-    [encoded certificate]
-    -----END CERTIFICATE-----
+
-----BEGIN RSA PRIVATE KEY-----
+[encoded key]
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+[encoded certificate]
+-----END CERTIFICATE-----

RANDOMNESS

@@ -1759,7 +1797,7 @@

Alternatively, it is possible to specify static DH parameters in the certificate file, which disables generating temporary DH parameters:

-
    openssl dhparam 2048 >> stunnel.pem
+
openssl dhparam 2048 >> stunnel.pem

FILES

 diff --git a/doc/stunnel.pl.8.in b/doc/stunnel.pl.8.in index 9993f864..9c3c873d 100644 --- a/doc/stunnel.pl.8.in +++ b/doc/stunnel.pl.8.in @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) +.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) .\" .\" Standard preamble: .\" ======================================================================== @@ -71,7 +71,7 @@ .\" ======================================================================== .\" .IX Title "stunnel 8" -.TH stunnel 8 "2022.03.15" "5.64" "stunnel TLS Proxy" +.TH stunnel 8 "2023.08.14" "5.71" "stunnel TLS Proxy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -225,23 +225,23 @@ używanego do zainicjalizowania generatora ciągów pseudolosowych biblioteki \&\fBOpenSSL\fR. .IP "\fBengine\fR = auto | IDENTYFIKATOR_URZĄDZENIA" 4 .IX Item "engine = auto | IDENTYFIKATOR_URZĄDZENIA" -wybór sprzętowego urządzenia kryptograficznego +wybór silnika kryptograficznego .Sp -domyślnie: bez wykorzystania urządzeń kryptograficznych +domyślnie: bez wykorzystania silników kryptograficznych .Sp Sekcja PRZYKŁADY zawiera przykładowe konfiguracje wykorzystujące -urządzenia kryptograficzne. +silniki kryptograficzne. .IP "\fBengineCtrl\fR = KOMENDA[:PARAMETR]" 4 .IX Item "engineCtrl = KOMENDA[:PARAMETR]" -konfiguracja urządzenia kryptograficznego +konfiguracja silnika kryptograficznego .IP "\fBengineDefault\fR = LISTA_ZADAŃ" 4 .IX Item "engineDefault = LISTA_ZADAŃ" -lista zadań OpenSSL oddelegowanych do bieżącego urządzenia +lista zadań OpenSSL oddelegowanych do bieżącego silnika .Sp Parametrem jest lista oddzielonych przecinkami zadań OpenSSL, które mają -zostać oddelegowane do bieżącego urządzenia kryptograficznego. +zostać oddelegowane do bieżącego silnika kryptograficznego. .Sp -W zależności od konkretnego urządzenia dostępne mogą być następujące zadania: +W zależności od konkretnego silnika dostępne mogą być następujące zadania: \&\s-1ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1.\s0 .IP "\fBfips\fR = yes | no" 4 @@ -356,9 +356,19 @@ Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć: .Vb 1 \& accept = :::port .Ve +.IP "\fBCAengine\fR = \s-1IDENTYFIKATOR_CA_W_ENGINE\s0" 4 +.IX Item "CAengine = IDENTYFIKATOR_CA_W_ENGINE" +ładuje zaufane certyfikaty Centrum certyfikacji z silnika +.Sp +Opcja pozwala określić położenie pliku zawierającego certyfikaty używane +przez opcję \fIverifyChain\fR lub \fIverifyPeer\fR. +.Sp +Opcja może być użyta wielokrotnie w pojedynczej sekcji. +.Sp +Aktualnie wspierane silniki: pkcs11, cng. .IP "\fBCApath\fR = \s-1KATALOG_CA\s0" 4 .IX Item "CApath = KATALOG_CA" -katalog Centrum Certyfikacji +ładuje zaufane certyfikaty Centrum certyfikacji z katalogu .Sp Opcja określa katalog, w którym \fBstunnel\fR będzie szukał certyfikatów, jeżeli użyta została opcja \fIverifyChain\fR lub \fIverifyPeer\fR. Pliki z certyfikatami @@ -372,7 +382,7 @@ Jeżeli zdefiniowano katalog \fIchroot\fR, to ścieżka do \fICApath\fR jest okr względem tego katalogu. .IP "\fBCAfile\fR = \s-1PLIK_CA\s0" 4 .IX Item "CAfile = PLIK_CA" -plik Centrum Certyfikacji +ładuje zaufane certyfikaty Centrum certyfikacji z pliku .Sp Opcja pozwala określić położenie pliku zawierającego certyfikaty używane przez opcję \fIverifyChain\fR lub \fIverifyPeer\fR. @@ -389,7 +399,7 @@ Obsługiwane są pliki w formacie \s-1PEM\s0 lub P12. Certyfikat jest konieczny, aby używać programu w trybie serwera. W trybie klienta certyfikat jest opcjonalny. .Sp -Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja \fBcert\fR +Jeżeli używany jest silnik kryptograficzny, to opcja \fBcert\fR pozwala wybrać identyfikator używanego certyfikatu. .IP "\fBcheckEmail\fR = \s-1EMAIL\s0" 4 .IX Item "checkEmail = EMAIL" @@ -565,10 +575,10 @@ Opóźnione rozwijanie adresu automatycznie aktywuje \fIfailover = prio\fR. domyślnie: no .IP "\fBengineId\fR = NUMER_URZĄDZENIA" 4 .IX Item "engineId = NUMER_URZĄDZENIA" -wybierz urządzenie dla usługi +wybierz silnik kryptograficzny dla usługi .IP "\fBengineNum\fR = NUMER_URZĄDZENIA" 4 .IX Item "engineNum = NUMER_URZĄDZENIA" -wybierz urządzenie dla usługi +wybierz silnik kryptograficzny dla usługi .Sp Urządzenia są numerowane od 1 w górę. .IP "\fBexec\fR = ŚCIEŻKA_DO_PROGRAMU" 4 @@ -637,8 +647,8 @@ komendą: \& chmod 600 keyfile .Ve .Sp -Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja \fBkey\fR -pozwala wybrać identyfikator używanego klucza prywatnego. +Jeżeli używany jest silnik kryptograficzny, to opcja \fBkey\fR pozwala wybrać +identyfikator używanego klucza prywatnego. .Sp domyślnie: wartość opcji \fIcert\fR .IP "\fBlibwrap\fR = yes | no" 4 @@ -654,7 +664,7 @@ Domyślnie używane jest \s-1IP\s0 najbardziej zewnętrznego interfejsu w stron serwera, do którego nawiązywane jest połączenie. .IP "\fB\s-1OCSP\s0\fR = \s-1URL\s0" 4 .IX Item "OCSP = URL" -responder \s-1OCSP\s0 do weryfikacji certyfikatów +responder \s-1OCSP\s0 do weryfikacji certyfikatu drugiej strony połączenia .IP "\fBOCSPaia\fR = yes | no" 4 .IX Item "OCSPaia = yes | no" weryfikuj certyfikaty przy użyciu respondertów \s-1AIA\s0 @@ -677,6 +687,18 @@ Opcja \fBOCSPnonce\fR zabezpiecza protokół \s-1OCSP\s0 przed atakami powtórze Ze względu na złożoność obliczeniową rozszerzenie nonce jest zwykle wspierane jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery \&\s-1OCSP.\s0 +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +wymagaj rozstrzygającej odpowiedzi respondera \s-1OCSP\s0 +.IP "\fBOCSPrequire\fR = yes | no" 4 +.IX Item "OCSPrequire = yes | no" +Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku +otrzymania rozstrzygającej odpowiedzi \s-1OCSP\s0 ze staplingu i bezpośredniego +żądania wysłanego do respondera. +.Sp +default: yes +.Sp +domyślnie: yes .IP "\fBoptions\fR = \s-1OPCJE_SSL\s0" 4 .IX Item "options = OPCJE_SSL" opcje biblioteki \fBOpenSSL\fR @@ -869,10 +891,14 @@ sygnalizuj wystąpienie błędu przy pomocy flagi \s-1TCP RST\s0 Opcja nie jest wspierana na niektórych platformach. .Sp domyślnie: yes -.IP "\fBretry\fR = yes | no" 4 -.IX Item "retry = yes | no" +.IP "\fBretry\fR = yes | no | OPÓŹNIENIE" 4 +.IX Item "retry = yes | no | OPÓŹNIENIE" połącz ponownie sekcję connect+exec po rozłączeniu .Sp +Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania +przed wykonaniem ponownego połączenia. +\&\*(L"retry = yes\*(R" jest synonimem dla \*(L"retry = 1000\*(R". +.Sp domyślnie: no .IP "\fBsecurityLevel\fR = \s-1POZIOM\s0" 4 .IX Item "securityLevel = POZIOM" @@ -1118,6 +1144,9 @@ czas oczekiwania na nawiązanie połączenia .IP "\fBTIMEOUTidle\fR = \s-1LICZBA_SEKUND\s0" 4 .IX Item "TIMEOUTidle = LICZBA_SEKUND" maksymalny czas utrzymywania bezczynnego połączenia +.IP "\fBTIMEOUTocsp\fR = \s-1LICZBA_SEKUND\s0" 4 +.IX Item "TIMEOUTocsp = LICZBA_SEKUND" +czas oczekiwania na nawiązanie połączenia z serwerem \s-1OCSP\s0 .IP "\fBtransparent\fR = none | source | destination | both (tylko Unix)" 4 .IX Item "transparent = none | source | destination | both (tylko Unix)" tryb przezroczystego proxy na wspieranych platformach @@ -1414,10 +1443,7 @@ Przykładowa konfiguracja serwera \s-1SNI:\s0 .Ve .PP Przykładowa konfiguracja umożliwiająca uwierzytelnienie z użyciem klucza prywatnego -przechowywanego w Windows Certificate Store (tylko Windows). -W przypadku użycia silnika \s-1CAPI,\s0 nie należy ustawiać opcji cert, gdyż klucz klienta -zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów -\&\s-1CA\s0 przedstawionych przez serwer. +przechowywanego w Windows Certificate Store (tylko Windows): .PP .Vb 1 \& engine = capi @@ -1429,8 +1455,12 @@ zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyf \& connect = example.com:8443 .Ve .PP +W przypadku użycia silnika \s-1CAPI,\s0 nie należy ustawiać opcji cert, gdyż klucz klienta +zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów +\&\s-1CA\s0 przedstawionych przez serwer. +.PP Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego z -urządzenia zgodnego z pkcs11: +urządzenia obsługiwanego przez silnik pkcs11: .PP .Vb 3 \& engine = pkcs11 @@ -1447,7 +1477,7 @@ urządzenia zgodnego z pkcs11: .Ve .PP Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego -umieszczonego na tokenie SoftHSM +umieszczonego na tokenie SoftHSM: .PP .Vb 3 \& engine = pkcs11 diff --git a/doc/stunnel.pl.html.in b/doc/stunnel.pl.html.in index 7be87f19..b74ebc91 100644 --- a/doc/stunnel.pl.html.in +++ b/doc/stunnel.pl.html.in @@ -260,27 +260,27 @@
engine = auto | IDENTYFIKATOR_URZĄDZENIA
-

wybór sprzętowego urządzenia kryptograficznego

+

wybór silnika kryptograficznego

-

domyślnie: bez wykorzystania urządzeń kryptograficznych

+

domyślnie: bez wykorzystania silników kryptograficznych

-

Sekcja PRZYKŁADY zawiera przykładowe konfiguracje wykorzystujące urządzenia kryptograficzne.

+

Sekcja PRZYKŁADY zawiera przykładowe konfiguracje wykorzystujące silniki kryptograficzne.

engineCtrl = KOMENDA[:PARAMETR]
-

konfiguracja urządzenia kryptograficznego

+

konfiguracja silnika kryptograficznego

engineDefault = LISTA_ZADAŃ
-

lista zadań OpenSSL oddelegowanych do bieżącego urządzenia

+

lista zadań OpenSSL oddelegowanych do bieżącego silnika

-

Parametrem jest lista oddzielonych przecinkami zadań OpenSSL, które mają zostać oddelegowane do bieżącego urządzenia kryptograficznego.

+

Parametrem jest lista oddzielonych przecinkami zadań OpenSSL, które mają zostać oddelegowane do bieżącego silnika kryptograficznego.

-

W zależności od konkretnego urządzenia dostępne mogą być następujące zadania: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1.

+

W zależności od konkretnego silnika dostępne mogą być następujące zadania: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1.

fips = yes | no
@@ -424,13 +424,25 @@

Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć:

-
    accept = :::port
+
accept = :::port
+ + +
CAengine = IDENTYFIKATOR_CA_W_ENGINE
+
+ +

ładuje zaufane certyfikaty Centrum certyfikacji z silnika

+ +

Opcja pozwala określić położenie pliku zawierającego certyfikaty używane przez opcję verifyChain lub verifyPeer.

+ +

Opcja może być użyta wielokrotnie w pojedynczej sekcji.

+ +

Aktualnie wspierane silniki: pkcs11, cng.

CApath = KATALOG_CA
-

katalog Centrum Certyfikacji

+

ładuje zaufane certyfikaty Centrum certyfikacji z katalogu

Opcja określa katalog, w którym stunnel będzie szukał certyfikatów, jeżeli użyta została opcja verifyChain lub verifyPeer. Pliki z certyfikatami muszą posiadać specjalne nazwy XXXXXXXX.0, gdzie XXXXXXXX jest skrótem kryptograficznym reprezentacji DER nazwy podmiotu certyfikatu.

@@ -442,7 +454,7 @@
CAfile = PLIK_CA
-

plik Centrum Certyfikacji

+

ładuje zaufane certyfikaty Centrum certyfikacji z pliku

Opcja pozwala określić położenie pliku zawierającego certyfikaty używane przez opcję verifyChain lub verifyPeer.

@@ -456,7 +468,7 @@

Certyfikat jest konieczny, aby używać programu w trybie serwera. W trybie klienta certyfikat jest opcjonalny.

-

Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja cert pozwala wybrać identyfikator używanego certyfikatu.

+

Jeżeli używany jest silnik kryptograficzny, to opcja cert pozwala wybrać identyfikator używanego certyfikatu.

checkEmail = EMAIL
@@ -572,13 +584,13 @@

Listę dostępnych krzywych można uzyskać poleceniem:

-
    openssl ecparam -list_curves
+
openssl ecparam -list_curves

domyślnie:

-
    X25519:P-256:X448:P-521:P-384 (począwszy od OpenSSL 1.1.1)
+
X25519:P-256:X448:P-521:P-384 (począwszy od OpenSSL 1.1.1)
 
-    prime256v1 (OpenSSL starszy niż 1.1.1)

+prime256v1 (OpenSSL starszy niż 1.1.1)
logId = TYP
@@ -646,13 +658,13 @@
engineId = NUMER_URZĄDZENIA
-

wybierz urządzenie dla usługi

+

wybierz silnik kryptograficzny dla usługi

engineNum = NUMER_URZĄDZENIA
-

wybierz urządzenie dla usługi

+

wybierz silnik kryptograficzny dla usługi

Urządzenia są numerowane od 1 w górę.

@@ -714,13 +726,13 @@

dla opcji globalnych:

-
        00-global.conf
+
00-global.conf

dla lokalnych opcji usług:

-
        01-service.conf
+
01-service.conf
 
-        02-service.conf

+02-service.conf
key = PLIK_KLUCZA
@@ -730,9 +742,9 @@

Klucz prywatny jest potrzebny do uwierzytelnienia właściciela certyfikatu. Ponieważ powinien on być zachowany w tajemnicy, prawa do jego odczytu powinien mieć wyłącznie właściciel pliku. W systemie Unix można to osiągnąć komendą:

-
    chmod 600 keyfile
+
chmod 600 keyfile
-

Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja key pozwala wybrać identyfikator używanego klucza prywatnego.

+

Jeżeli używany jest silnik kryptograficzny, to opcja key pozwala wybrać identyfikator używanego klucza prywatnego.

domyślnie: wartość opcji cert

@@ -756,7 +768,7 @@
OCSP = URL
-

responder OCSP do weryfikacji certyfikatów

+

responder OCSP do weryfikacji certyfikatu drugiej strony połączenia

OCSPaia = yes | no
@@ -784,6 +796,22 @@

Opcja OCSPnonce zabezpiecza protokół OCSP przed atakami powtórzeniowymi. Ze względu na złożoność obliczeniową rozszerzenie nonce jest zwykle wspierane jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery OCSP.

+ +
OCSPrequire = yes | no
+
+ +

wymagaj rozstrzygającej odpowiedzi respondera OCSP

+ +
+
OCSPrequire = yes | no
+
+ +

Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku otrzymania rozstrzygającej odpowiedzi OCSP ze staplingu i bezpośredniego żądania wysłanego do respondera.

+ +

default: yes

+ +

domyślnie: yes

+
options = OPCJE_SSL
@@ -796,12 +824,12 @@

Na przykład, dla zachowania kompatybilności z błędami implementacji TLS w programie Eudora, można użyć opcji:

-
    options = DONT_INSERT_EMPTY_FRAGMENTS
+
options = DONT_INSERT_EMPTY_FRAGMENTS

domyślnie:

-
    options = NO_SSLv2
-    options = NO_SSLv3
+
options = NO_SSLv2
+options = NO_SSLv3

Począwszy od OpenSSL 1.1.0, zamiast wyłączać określone wersje protokołów TLS użyj opcji sslVersionMax lub sslVersionMin.

@@ -977,7 +1005,7 @@

Każda linia pliku jest w następującym formacie:

-
    TOŻSAMOŚĆ:KLUCZ
+
TOŻSAMOŚĆ:KLUCZ

Szesnastkowe klucze są automatycznie konwertowane do postaci binarnej. Klucz musi być mieć przynajmniej 16 bajtów, co w przypadku kluczy szesnastkowych przekłada się na przynajmniej 32 znaki. Należy ograniczyć dostęp do czytania lub pisania do tego pliku.

@@ -1022,11 +1050,13 @@

domyślnie: yes

-
retry = yes | no
+
retry = yes | no | OPÓŹNIENIE

połącz ponownie sekcję connect+exec po rozłączeniu

+

Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania przed wykonaniem ponownego połączenia. "retry = yes" jest synonimem dla "retry = 1000".

+

domyślnie: no

@@ -1183,19 +1213,19 @@

Przykłady:

-
    socket = l:SO_LINGER=1:60
-        ustaw jednominutowe przeterminowanie
-        przy zamykaniu lokalnego gniazda
-    socket = r:SO_OOBINLINE=yes
-        umieść dane pozapasmowe (out-of-band)
-        bezpośrednio w strumieniu danych
-        wejściowych dla zdalnych gniazd
-    socket = a:SO_REUSEADDR=no
-        zablokuj ponowne używanie portu
-        (domyślnie włączone)
-    socket = a:SO_BINDTODEVICE=lo
-        przyjmuj połączenia wyłącznie na
-        interfejsie zwrotnym (ang. loopback)
+
socket = l:SO_LINGER=1:60
+    ustaw jednominutowe przeterminowanie
+    przy zamykaniu lokalnego gniazda
+socket = r:SO_OOBINLINE=yes
+    umieść dane pozapasmowe (out-of-band)
+    bezpośrednio w strumieniu danych
+    wejściowych dla zdalnych gniazd
+socket = a:SO_REUSEADDR=no
+    zablokuj ponowne używanie portu
+    (domyślnie włączone)
+socket = a:SO_BINDTODEVICE=lo
+    przyjmuj połączenia wyłącznie na
+    interfejsie zwrotnym (ang. loopback)
sslVersion = WERSJA_SSL
@@ -1211,12 +1241,12 @@

Począwszy od OpenSSL 1.1.0, ustawienie

-
    sslVersion = WERSJA_SSL
+
sslVersion = WERSJA_SSL

jest równoważne opcjom

-
    sslVersionMax = WERSJA_SSL
-    sslVersionMin = WERSJA_SSL
+
sslVersionMax = WERSJA_SSL
+sslVersionMin = WERSJA_SSL
sslVersionMax = WERSJA_SSL
@@ -1314,6 +1344,12 @@

maksymalny czas utrzymywania bezczynnego połączenia

+ +
TIMEOUTocsp = LICZBA_SEKUND
+
+ +

czas oczekiwania na nawiązanie połączenia z serwerem OCSP

+
transparent = none | source | destination | both (tylko Unix)
@@ -1344,13 +1380,13 @@

Konfiguracja wymaga następujących ustawień iptables oraz routingu (na przykład w pliku /etc/rc.local lub analogicznym):

-
    iptables -t mangle -N DIVERT
-    iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
-    iptables -t mangle -A DIVERT -j MARK --set-mark 1
-    iptables -t mangle -A DIVERT -j ACCEPT
-    ip rule add fwmark 1 lookup 100
-    ip route add local 0.0.0.0/0 dev lo table 100
-    echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter
+
iptables -t mangle -N DIVERT
+iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
+iptables -t mangle -A DIVERT -j MARK --set-mark 1
+iptables -t mangle -A DIVERT -j ACCEPT
+ip rule add fwmark 1 lookup 100
+ip route add local 0.0.0.0/0 dev lo table 100
+echo 0 >/proc/sys/net/ipv4/conf/lo/rp_filter

Konfiguracja ta wymaga, aby stunnel był wykonywany jako root i bez opcji setuid.

@@ -1385,24 +1421,24 @@

Przykładowa konfiguracja przezroczystego adresu docelowego:

-
    [transparent]
-    client = yes
-    accept = <port_stunnela>
-    transparent = destination
+
[transparent]
+client = yes
+accept = <port_stunnela>
+transparent = destination

Konfiguracja wymaga ustawień iptables, na przykład w pliku /etc/rc.local lub analogicznym.

W przypadku docelowej usługi umieszczonej na tej samej maszynie:

-
    /sbin/iptables -t nat -I OUTPUT -p tcp --dport <port_przekierowany> \
-        -m ! --uid-owner <identyfikator_użytkownika_stunnela> \
-        -j DNAT --to-destination <lokalne_ip>:<lokalny_port>
+
/sbin/iptables -t nat -I OUTPUT -p tcp --dport <port_przekierowany> \
+    -m ! --uid-owner <identyfikator_użytkownika_stunnela> \
+    -j DNAT --to-destination <lokalne_ip>:<lokalny_port>

W przypadku docelowej usługi umieszczonej na zdalnej maszynie:

-
    /sbin/iptables -I INPUT -i eth0 -p tcp --dport <port_stunnela> -j ACCEPT
-    /sbin/iptables -t nat -I PREROUTING -p tcp --dport <port_przekierowany> \
-        -i eth0 -j DNAT --to-destination <lokalne_ip>:<port_stunnela>
+
/sbin/iptables -I INPUT -i eth0 -p tcp --dport <port_stunnela> -j ACCEPT
+/sbin/iptables -t nat -I PREROUTING -p tcp --dport <port_przekierowany> \
+    -i eth0 -j DNAT --to-destination <lokalne_ip>:<port_stunnela>

Przezroczysty adres docelowy jest aktualnie wspierany wyłącznie w systemie Linux.

@@ -1573,116 +1609,118 @@

Szyfrowanie połączeń do lokalnego serwera imapd można użyć:

-
    [imapd]
-    accept = 993
-    exec = /usr/sbin/imapd
-    execArgs = imapd
+
[imapd]
+accept = 993
+exec = /usr/sbin/imapd
+execArgs = imapd

albo w trybie zdalnym:

-
    [imapd]
-    accept = 993
-    connect = 143
+
[imapd]
+accept = 993
+connect = 143

Aby umożliwić lokalnemu klientowi poczty elektronicznej korzystanie z serwera imapd przez TLS należy skonfigurować pobieranie poczty z adresu localhost i portu 119, oraz użyć następującej konfiguracji:

-
    [imap]
-    client = yes
-    accept = 143
-    connect = serwer:993
+
[imap]
+client = yes
+accept = 143
+connect = serwer:993

W połączeniu z programem pppd stunnel pozwala zestawić prosty VPN. Po stronie serwera nasłuchującego na porcie 2020 jego konfiguracja może wyglądać następująco:

-
    [vpn]
-    accept = 2020
-    exec = /usr/sbin/pppd
-    execArgs = pppd local
-    pty = yes
+
[vpn]
+accept = 2020
+exec = /usr/sbin/pppd
+execArgs = pppd local
+pty = yes

Poniższy plik konfiguracyjny może być wykorzystany do uruchomienia programu stunnel w trybie inetd. Warto zauważyć, że w pliku konfiguracyjnym nie ma sekcji [nazwa_usługi].

-
    exec = /usr/sbin/imapd
-    execArgs = imapd
+
exec = /usr/sbin/imapd
+execArgs = imapd

Aby skonfigurować VPN można użyć następującej konfiguracji klienta:

-
    [socks_client]
-    client = yes
-    accept = 127.0.0.1:1080
-    connect = vpn_server:9080
-    verifyPeer = yes
-    CAfile = stunnel.pem
+
[socks_client]
+client = yes
+accept = 127.0.0.1:1080
+connect = vpn_server:9080
+verifyPeer = yes
+CAfile = stunnel.pem

Odpowiadająca jej konfiguracja serwera vpn_server:

-
    [socks_server]
-    protocol = socks
-    accept = 9080
-    cert = stunnel.pem
-    key = stunnel.key
+
[socks_server]
+protocol = socks
+accept = 9080
+cert = stunnel.pem
+key = stunnel.key

Do przetestowania konfiguracji można wydać na maszynie klienckiej komendę:

-
    curl --socks4a localhost http://www.example.com/
+
curl --socks4a localhost http://www.example.com/

Przykładowa konfiguracja serwera SNI:

-
    [virtual]
-    ; usługa nadrzędna
-    accept = 443
-    cert =  default.pem
-    connect = default.internal.mydomain.com:8080
-
-    [sni1]
-    ; usługa podrzędna 1
-    sni = virtual:server1.mydomain.com
-    cert = server1.pem
-    connect = server1.internal.mydomain.com:8081
-
-    [sni2]
-    ; usługa podrzędna 2
-    sni = virtual:server2.mydomain.com
-    cert = server2.pem
-    connect = server2.internal.mydomain.com:8082
-    verifyPeer = yes
-    CAfile = server2-allowed-clients.pem
- -

Przykładowa konfiguracja umożliwiająca uwierzytelnienie z użyciem klucza prywatnego przechowywanego w Windows Certificate Store (tylko Windows). W przypadku użycia silnika CAPI, nie należy ustawiać opcji cert, gdyż klucz klienta zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów CA przedstawionych przez serwer.

- -
    engine = capi
-
-    [service]
-    engineId = capi
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:8443
- -

Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego z urządzenia zgodnego z pkcs11:

- -
    engine = pkcs11
-    engineCtrl = MODULE_PATH:opensc-pkcs11.so
-    engineCtrl = PIN:123456
-
-    [service]
-    engineId = pkcs11
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:843
-    cert = pkcs11:token=MyToken;object=MyCert
-    key = pkcs11:token=MyToken;object=MyKey
- -

Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego umieszczonego na tokenie SoftHSM

- -
    engine = pkcs11
-    engineCtrl = MODULE_PATH:softhsm2.dll
-    engineCtrl = PIN:12345
-
-    [service]
-    engineId = pkcs11
-    client = yes
-    accept = 127.0.0.1:8080
-    connect = example.com:843
-    cert = pkcs11:token=MyToken;object=KeyCert
+
[virtual]
+; usługa nadrzędna
+accept = 443
+cert =  default.pem
+connect = default.internal.mydomain.com:8080
+
+[sni1]
+; usługa podrzędna 1
+sni = virtual:server1.mydomain.com
+cert = server1.pem
+connect = server1.internal.mydomain.com:8081
+
+[sni2]
+; usługa podrzędna 2
+sni = virtual:server2.mydomain.com
+cert = server2.pem
+connect = server2.internal.mydomain.com:8082
+verifyPeer = yes
+CAfile = server2-allowed-clients.pem
+ +

Przykładowa konfiguracja umożliwiająca uwierzytelnienie z użyciem klucza prywatnego przechowywanego w Windows Certificate Store (tylko Windows):

+ +
engine = capi
+
+[service]
+engineId = capi
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:8443
+ +

W przypadku użycia silnika CAPI, nie należy ustawiać opcji cert, gdyż klucz klienta zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów CA przedstawionych przez serwer.

+ +

Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego z urządzenia obsługiwanego przez silnik pkcs11:

+ +
engine = pkcs11
+engineCtrl = MODULE_PATH:opensc-pkcs11.so
+engineCtrl = PIN:123456
+
+[service]
+engineId = pkcs11
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:843
+cert = pkcs11:token=MyToken;object=MyCert
+key = pkcs11:token=MyToken;object=MyKey
+ +

Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego umieszczonego na tokenie SoftHSM:

+ +
engine = pkcs11
+engineCtrl = MODULE_PATH:softhsm2.dll
+engineCtrl = PIN:12345
+
+[service]
+engineId = pkcs11
+client = yes
+accept = 127.0.0.1:8080
+connect = example.com:843
+cert = pkcs11:token=MyToken;object=KeyCert

NOTKI

 @@ -1696,8 +1734,8 @@

Przykładowa linia pliku /etc/inetd.conf może wyglądać tak:

-
    imaps stream tcp nowait root @bindir@/stunnel
-        stunnel @sysconfdir@/stunnel/imaps.conf
+
imaps stream tcp nowait root @bindir@/stunnel
+    stunnel @sysconfdir@/stunnel/imaps.conf

Ponieważ w takich przypadkach połączenie na zdefiniowanym porcie (tutaj imaps) nawiązuje osobny program (tutaj inetd), stunnel nie może używać opcji accept. W pliku konfiguracyjnym nie może być również zdefiniowana żadna usługa ([nazwa_usługi]), ponieważ konfiguracja taka pozwala na nawiązanie tylko jednego połączenia. Wszystkie OPCJE USŁUG powinny być umieszczone razem z opcjami globalnymi. Przykład takiej konfiguracji znajduje się w sekcji PRZYKŁADY.

@@ -1707,12 +1745,12 @@

Plik .pem powinien zawierać klucz prywatny oraz podpisany certyfikat (nie żądanie certyfikatu). Otrzymany plik powinien mieć następującą postać:

-
    -----BEGIN RSA PRIVATE KEY-----
-    [zakodowany klucz]
-    -----END RSA PRIVATE KEY-----
-    -----BEGIN CERTIFICATE-----
-    [zakodowany certyfikat]
-    -----END CERTIFICATE-----
+
-----BEGIN RSA PRIVATE KEY-----
+[zakodowany klucz]
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+[zakodowany certyfikat]
+-----END CERTIFICATE-----

LOSOWOŚĆ

@@ -1758,7 +1796,7 @@

Alternatywnie parametry DH można umieścić w pliku razem z certyfikatem, co wyłącza generowanie parametrów tymczasowych:

-
    openssl dhparam 2048 >> stunnel.pem
+
openssl dhparam 2048 >> stunnel.pem

PLIKI

 diff --git a/doc/stunnel.pl.pod.in b/doc/stunnel.pl.pod.in index dc6b2557..9c8d05d7 100644 --- a/doc/stunnel.pl.pod.in +++ b/doc/stunnel.pl.pod.in @@ -214,25 +214,25 @@ B. =item B = auto | IDENTYFIKATOR_URZĄDZENIA -wybór sprzętowego urządzenia kryptograficznego +wybór silnika kryptograficznego -domyślnie: bez wykorzystania urządzeń kryptograficznych +domyślnie: bez wykorzystania silników kryptograficznych Sekcja PRZYKŁADY zawiera przykładowe konfiguracje wykorzystujące -urządzenia kryptograficzne. +silniki kryptograficzne. =item B = KOMENDA[:PARAMETR] -konfiguracja urządzenia kryptograficznego +konfiguracja silnika kryptograficznego =item B = LISTA_ZADAŃ -lista zadań OpenSSL oddelegowanych do bieżącego urządzenia +lista zadań OpenSSL oddelegowanych do bieżącego silnika Parametrem jest lista oddzielonych przecinkami zadań OpenSSL, które mają -zostać oddelegowane do bieżącego urządzenia kryptograficznego. +zostać oddelegowane do bieżącego silnika kryptograficznego. -W zależności od konkretnego urządzenia dostępne mogą być następujące zadania: +W zależności od konkretnego silnika dostępne mogą być następujące zadania: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1. @@ -367,9 +367,20 @@ Aby nasłuchiwać na wszystkich adresach IPv6 należy użyć: accept = :::port +=item B = IDENTYFIKATOR_CA_W_ENGINE + +ładuje zaufane certyfikaty Centrum certyfikacji z silnika + +Opcja pozwala określić położenie pliku zawierającego certyfikaty używane +przez opcję I lub I. + +Opcja może być użyta wielokrotnie w pojedynczej sekcji. + +Aktualnie wspierane silniki: pkcs11, cng. + =item B = KATALOG_CA -katalog Centrum Certyfikacji +ładuje zaufane certyfikaty Centrum certyfikacji z katalogu Opcja określa katalog, w którym B będzie szukał certyfikatów, jeżeli użyta została opcja I lub I. Pliki z certyfikatami @@ -384,7 +395,7 @@ względem tego katalogu. =item B = PLIK_CA -plik Centrum Certyfikacji +ładuje zaufane certyfikaty Centrum certyfikacji z pliku Opcja pozwala określić położenie pliku zawierającego certyfikaty używane przez opcję I lub I. @@ -402,7 +413,7 @@ Obsługiwane są pliki w formacie PEM lub P12. Certyfikat jest konieczny, aby używać programu w trybie serwera. W trybie klienta certyfikat jest opcjonalny. -Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja B +Jeżeli używany jest silnik kryptograficzny, to opcja B pozwala wybrać identyfikator używanego certyfikatu. =item B = EMAIL @@ -593,11 +604,11 @@ domyślnie: no =item B = NUMER_URZĄDZENIA -wybierz urządzenie dla usługi +wybierz silnik kryptograficzny dla usługi =item B = NUMER_URZĄDZENIA -wybierz urządzenie dla usługi +wybierz silnik kryptograficzny dla usługi Urządzenia są numerowane od 1 w górę. @@ -667,8 +678,8 @@ komendą: chmod 600 keyfile -Jeżeli używane jest sprzętowe urządzenie kryptograficzne, to opcja B -pozwala wybrać identyfikator używanego klucza prywatnego. +Jeżeli używany jest silnik kryptograficzny, to opcja B pozwala wybrać +identyfikator używanego klucza prywatnego. domyślnie: wartość opcji I @@ -687,7 +698,7 @@ serwera, do którego nawiązywane jest połączenie. =item B = URL -responder OCSP do weryfikacji certyfikatów +responder OCSP do weryfikacji certyfikatu drugiej strony połączenia =item B = yes | no @@ -714,6 +725,20 @@ Ze względu na złożoność obliczeniową rozszerzenie nonce jest zwykle wspier jedynie przez wewnętrzne (np. korporacyjne), a nie przez publiczne respondery OCSP. +=item B = yes | no + +wymagaj rozstrzygającej odpowiedzi respondera OCSP + +=item B = yes | no + +Wyłączenie tej opcji pozwala na zaakceptowanie połączenia pomimo braku +otrzymania rozstrzygającej odpowiedzi OCSP ze staplingu i bezpośredniego +żądania wysłanego do respondera. + +default: yes + +domyślnie: yes + =item B = OPCJE_SSL opcje biblioteki B @@ -926,10 +951,14 @@ Opcja nie jest wspierana na niektórych platformach. domyślnie: yes -=item B = yes | no +=item B = yes | no | OPÓŹNIENIE połącz ponownie sekcję connect+exec po rozłączeniu +Wartość parametru OPÓŹNIENIE określa liczbę milisekund oczekiwania +przed wykonaniem ponownego połączenia. +"retry = yes" jest synonimem dla "retry = 1000". + domyślnie: no =item B = POZIOM @@ -1197,6 +1226,10 @@ czas oczekiwania na nawiązanie połączenia maksymalny czas utrzymywania bezczynnego połączenia +=item B = LICZBA_SEKUND + +czas oczekiwania na nawiązanie połączenia z serwerem OCSP + =item B = none | source | destination | both (tylko Unix) tryb przezroczystego proxy na wspieranych platformach @@ -1514,10 +1547,7 @@ Przykładowa konfiguracja serwera SNI: CAfile = server2-allowed-clients.pem Przykładowa konfiguracja umożliwiająca uwierzytelnienie z użyciem klucza prywatnego -przechowywanego w Windows Certificate Store (tylko Windows). -W przypadku użycia silnika CAPI, nie należy ustawiać opcji cert, gdyż klucz klienta -zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów -CA przedstawionych przez serwer. +przechowywanego w Windows Certificate Store (tylko Windows): engine = capi @@ -1527,8 +1557,12 @@ CA przedstawionych przez serwer. accept = 127.0.0.1:8080 connect = example.com:8443 +W przypadku użycia silnika CAPI, nie należy ustawiać opcji cert, gdyż klucz klienta +zostanie automatycznie pobrany z Certificate Store na podstawie zaufanych certyfikatów +CA przedstawionych przez serwer. + Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego z -urządzenia zgodnego z pkcs11: +urządzenia obsługiwanego przez silnik pkcs11: engine = pkcs11 engineCtrl = MODULE_PATH:opensc-pkcs11.so @@ -1543,7 +1577,7 @@ urządzenia zgodnego z pkcs11: key = pkcs11:token=MyToken;object=MyKey Przykładowa konfiguracja umożliwiająca użycie certyfikatu i klucza prywatnego -umieszczonego na tokenie SoftHSM +umieszczonego na tokenie SoftHSM: engine = pkcs11 engineCtrl = MODULE_PATH:softhsm2.dll diff --git a/doc/stunnel.pod.in b/doc/stunnel.pod.in index 0246f828..fa1ec99d 100644 --- a/doc/stunnel.pod.in +++ b/doc/stunnel.pod.in @@ -136,7 +136,8 @@ A port number. =item * -A colon-separated pair of IP address (either IPv4, IPv6, or domain name) and port number. +A colon-separated pair of IP address (either IPv4, IPv6, or domain name) and +port number. =item * @@ -156,7 +157,8 @@ B keeps B in a chrooted jail. I, I, I and I are located inside the jail and the patches have to be relative to the directory specified with B. -Several functions of the operating system also need their files to be located within the chroot jail, e.g.: +Several functions of the operating system also need their files to be located +within the chroot jail, e.g.: =over 4 @@ -186,13 +188,18 @@ Deflate is the standard compression method as described in RFC 1951. debugging level -Level is one of the syslog level names or numbers -emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), -info (6), or debug (7). All logs for the specified level and -all levels numerically less than it will be shown. Use I or -I for greatest debugging output. The default is notice (5). +Level is one of the syslog level names or numbers emerg (0), alert (1), +crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs +for the specified level and all levels numerically less than it will be shown. + +The I (or the equivalent ) level produces for the +most verbose log output. This logging level is only meant to be understood by +stunnel developers, and not by users. Please either use the debug level when +requested to do so by an stunnel developer, or when you intend to get confused. -The syslog facility 'daemon' will be used unless a facility name is supplied. +The default logging level is notice (5). + +The syslog 'daemon' facility will be used unless a facility name is supplied. (Facilities are not supported on Win32.) Case is ignored for both facilities and levels. @@ -210,7 +217,8 @@ select hardware or software cryptographic engine default: software-only cryptography -See Examples section for an engine configuration to use the certificate and the corresponding private key from a cryptographic device. +See Examples section for an engine configuration to use the certificate and the +corresponding private key from a cryptographic device. =item B = COMMAND[:PARAMETER] @@ -271,8 +279,8 @@ pixel image. log file handling -This option allows you to choose whether the log file (specified with the I -option) is appended or overwritten when opened or re-opened. +This option allows you to choose whether the log file (specified with the +I option) is appended or overwritten when opened or re-opened. default: append @@ -357,26 +365,38 @@ To listen on all IPv6 addresses use: accept = :::PORT -=item B = DIRECTORY +=item B = ENGINE-SPECIFIC_CA_CERTIFICATE_IDENTIFIER + +load a trusted CA certificate from an engine + +The loaded CA certificates will be used with the I and +I options. + +Multiple I options are allowed in a single service section. + +Currently supported engines: pkcs11, cng. -Certificate Authority directory +=item B = CA_DIRECTORY -This is the directory in which B will look for certificates when using -the I or I options. Note that the certificates in -this directory should be named XXXXXXXX.0 where XXXXXXXX is the hash value of -the DER encoded subject of the cert. +load trusted CA certificates from a directory + +The loaded CA certificates will be used with the I and +I options. +Note that the certificates in this directory should be named XXXXXXXX.0 where +XXXXXXXX is the hash value of the DER encoded subject of the cert. The hash algorithm has been changed in B. It is required to -c_rehash the directory on upgrade from B to B. +c_rehash the directory on upgrade from B to B +or later. I path is relative to the I directory if specified. =item B = CA_FILE -Certificate Authority file +load trusted CA certificates from a file -This file contains multiple CA certificates, to be used with the I -and I options. +The loaded CA certificates will be used with the I and +I options. =item B = CERT_FILE @@ -395,33 +415,37 @@ engine is enabled. =item B = EMAIL -email address of the peer certificate subject +verify the email address of the end-entity (leaf) peer certificate subject -Multiple I options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the email -address of the peer certificate matches any of the email addresses specified -with I. +address of the end-entity (leaf) peer certificate matches any of the email +addresses specified with I. + +Multiple I options are allowed in a single service section. This option requires OpenSSL 1.0.2 or later. =item B = HOST -host of the peer certificate subject +verify the host of the end-entity (leaf) peer certificate subject -Multiple I options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the host name -of the peer certificate matches any of the hosts specified with I. +of the end-entity (leaf) peer certificate matches any of the hosts specified +with I. + +Multiple I options are allowed in a single service section. This option requires OpenSSL 1.0.2 or later. =item B = IP -IP address of the peer certificate subject +verify the IP address of the end-entity (leaf) peer certificate subject -Multiple I options are allowed in a single service section. Certificates are accepted if no subject checks were specified, or the IP -address of the peer certificate matches any of the IP addresses specified with -I. +address of the end-entity (leaf) peer certificate matches any of the IP +addresses specified with I. + +Multiple I options are allowed in a single service section. This option requires OpenSSL 1.0.2 or later. @@ -461,7 +485,8 @@ I manual page. Several I lines can be used to specify multiple configuration commands. -Use I option instead of enabling I to support elliptic curves. +Use I option instead of enabling I to +support elliptic curves. This option requires OpenSSL 1.0.2 or later. @@ -472,7 +497,6 @@ connect to a remote address If no host is specified, the host defaults to localhost. Multiple I options are allowed in a single service section. - If host resolves to multiple addresses and/or if multiple I options are specified, then the remote address is chosen using a round-robin algorithm. @@ -629,7 +653,8 @@ use IDENT (RFC 1413) username checking include all configuration file parts located in DIRECTORY -The files are included in the ascending alphabetical order of their names. The recommended filename convention is +The files are included in the ascending alphabetical order of their names. The +recommended filename convention is for global options: @@ -669,7 +694,7 @@ remote connections. Use this option to bind a static local IP address instead. =item B = URL -select OCSP responder for certificate verification +select OCSP responder for the end-entity (leaf) peer certificate verification =item B = yes | no @@ -696,6 +721,16 @@ This option protects the OCSP protocol against replay attacks. Due to its computational overhead, the nonce extension is usually only supported on internal (e.g. corporate) responders, and not on public OCSP responders. +=item B = yes | no + +require a conclusive OCSP response + +Disable this option to allow a connection even though no conclusive OCSP +response was retrieved from stapling and a direct request to the OCSP +responder. + +default: yes + =item B = SSL_OPTIONS B library options @@ -719,8 +754,8 @@ default: options = NO_SSLv2 options = NO_SSLv3 -Use I or I option instead of disabling specific TLS protocol -versions when compiled with B or later. +Use I or I option instead of disabling specific +TLS protocol versions when compiled with B or later. =item B = PROTO @@ -913,10 +948,13 @@ This option is not supported on some platforms. default: yes -=item B = yes | no +=item B = yes | no | DELAY reconnect a connect+exec section after it was disconnected +The DELAY value specifies the number of milliseconds before retrying. +"retry = yes" has the same effect as "retry = 1000". + default: no =item B = LEVEL @@ -933,23 +971,39 @@ Everything is permitted. =item level 1 -The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited. +The security level corresponds to a minimum of 80 bits of security. Any +parameters offering below 80 bits of security are excluded. As a result RSA, +DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are +prohibited. All export cipher suites are prohibited since they all offer less +than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using +MD5 for the MAC is also prohibited. =item level 2 -Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also prohibited. SSL version 3 is also not allowed. Compression is disabled. +Security level set to 112 bits of security. As a result RSA, DSA and DH keys +shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In +addition to the level 1 exclusions any cipher suite using RC4 is also +prohibited. SSL version 3 is also not allowed. Compression is disabled. =item level 3 -Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward secrecy are prohibited. TLS versions below 1.1 are not permitted. Session tickets are disabled. +Security level set to 128 bits of security. As a result RSA, DSA and DH keys +shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In +addition to the level 2 exclusions cipher suites not offering forward secrecy +are prohibited. TLS versions below 1.1 are not permitted. Session tickets are +disabled. =item level 4 -Security level set to 192 bits of security. As a result RSA, DSA and DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are not permitted. +Security level set to 192 bits of security. As a result RSA, DSA and DH keys +shorter than 7680 bits and ECC keys shorter than 384 bits are prohibited. +Cipher suites using SHA1 for the MAC are prohibited. TLS versions below 1.2 are +not permitted. =item level 5 -Security level set to 256 bits of security. As a result RSA, DSA and DH keys shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited. +Security level set to 256 bits of security. As a result RSA, DSA and DH keys +shorter than 15360 bits and ECC keys shorter than 512 bits are prohibited. =item default: 2 @@ -972,9 +1026,11 @@ default: no Unix group id -As a global option: setgid() to the specified group in daemon mode and clear all other groups. +As a global option: setgid() to the specified group in daemon mode and clear +all other groups. -As a service-level option: set the group of the Unix socket specified with "accept". +As a service-level option: set the group of the Unix socket specified with +"accept". =item B = USER (Unix only) @@ -982,7 +1038,8 @@ Unix user id As a global option: setuid() to the specified user in daemon mode. -As a service-level option: set the owner of the Unix socket specified with "accept". +As a service-level option: set the owner of the Unix socket specified with +"accept". =item B = NUM_ENTRIES @@ -1012,26 +1069,26 @@ address of sessiond TLS cache server =item B = SERVICE_NAME:SERVER_NAME_PATTERN (server mode) -Use the service as a slave service (a name-based virtual server) for Server +Use the service as a secondary service (a name-based virtual server) for Server Name Indication TLS extension (RFC 3546). -I specifies the master service that accepts client connections +I specifies the primary service that accepts client connections with the I option. I specifies the host name to be redirected. The pattern may start with the '*' character, e.g. -'*.example.com'. Multiple slave services are normally specified for a single -master service. The I option can also be specified more than once within -a single slave service. +'*.example.com'. Multiple secondary services are normally specified for +a single primary service. The I option can also be specified more than +once within a single secondary service. -This service, as well as the master service, may not be configured in client +This service, as well as the primary service, may not be configured in client mode. -The I option of the slave service is ignored when the I +The I option of the secondary service is ignored when the I option is specified, as I connects to the remote host before TLS handshake. -Libwrap checks (Unix only) are performed twice: with the master service name -after TCP connection is accepted, and with the slave service name during the -TLS handshake. +Libwrap checks (Unix only) are performed twice: with the primary service name +after TCP connection is accepted, and with the secondary service name during +the TLS handshake. The I option is only available when compiled with B and later. @@ -1099,7 +1156,8 @@ linked OpenSSL library. Availability of specific protocols depends on the linked OpenSSL library. -The I option is only available when compiled with B and later. +The I option is only available when compiled with +B and later. default: all @@ -1114,7 +1172,8 @@ linked OpenSSL library. Availability of specific protocols depends on the linked OpenSSL library. -The I option is only available when compiled with B and later. +The I option is only available when compiled with +B and later. default: TLSv1 @@ -1175,12 +1234,16 @@ time to wait for close_notify (set to 0 for buggy MSIE) =item B = SECONDS -time to wait to connect to a remote host +time to wait to connect a remote host =item B = SECONDS time to keep an idle connection +=item B = SECONDS + +time to wait to connect an OCSP responder + =item B = none | source | destination | both (Unix only) enable transparent proxy support on selected platforms @@ -1301,23 +1364,25 @@ and I options. =item level 0 -Request and ignore the peer certificate. +Request and ignore the peer certificate chain. =item level 1 -Verify the peer certificate if present. +Verify the peer certificate chain if present. =item level 2 -Verify the peer certificate. +Verify the peer certificate chain. =item level 3 -Verify the peer against a locally installed certificate. +Verify the peer certificate chain and the end-entity (leaf) peer certificate +against a locally installed certificate. =item level 4 -Ignore the chain and only verify the peer certificate. +Ignore the peer certificate chain and only verify the end-entity (leaf) peer +certificate against a locally installed certificate. =item default @@ -1339,9 +1404,9 @@ default: no =item B = yes | no -verify the peer certificate +verify the end-entity (leaf) peer certificate -The peer certificate needs to be stored either in the file +The end-entity (leaf) peer certificate needs to be stored either in the file specified with I, or in the directory specified with I. default: no @@ -1479,19 +1544,19 @@ Now test your configuration on the client machine with: An example server mode SNI configuration: [virtual] - ; master service + ; primary service accept = 443 cert = default.pem connect = default.internal.mydomain.com:8080 [sni1] - ; slave service 1 + ; secondary service 1 sni = virtual:server1.mydomain.com cert = server1.pem connect = server1.internal.mydomain.com:8081 [sni2] - ; slave service 2 + ; secondary service 2 sni = virtual:server2.mydomain.com cert = server2.pem connect = server2.internal.mydomain.com:8082 @@ -1511,7 +1576,8 @@ The client key is automatically selected based on the list of CAs trusted by the accept = 127.0.0.1:8080 connect = example.com:8443 -An example of advanced engine configuration to use the certificate and the corresponding private key from a pkcs11 engine: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a pkcs11 engine: engine = pkcs11 engineCtrl = MODULE_PATH:opensc-pkcs11.so @@ -1525,7 +1591,8 @@ An example of advanced engine configuration to use the certificate and the corre cert = pkcs11:token=MyToken;object=MyCert key = pkcs11:token=MyToken;object=MyKey -An example of advanced engine configuration to use the certificate and the corresponding private key from a SoftHSM token: +An example of advanced engine configuration to use the certificate and the +corresponding private key from a SoftHSM token: engine = pkcs11 engineCtrl = MODULE_PATH:softhsm2.dll diff --git a/makedh.sh b/makedh.sh new file mode 100755 index 00000000..c1636750 --- /dev/null +++ b/makedh.sh @@ -0,0 +1,43 @@ +#!/bin/sh + +cat <$@ stunnel3: $(srcdir)/stunnel3.in +os2.mak: $(srcdir)/os2.mak.in # Unix shared library pkglib_LTLIBRARIES = libstunnel.la @@ -71,7 +73,14 @@ mingw64: clean-local: rm -rf ../obj ../bin -# Remaining files to be included +############################################################################### +# Remaining files to be included # +############################################################################### + +dist_noinst_DATA = os2.mak +EXTRA_DIST += os2.mak.in +CLEANFILES += os2.mak + EXTRA_DIST += $(win32_gui_sources) $(win32_cli_sources) EXTRA_DIST += make.bat makece.bat makew32.bat -EXTRA_DIST += mingw.mk mingw.mak evc.mak vc.mak os2.mak +EXTRA_DIST += mingw.mk mingw.mak evc.mak vc.mak diff --git a/src/Makefile.in b/src/Makefile.in index fd274886..475d824e 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 ############################################################################### # File lists # @@ -22,6 +22,7 @@ + VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -105,7 +106,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_noinst_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = config.h CONFIG_CLEAN_FILES = @@ -159,9 +161,9 @@ am__objects_3 = stunnel-tls.$(OBJEXT) stunnel-str.$(OBJEXT) \ stunnel-protocol.$(OBJEXT) stunnel-network.$(OBJEXT) \ stunnel-resolver.$(OBJEXT) stunnel-ssl.$(OBJEXT) \ stunnel-ctx.$(OBJEXT) stunnel-verify.$(OBJEXT) \ - stunnel-sthreads.$(OBJEXT) stunnel-fd.$(OBJEXT) \ - stunnel-dhparam.$(OBJEXT) stunnel-cron.$(OBJEXT) \ - stunnel-stunnel.$(OBJEXT) + stunnel-sthreads.$(OBJEXT) stunnel-ocsp.$(OBJEXT) \ + stunnel-fd.$(OBJEXT) stunnel-dhparam.$(OBJEXT) \ + stunnel-cron.$(OBJEXT) stunnel-stunnel.$(OBJEXT) am__objects_4 = stunnel-pty.$(OBJEXT) stunnel-libwrap.$(OBJEXT) \ stunnel-ui_unix.$(OBJEXT) am_stunnel_OBJECTS = $(am__objects_2) $(am__objects_3) \ @@ -192,12 +194,13 @@ am__depfiles_remade = ./$(DEPDIR)/env.Plo \ ./$(DEPDIR)/stunnel-ctx.Po ./$(DEPDIR)/stunnel-dhparam.Po \ ./$(DEPDIR)/stunnel-fd.Po ./$(DEPDIR)/stunnel-file.Po \ ./$(DEPDIR)/stunnel-libwrap.Po ./$(DEPDIR)/stunnel-log.Po \ - ./$(DEPDIR)/stunnel-network.Po ./$(DEPDIR)/stunnel-options.Po \ - ./$(DEPDIR)/stunnel-protocol.Po ./$(DEPDIR)/stunnel-pty.Po \ - ./$(DEPDIR)/stunnel-resolver.Po ./$(DEPDIR)/stunnel-ssl.Po \ - ./$(DEPDIR)/stunnel-sthreads.Po ./$(DEPDIR)/stunnel-str.Po \ - ./$(DEPDIR)/stunnel-stunnel.Po ./$(DEPDIR)/stunnel-tls.Po \ - ./$(DEPDIR)/stunnel-ui_unix.Po ./$(DEPDIR)/stunnel-verify.Po + ./$(DEPDIR)/stunnel-network.Po ./$(DEPDIR)/stunnel-ocsp.Po \ + ./$(DEPDIR)/stunnel-options.Po ./$(DEPDIR)/stunnel-protocol.Po \ + ./$(DEPDIR)/stunnel-pty.Po ./$(DEPDIR)/stunnel-resolver.Po \ + ./$(DEPDIR)/stunnel-ssl.Po ./$(DEPDIR)/stunnel-sthreads.Po \ + ./$(DEPDIR)/stunnel-str.Po ./$(DEPDIR)/stunnel-stunnel.Po \ + ./$(DEPDIR)/stunnel-tls.Po ./$(DEPDIR)/stunnel-ui_unix.Po \ + ./$(DEPDIR)/stunnel-verify.Po am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -224,6 +227,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +DATA = $(dist_noinst_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ config.h.in # Read a list of newline-separated strings from the standard input, @@ -307,9 +311,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -377,11 +378,10 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ common_headers = common.h prototypes.h version.h common_sources = tls.c str.c file.c client.c log.c options.c \ protocol.c network.c resolver.c ssl.c ctx.c verify.c \ - sthreads.c fd.c dhparam.c cron.c stunnel.c + sthreads.c ocsp.c fd.c dhparam.c cron.c stunnel.c unix_sources = pty.c libwrap.c ui_unix.c shared_sources = env.c win32_gui_sources = ui_win_gui.c resources.h resources.rc stunnel.ico \ @@ -389,12 +389,10 @@ win32_gui_sources = ui_win_gui.c resources.h resources.rc stunnel.ico \ win32_cli_sources = ui_win_cli.c stunnel_SOURCES = $(common_headers) $(common_sources) $(unix_sources) bin_SCRIPTS = stunnel3 - -# Remaining files to be included -EXTRA_DIST = stunnel3.in $(win32_gui_sources) $(win32_cli_sources) \ - make.bat makece.bat makew32.bat mingw.mk mingw.mak evc.mak \ - vc.mak os2.mak -CLEANFILES = stunnel3 +EXTRA_DIST = stunnel3.in os2.mak.in $(win32_gui_sources) \ + $(win32_cli_sources) make.bat makece.bat makew32.bat mingw.mk \ + mingw.mak evc.mak vc.mak +CLEANFILES = stunnel3 os2.mak # Red Hat "by design" bug #82369 @@ -406,15 +404,21 @@ stunnel_CPPFLAGS = -I$(SYSROOT)/usr/kerberos/include \ # TLS library stunnel_LDFLAGS = -L$(SSLDIR)/lib64 -L$(SSLDIR)/lib -lssl -lcrypto -# stunnel3 script +# Apply substitutions edit = sed \ - -e 's|@bindir[@]|$(bindir)|g' + -e 's|@bindir[@]|$(bindir)|g' \ + -e 's|@PACKAGE_VERSION[@]|$(PACKAGE_VERSION)|g' # Unix shared library pkglib_LTLIBRARIES = libstunnel.la libstunnel_la_SOURCES = $(shared_sources) libstunnel_la_LDFLAGS = -avoid-version + +############################################################################### +# Remaining files to be included # +############################################################################### +dist_noinst_DATA = os2.mak all: config.h $(MAKE) $(AM_MAKEFLAGS) all-am @@ -607,6 +611,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-libwrap.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-log.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-network.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-ocsp.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-options.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-protocol.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stunnel-pty.Po@am__quote@ # am--include-marker @@ -828,6 +833,20 @@ stunnel-sthreads.obj: sthreads.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-sthreads.obj `if test -f 'sthreads.c'; then $(CYGPATH_W) 'sthreads.c'; else $(CYGPATH_W) '$(srcdir)/sthreads.c'; fi` +stunnel-ocsp.o: ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-ocsp.o -MD -MP -MF $(DEPDIR)/stunnel-ocsp.Tpo -c -o stunnel-ocsp.o `test -f 'ocsp.c' || echo '$(srcdir)/'`ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-ocsp.Tpo $(DEPDIR)/stunnel-ocsp.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ocsp.c' object='stunnel-ocsp.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-ocsp.o `test -f 'ocsp.c' || echo '$(srcdir)/'`ocsp.c + +stunnel-ocsp.obj: ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-ocsp.obj -MD -MP -MF $(DEPDIR)/stunnel-ocsp.Tpo -c -o stunnel-ocsp.obj `if test -f 'ocsp.c'; then $(CYGPATH_W) 'ocsp.c'; else $(CYGPATH_W) '$(srcdir)/ocsp.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-ocsp.Tpo $(DEPDIR)/stunnel-ocsp.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='ocsp.c' object='stunnel-ocsp.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o stunnel-ocsp.obj `if test -f 'ocsp.c'; then $(CYGPATH_W) 'ocsp.c'; else $(CYGPATH_W) '$(srcdir)/ocsp.c'; fi` + stunnel-fd.o: fd.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(stunnel_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT stunnel-fd.o -MD -MP -MF $(DEPDIR)/stunnel-fd.Tpo -c -o stunnel-fd.o `test -f 'fd.c' || echo '$(srcdir)/'`fd.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/stunnel-fd.Tpo $(DEPDIR)/stunnel-fd.Po @@ -1018,7 +1037,8 @@ distdir-am: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) config.h +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) $(SCRIPTS) $(DATA) \ + config.h installdirs: for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(pkglibdir)" "$(DESTDIR)$(bindir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -1070,6 +1090,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/stunnel-libwrap.Po -rm -f ./$(DEPDIR)/stunnel-log.Po -rm -f ./$(DEPDIR)/stunnel-network.Po + -rm -f ./$(DEPDIR)/stunnel-ocsp.Po -rm -f ./$(DEPDIR)/stunnel-options.Po -rm -f ./$(DEPDIR)/stunnel-protocol.Po -rm -f ./$(DEPDIR)/stunnel-pty.Po @@ -1137,6 +1158,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/stunnel-libwrap.Po -rm -f ./$(DEPDIR)/stunnel-log.Po -rm -f ./$(DEPDIR)/stunnel-network.Po + -rm -f ./$(DEPDIR)/stunnel-ocsp.Po -rm -f ./$(DEPDIR)/stunnel-options.Po -rm -f ./$(DEPDIR)/stunnel-protocol.Po -rm -f ./$(DEPDIR)/stunnel-pty.Po @@ -1188,9 +1210,10 @@ uninstall-am: uninstall-binPROGRAMS uninstall-binSCRIPTS \ .PRECIOUS: Makefile -stunnel3: Makefile +stunnel3 os2.mak: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel3: $(srcdir)/stunnel3.in +os2.mak: $(srcdir)/os2.mak.in ############################################################################### # Win32 executables # diff --git a/src/client.c b/src/client.c index 14e7ac95..420a84fe 100644 --- a/src/client.c +++ b/src/client.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -251,7 +251,6 @@ NOEXPORT void print_tmp_key(SSL *s); #endif NOEXPORT void print_cipher(CLI *); NOEXPORT void transfer(CLI *); -NOEXPORT int parse_socket_error(CLI *, const char *); NOEXPORT void auth_user(CLI *); NOEXPORT SOCKET connect_local(CLI *); @@ -367,7 +366,7 @@ void ignore_value(void *ptr) { void client_main(CLI *c) { s_log(LOG_DEBUG, "Service [%s] started", c->opt->servname); if(c->opt->exec_name && c->opt->connect_addr.names) { - if(c->opt->option.retry) + if(c->opt->retry >= 0) exec_connect_loop(c); else exec_connect_once(c); @@ -393,7 +392,7 @@ void client_free(CLI *c) { NOEXPORT void exec_connect_loop(CLI *c) { unsigned long long seq=0; const char *fresh_id=c->tls->id; - unsigned retry; + long retry; do { /* make sure c->tls->id is valid in str_printf() */ @@ -404,19 +403,20 @@ NOEXPORT void exec_connect_loop(CLI *c) { exec_connect_once(c); /* retry is asynchronously changed in the main thread, * so we make sure to use the same value for both checks */ - retry=c->opt->option.retry; - if(retry) { + retry=c->opt->retry; + if(retry >= 0) { s_log(LOG_INFO, "Retrying an exec+connect section"); /* c and id are detached, so it is safe to call str_stats() */ str_stats(); /* client thread allocation tracking */ - s_poll_sleep(1, 0); + if(retry) + s_poll_sleep((int)(retry/1000), (int)(retry%1000)); c->rr++; } /* make sure c->tls->id is valid in str_free() */ c->tls->id=fresh_id; str_free(id); - } while(retry); /* retry is disabled on config reload */ + } while(retry >= 0); /* retry is disabled on config reload */ } #ifdef __GNUC__ #if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) @@ -452,7 +452,8 @@ NOEXPORT void exec_connect_once(CLI *fresh_c) { #endif /* __GNUC__ */ NOEXPORT void client_run(CLI *c) { jmp_buf exception_buffer, *exception_backup; - int err, rst; + int err, rst_remote, rst_local; + char *close_status; #ifndef USE_FORK int num; #endif @@ -496,13 +497,27 @@ NOEXPORT void client_run(CLI *c) { } c->exception_pointer=exception_backup; - rst=err==1 && c->opt->option.reset; + /* plain socket is remote in the server mode */ + rst_remote=err==1 && c->opt->option.reset && + (!c->fatal_alert || !c->opt->option.client); + /* plain socket is local in the client mode */ + rst_local=err==1 && c->opt->option.reset && + (!c->fatal_alert || c->opt->option.client); + if(rst_remote && rst_local) + close_status="reset"; + else if(rst_remote) + close_status="reset/closed"; + else if(rst_local) + close_status="closed/reset"; + else + close_status="closed"; s_log(LOG_NOTICE, "Connection %s: %llu byte(s) sent to TLS, %llu byte(s) sent to socket", - rst ? "reset" : "closed", + close_status, (unsigned long long)c->ssl_bytes, (unsigned long long)c->sock_bytes); #ifdef USE_WIN32 - if(capwin_hwnd && err==1 && InterlockedExchange(&capwin_connectivity, 0)) + if(capwin_hwnd && (rst_remote || rst_local) + && InterlockedExchange(&capwin_connectivity, 0)) PostMessage(capwin_hwnd, WM_CAPWIN_NET_DOWN, 0, 0); #endif @@ -560,8 +575,11 @@ NOEXPORT void client_run(CLI *c) { /* cleanup the remote socket */ if(c->remote_fd.fd!=INVALID_SOCKET) { /* remote socket initialized */ - if(rst && c->remote_fd.is_socket) /* reset */ - reset(c->remote_fd.fd, "linger (remote)"); + if(rst_remote && c->remote_fd.is_socket) /* reset */ + reset(c->remote_fd.fd, "remote_fd"); +#ifndef USE_UCONTEXT + set_nonblock(c->remote_fd.fd, 0); +#endif closesocket(c->remote_fd.fd); s_log(LOG_DEBUG, "Remote descriptor (FD=%ld) closed", (long)c->remote_fd.fd); @@ -571,16 +589,19 @@ NOEXPORT void client_run(CLI *c) { /* cleanup the local socket */ if(c->local_rfd.fd!=INVALID_SOCKET) { /* local socket initialized */ if(c->local_rfd.fd==c->local_wfd.fd) { - if(rst && c->local_rfd.is_socket) - reset(c->local_rfd.fd, "linger (local)"); + if(rst_local && c->local_rfd.is_socket) + reset(c->local_rfd.fd, "local_rfd/local_wfd"); +#ifndef USE_UCONTEXT + set_nonblock(c->local_rfd.fd, 0); +#endif closesocket(c->local_rfd.fd); s_log(LOG_DEBUG, "Local descriptor (FD=%ld) closed", (long)c->local_rfd.fd); } else { /* stdin/stdout */ - if(rst && c->local_rfd.is_socket) - reset(c->local_rfd.fd, "linger (local_rfd)"); - if(rst && c->local_wfd.is_socket) - reset(c->local_wfd.fd, "linger (local_wfd)"); + if(rst_local && c->local_rfd.is_socket) + reset(c->local_rfd.fd, "local_rfd"); + if(rst_local && c->local_wfd.is_socket) + reset(c->local_wfd.fd, "local_wfd"); } c->local_rfd.fd=c->local_wfd.fd=INVALID_SOCKET; } @@ -616,21 +637,26 @@ NOEXPORT void client_run(CLI *c) { NOEXPORT void client_try(CLI *c) { local_start(c); - protocol(c, c->opt, PROTOCOL_EARLY); + if(c->opt->protocol_early) + c->opt->protocol_early(c); if(c->opt->option.connect_before_ssl) { remote_start(c); - protocol(c, c->opt, PROTOCOL_MIDDLE); + if(c->opt->protocol_middle) + c->opt->protocol_middle(c); ssl_start(c); } else { ssl_start(c); - protocol(c, c->opt, PROTOCOL_MIDDLE); + if(c->opt->protocol_middle) + c->opt->protocol_middle(c); remote_start(c); } #ifdef MSSPISSL if( c->is_exec ) connect_local( c ); #endif - protocol(c, c->opt, PROTOCOL_LATE); + + if(c->opt->protocol_late) + c->opt->protocol_late(c); transfer(c); } @@ -768,6 +794,12 @@ NOEXPORT void ssl_start(CLI *c) { } if(c->opt->option.client) { #ifndef OPENSSL_NO_TLSEXT +#ifndef OPENSSL_NO_OCSP + if(!SSL_set_tlsext_status_type(c->ssl, TLSEXT_STATUSTYPE_ocsp)) { + sslerror("OCSP: SSL_set_tlsext_status_type"); + throw_exception(c, 1); + } +#endif /* !defined(OPENSSL_NO_OCSP) */ /* c->opt->sni should always be initialized at this point, * either explicitly with "sni" * or implicitly with "protocolHost" or "connect" */ @@ -1243,7 +1275,7 @@ NOEXPORT void session_cache_retrieve(CLI *c) { if(c->opt->connect_session) { sess=c->opt->connect_session[c->idx]; } else { - s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache"); + s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache (retrieve)"); sess=NULL; } } @@ -1255,19 +1287,18 @@ NOEXPORT void session_cache_retrieve(CLI *c) { #if OPENSSL_VERSION_NUMBER >= 0x10101000L NOEXPORT void print_tmp_key(SSL *s) { EVP_PKEY *key; + long tmp_key_found; #ifdef SSL_CTRL_GET_PEER_TMP_KEY - if (!SSL_get_peer_tmp_key(s, &key)) { - sslerror("SSL_get_peer_tmp_key"); - return; - } + tmp_key_found=SSL_get_peer_tmp_key(s, &key); #else - if (!SSL_get_server_tmp_key(s, &key)) { - sslerror("SSL_get_server_tmp_key"); + tmp_key_found=SSL_get_server_tmp_key(s, &key); +#endif + if(!tmp_key_found) { + s_log(LOG_INFO, "No peer temporary key received"); return; } -#endif - switch (EVP_PKEY_id(key)) { + switch(EVP_PKEY_id(key)) { case EVP_PKEY_RSA: s_log(LOG_INFO, "Peer temporary key: RSA, %d bits", EVP_PKEY_bits(key)); break; @@ -1313,7 +1344,7 @@ NOEXPORT void print_cipher(CLI *c) { /* print negotiated cipher */ SSL_session_reused(c->ssl) && !c->flag.psk ? "previous session reused" : "new session negotiated"); - cipher=SSL_get_current_cipher(c->ssl); + cipher=(SSL_CIPHER *)SSL_get_current_cipher(c->ssl); s_log(LOG_INFO, "%s ciphersuite: %s (%d-bit encryption)", SSL_get_version(c->ssl), SSL_CIPHER_get_name(cipher), SSL_CIPHER_get_bits(cipher, NULL)); @@ -1535,7 +1566,7 @@ NOEXPORT void transfer(CLI *c) { shutdown_wants_read=shutdown_wants_write=0; break; case SSL_ERROR_SYSCALL: /* socket error */ - if(parse_socket_error(c, "SSL_shutdown")) + if(socket_needs_retry(c, "transfer: SSL_shutdown")) break; /* a non-critical error: retry */ SSL_set_shutdown(c->ssl, SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); shutdown_wants_read=shutdown_wants_write=0; @@ -1551,7 +1582,7 @@ NOEXPORT void transfer(CLI *c) { ssize_t num=writesocket(c->sock_wfd->fd, c->ssl_buff, c->ssl_ptr); switch(num) { case -1: /* error */ - if(parse_socket_error(c, "writesocket")) + if(socket_needs_retry(c, "transfer: writesocket")) break; /* a non-critical error: retry */ sock_open_rd=sock_open_wr=0; break; @@ -1573,7 +1604,7 @@ NOEXPORT void transfer(CLI *c) { c->sock_buff+c->sock_ptr, BUFFSIZE-c->sock_ptr); switch(num) { case -1: - if(parse_socket_error(c, "readsocket")) + if(socket_needs_retry(c, "transfer: readsocket")) break; /* a non-critical error: retry */ sock_open_rd=sock_open_wr=0; break; @@ -1604,14 +1635,14 @@ NOEXPORT void transfer(CLI *c) { case SSL_ERROR_NONE: if(num==0) { /* nothing was written: ignore */ s_log(LOG_DEBUG, "SSL_write returned 0"); - break; /* do not reset the watchdog */ + } else { + memmove(c->sock_buff, c->sock_buff+num, + c->sock_ptr-(size_t)num); + c->sock_ptr-=(size_t)num; + memset(c->sock_buff+c->sock_ptr, 0, (size_t)num); /* PPD */ + c->ssl_bytes+=(size_t)num; + watchdog=0; /* data transferred -> reset the watchdog */ } - memmove(c->sock_buff, c->sock_buff+num, - c->sock_ptr-(size_t)num); - c->sock_ptr-=(size_t)num; - memset(c->sock_buff+c->sock_ptr, 0, (size_t)num); /* paranoia */ - c->ssl_bytes+=(size_t)num; - watchdog=0; /* reset the watchdog */ break; case SSL_ERROR_WANT_WRITE: /* buffered data? */ s_log(LOG_DEBUG, "SSL_write returned WANT_WRITE: retrying"); @@ -1631,7 +1662,7 @@ NOEXPORT void transfer(CLI *c) { case SSL_ERROR_ZERO_RETURN: /* a buffered close_notify alert */ /* fall through */ case SSL_ERROR_SYSCALL: /* socket error */ - if(parse_socket_error(c, "SSL_write") && num) /* always log the error */ + if(socket_needs_retry(c, "transfer: SSL_write") && num) break; /* a non-critical error: retry */ /* EOF -> buggy (e.g. Microsoft) peer: * TLS socket closed without close_notify alert */ @@ -1662,10 +1693,10 @@ NOEXPORT void transfer(CLI *c) { case SSL_ERROR_NONE: if(num==0) { /* nothing was read: ignore */ s_log(LOG_DEBUG, "SSL_read returned 0"); - break; /* do not reset the watchdog */ + } else { + c->ssl_ptr+=(size_t)num; + watchdog=0; /* data transferred -> reset the watchdog */ } - c->ssl_ptr+=(size_t)num; - watchdog=0; /* reset the watchdog */ break; case SSL_ERROR_WANT_WRITE: s_log(LOG_DEBUG, "SSL_read returned WANT_WRITE: retrying"); @@ -1682,6 +1713,24 @@ NOEXPORT void transfer(CLI *c) { "SSL_read returned WANT_X509_LOOKUP: retrying"); break; case SSL_ERROR_SSL: +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING + /* OpenSSL 3.0 changed the method of reporting socket EOF */ + if(ERR_GET_REASON(ERR_peek_error())== + SSL_R_UNEXPECTED_EOF_WHILE_READING) { + /* EOF -> buggy (e.g. Microsoft) peer: + * TLS socket closed without close_notify alert */ + if(c->sock_ptr || write_wants_write) { + s_log(LOG_ERR, + "TLS socket closed (SSL_read) with %ld unsent byte(s)", + (long)c->sock_ptr); + throw_exception(c, 1); /* reset the sockets */ + } + s_log(LOG_INFO, "TLS socket closed (SSL_read)"); + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; + } +#endif /* SSL_R_UNEXPECTED_EOF_WHILE_READING */ sslerror("SSL_read"); throw_exception(c, 1); case SSL_ERROR_ZERO_RETURN: /* received a close_notify alert */ @@ -1691,7 +1740,7 @@ NOEXPORT void transfer(CLI *c) { SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); break; case SSL_ERROR_SYSCALL: - if(parse_socket_error(c, "SSL_read") && num) /* always log the error */ + if(socket_needs_retry(c, "transfer: SSL_read") && num) break; /* a non-critical error: retry */ /* EOF -> buggy (e.g. Microsoft) peer: * TLS socket closed without close_notify alert */ @@ -1823,48 +1872,6 @@ NOEXPORT void transfer(CLI *c) { shutdown_wants_read || shutdown_wants_write); } - /* returns 0 on close and 1 on non-critical errors */ -NOEXPORT int parse_socket_error(CLI *c, const char *text) { - switch(get_last_socket_error()) { - /* http://tangentsoft.net/wskfaq/articles/bsd-compatibility.html */ - case 0: /* close on read, or close on write on WIN32 */ - /* fall through */ -#ifndef USE_WIN32 - case EPIPE: /* close on write on Unix */ - /* fall through */ -#endif - case S_ECONNABORTED: - s_log(LOG_INFO, "%s: Socket is closed", text); - return 0; - case S_EINTR: - s_log(LOG_DEBUG, "%s: Interrupted by a signal: retrying", text); - return 1; - case S_EWOULDBLOCK: - s_log(LOG_NOTICE, "%s: Would block: retrying", text); - s_poll_sleep(1, 0); /* Microsoft bug KB177346 */ - return 1; -#if S_EAGAIN!=S_EWOULDBLOCK - case S_EAGAIN: - s_log(LOG_DEBUG, - "%s: Temporary lack of resources: retrying", text); - return 1; -#endif -#ifdef USE_WIN32 - case S_ECONNRESET: - /* dying "exec" processes on Win32 cause reset instead of close */ - if(c->opt->exec_name) { - s_log(LOG_INFO, "%s: Socket is closed (exec)", text); - return 0; - } -#endif - /* fall through */ - default: - sockerror(text); - throw_exception(c, 1); - return -1; /* some C compilers require a return value */ - } -} - NOEXPORT void auth_user(CLI *c) { #ifndef _WIN32_WCE struct servent *s_ent; /* structure for getservbyname */ @@ -1896,7 +1903,7 @@ NOEXPORT void auth_user(CLI *c) { s_log(LOG_WARNING, "Unknown service 'auth': using default 113"); ident.in.sin_port=htons(113); } - if(s_connect(c, &ident, addr_len(&ident))) + if(s_connect(c, &ident, addr_len(&ident), c->opt->timeout_connect)) throw_exception(c, 1); s_log(LOG_DEBUG, "IDENT server connected"); remote_port=ntohs(c->peer_addr.in.sin_port); @@ -2095,10 +2102,6 @@ else #else /* standard Unix version */ -#ifndef HAVE_UNISTD_H -extern char **environ; -#endif - NOEXPORT SOCKET connect_local(CLI *c) { /* spawn local process */ int fd[2], pid; char **env; @@ -2176,6 +2179,7 @@ else } char **env_alloc(CLI *c) { + extern char **environ; char **env=NULL, **p; unsigned n=0; /* (n+2) keeps the list NULL-terminated */ char *name, host[40], port[6]; @@ -2299,7 +2303,8 @@ NOEXPORT SOCKET connect_remote(CLI *c) { c->idx=(idx_start+idx_try)%c->connect_addr.num; if(!connect_init(c, c->connect_addr.addr[c->idx].sa.sa_family) && !s_connect(c, &c->connect_addr.addr[c->idx], - addr_len(&c->connect_addr.addr[c->idx]))) { + addr_len(&c->connect_addr.addr[c->idx]), + c->opt->timeout_connect)) { #ifdef NO_OPENSSLOFF #ifdef MSSPISSL if( !c->msh ) @@ -2573,10 +2578,15 @@ NOEXPORT void print_bound_address(CLI *c) { NOEXPORT void reset(SOCKET fd, const char *txt) { /* set lingering on a socket */ struct linger l; + s_log(LOG_DEBUG, "%s reset (FD=%ld)", txt, (long)fd); l.l_onoff=1; l.l_linger=0; - if(setsockopt(fd, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof l)) - log_error(LOG_DEBUG, get_last_socket_error(), txt); + if(setsockopt(fd, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof l)) { + int err=get_last_socket_error(); + char *message=str_printf("setsockopt(SO_LINGER) on %s", txt); + log_error(LOG_INFO, err, message); + str_free(message); + } } void throw_exception(CLI *c, int v) { diff --git a/src/common.h b/src/common.h index 5b5a5976..d292c083 100644 --- a/src/common.h +++ b/src/common.h @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -244,6 +244,8 @@ typedef int ssize_t; #include #include +#include /* _alloca */ + #include /* _beginthread */ #include /* SHGetFolderPath */ #include @@ -513,7 +515,7 @@ extern char *sys_errlist[]; #include #if OPENSSL_VERSION_NUMBER<0x10100000L int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -#endif /* OpenSSL older than 1.1.0 */ +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ #endif /* !defined(OPENSSL_NO_DH) */ #ifndef OPENSSL_NO_ENGINE #include @@ -525,8 +527,12 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); /* not defined in public headers before OpenSSL 0.9.8 */ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); #endif /* !defined(OPENSSL_NO_COMP) */ +#if OPENSSL_VERSION_NUMBER>=0x10101000L +#include +#endif /* OPENSSL_VERSION_NUMBER>=0x10101000L */ #if OPENSSL_VERSION_NUMBER>=0x30000000L #include +#include #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ #ifndef OPENSSL_VERSION @@ -562,6 +568,14 @@ STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); #define is_prefix(a, b) (strncasecmp((a), (b), strlen(b))==0) +#ifndef va_copy +#ifdef __va_copy +#define va_copy(dst, src) __va_copy((dst), (src)) +#else /* __va_copy */ +#define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list)) +#endif /* __va_copy */ +#endif /* va_copy */ + #endif /* defined COMMON_H */ /* end of common.h */ diff --git a/src/config.h.in b/src/config.h.in index 10f66cf7..d6c96a70 100644 --- a/src/config.h.in +++ b/src/config.h.in @@ -69,9 +69,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MALLOC_H -/* Define to 1 if you have the header file. */ -#undef HAVE_MEMORY_H - /* Define to 1 if you have 'msghdr.msg_control' structure. */ #undef HAVE_MSGHDR_MSG_CONTROL @@ -120,6 +117,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_H + /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H @@ -247,7 +247,9 @@ /* TLS directory */ #undef SSLDIR -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #undef STDC_HEADERS /* Define to 1 to enable OpenSSL FIPS support */ @@ -277,11 +279,6 @@ /* Use Darwin source */ #undef _DARWIN_C_SOURCE -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS diff --git a/src/cron.c b/src/cron.c index e5654568..957bf4c2 100644 --- a/src/cron.c +++ b/src/cron.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -37,27 +37,33 @@ #include "prototypes.h" +/* run the per-day job every 24 hours */ +#define PER_DAY_PERIOD (24*60*60) + #ifdef USE_OS_THREADS -THREAD_ID cron_thread_id=(THREAD_ID)0; +THREAD_ID per_second_thread_id=(THREAD_ID)0, per_day_thread_id=(THREAD_ID)0; #endif #ifdef USE_PTHREAD -NOEXPORT void *cron_thread(void *arg); +NOEXPORT void *per_second_thread(void *arg); +NOEXPORT void *per_day_thread(void *arg); #endif #ifdef USE_WIN32 -NOEXPORT unsigned __stdcall cron_thread(void *arg); +NOEXPORT unsigned __stdcall per_second_thread(void *arg); +NOEXPORT unsigned __stdcall per_day_thread(void *arg); #endif #ifdef USE_OS_THREADS -NOEXPORT void cron_worker(void); +NOEXPORT void per_second_worker(void); +NOEXPORT void per_day_worker(void); #ifndef OPENSSL_NO_DH #if OPENSSL_VERSION_NUMBER>=0x0090800fL -NOEXPORT void cron_dh_param(BN_GENCB *); -NOEXPORT BN_GENCB *cron_bn_gencb(void); +NOEXPORT void per_day_dh_param(BN_GENCB *); +NOEXPORT BN_GENCB *per_day_bn_gencb(void); NOEXPORT int bn_callback(int, int, BN_GENCB *); #else /* OpenSSL older than 0.9.8 */ -NOEXPORT void cron_dh_param(void); +NOEXPORT void per_day_dh_param(void); NOEXPORT void dh_callback(int, int, void *); #endif /* OpenSSL 0.9.8 or later */ #endif /* OPENSSL_NO_DH */ @@ -75,7 +81,9 @@ int cron_init() { pthread_sigmask(SIG_SETMASK, &new_set, &old_set); /* block signals */ #endif /* HAVE_PTHREAD_SIGMASK && !__APPLE__*/ CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_THREAD_LIST]); - if(pthread_create(&cron_thread_id, NULL, cron_thread, NULL)) + if(pthread_create(&per_second_thread_id, NULL, per_second_thread, NULL)) + ioerror("pthread_create"); + if(pthread_create(&per_day_thread_id, NULL, per_day_thread, NULL)) ioerror("pthread_create"); CRYPTO_THREAD_unlock(stunnel_locks[LOCK_THREAD_LIST]); #if defined(HAVE_PTHREAD_SIGMASK) && !defined(__APPLE__) @@ -84,19 +92,26 @@ int cron_init() { return 0; } -NOEXPORT void *cron_thread(void *arg) { +NOEXPORT void *per_second_thread(void *arg) { + (void)arg; /* squash the unused parameter warning */ + tls_alloc(NULL, NULL, "per-second"); + per_second_worker(); + return NULL; /* it should never be executed */ +} + +NOEXPORT void *per_day_thread(void *arg) { #ifdef SCHED_BATCH struct sched_param param; #endif (void)arg; /* squash the unused parameter warning */ - tls_alloc(NULL, NULL, "cron"); + tls_alloc(NULL, NULL, "per-day"); #ifdef SCHED_BATCH param.sched_priority=0; if(pthread_setschedparam(pthread_self(), SCHED_BATCH, ¶m)) ioerror("pthread_getschedparam"); #endif - cron_worker(); + per_day_worker(); return NULL; /* it should never be executed */ } @@ -104,22 +119,32 @@ NOEXPORT void *cron_thread(void *arg) { int cron_init() { CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_THREAD_LIST]); - cron_thread_id=(HANDLE)_beginthreadex(NULL, 0, cron_thread, NULL, 0, NULL); + per_second_thread_id=(HANDLE)_beginthreadex(NULL, 0, per_second_thread, NULL, 0, NULL); + per_day_thread_id=(HANDLE)_beginthreadex(NULL, 0, per_day_thread, NULL, 0, NULL); CRYPTO_THREAD_unlock(stunnel_locks[LOCK_THREAD_LIST]); - if(!cron_thread_id) { + if(!per_day_thread_id || !per_day_thread_id) { ioerror("_beginthreadex"); return 1; } return 0; } -NOEXPORT unsigned __stdcall cron_thread(void *arg) { +NOEXPORT unsigned __stdcall per_second_thread(void *arg) { (void)arg; /* squash the unused parameter warning */ - tls_alloc(NULL, NULL, "cron"); + tls_alloc(NULL, NULL, "per-second"); + per_second_worker(); + _endthreadex(0); /* it should never be executed */ + return 0; +} + +NOEXPORT unsigned __stdcall per_day_thread(void *arg) { + (void)arg; /* squash the unused parameter warning */ + + tls_alloc(NULL, NULL, "per-day"); if(!SetThreadPriority(GetCurrentThread(), THREAD_PRIORITY_LOWEST)) ioerror("SetThreadPriority"); - cron_worker(); + per_day_worker(); _endthreadex(0); /* it should never be executed */ return 0; } @@ -133,40 +158,47 @@ int cron_init() { #endif -/* run the cron job every 24 hours */ -#define CRON_PERIOD (24*60*60) - #ifdef USE_OS_THREADS -NOEXPORT void cron_worker(void) { +NOEXPORT void per_second_worker(void) { + s_log(LOG_DEBUG, "Per-second thread initialized"); + for(;;) { + s_poll_sleep(1, 0); /* 1 second */ + CRYPTO_THREAD_read_lock(stunnel_locks[LOCK_LOG_MODE]); + file_flush(outfile); + CRYPTO_THREAD_unlock(stunnel_locks[LOCK_LOG_MODE]); + } +} + +NOEXPORT void per_day_worker(void) { time_t now, then; int delay; #if !defined(OPENSSL_NO_DH) && OPENSSL_VERSION_NUMBER>=0x0090800fL BN_GENCB *bn_gencb; #endif - s_log(LOG_DEBUG, "Cron thread initialized"); + s_log(LOG_DEBUG, "Per-day thread initialized"); #if !defined(OPENSSL_NO_DH) && OPENSSL_VERSION_NUMBER>=0x0090800fL - bn_gencb=cron_bn_gencb(); + bn_gencb=per_day_bn_gencb(); #endif time(&then); for(;;) { - s_log(LOG_INFO, "Executing cron jobs"); + s_log(LOG_INFO, "Executing per-day jobs"); #ifndef OPENSSL_NO_DH #if OPENSSL_VERSION_NUMBER>=0x0090800fL - cron_dh_param(bn_gencb); + per_day_dh_param(bn_gencb); #else /* OpenSSL older than 0.9.8 */ - cron_dh_param(); + per_day_dh_param(); #endif /* OpenSSL 0.9.8 or later */ #endif /* OPENSSL_NO_DH */ time(&now); - s_log(LOG_INFO, "Cron jobs completed in %d seconds", (int)(now-then)); - then+=CRON_PERIOD; + s_log(LOG_INFO, "Per-day jobs completed in %d seconds", (int)(now-then)); + then+=PER_DAY_PERIOD; if(then>now) { delay=(int)(then-now); } else { - s_log(LOG_NOTICE, "Cron backlog cleared (possible hibernation)"); - delay=CRON_PERIOD-(int)(now-then)%CRON_PERIOD; + s_log(LOG_NOTICE, "Per-day backlog cleared (possible hibernation)"); + delay=PER_DAY_PERIOD-(int)(now-then)%PER_DAY_PERIOD; then=now+delay; } s_log(LOG_DEBUG, "Waiting %d seconds", delay); @@ -183,9 +215,9 @@ NOEXPORT void cron_worker(void) { #ifndef OPENSSL_NO_DH #if OPENSSL_VERSION_NUMBER>=0x0090800fL -NOEXPORT void cron_dh_param(BN_GENCB *bn_gencb) { +NOEXPORT void per_day_dh_param(BN_GENCB *bn_gencb) { #else /* OpenSSL older than 0.9.8 */ -NOEXPORT void cron_dh_param(void) { +NOEXPORT void per_day_dh_param(void) { #endif /* OpenSSL 0.9.8 or later */ SERVICE_OPTIONS *opt; DH *dh; @@ -231,7 +263,7 @@ NOEXPORT void cron_dh_param(void) { #if OPENSSL_VERSION_NUMBER>=0x0090800fL -NOEXPORT BN_GENCB *cron_bn_gencb(void) { +NOEXPORT BN_GENCB *per_day_bn_gencb(void) { #if OPENSSL_VERSION_NUMBER>=0x10100000L BN_GENCB *bn_gencb; diff --git a/src/ctx.c b/src/ctx.c index b6e6c89f..7c2c4801 100644 --- a/src/ctx.c +++ b/src/ctx.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -140,6 +140,8 @@ typedef long SSL_OPTIONS_TYPE; #endif int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ + s_log(LOG_DEBUG, "Initializing context [%s]", section->servname); + /* create a new TLS context */ #if OPENSSL_VERSION_NUMBER>=0x10100000L #if OPENSSL_VERSION_NUMBER>=0x30000000L @@ -152,13 +154,15 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ section->ctx=SSL_CTX_new(section->option.client ? TLS_client_method() : TLS_server_method()); #endif /* OPENSSL_VERSION_NUMBER>=0x30000000L */ - if(!SSL_CTX_set_min_proto_version(section->ctx, + if(section->min_proto_version && + !SSL_CTX_set_min_proto_version(section->ctx, section->min_proto_version)) { s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X", section->min_proto_version); return 1; /* FAILED */ } - if(!SSL_CTX_set_max_proto_version(section->ctx, + if(section->max_proto_version && + !SSL_CTX_set_max_proto_version(section->ctx, section->max_proto_version)) { s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X", section->max_proto_version); @@ -323,6 +327,12 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ if(verify_init(section)) return 1; /* FAILED */ + /* OCSP stapling */ +#ifndef OPENSSL_NO_OCSP + if(ocsp_init(section)) + return 1; /* FAILED */ +#endif /* OPENSSL_NO_OCSP */ + /* initialize the DH/ECDH key agreement */ #ifndef OPENSSL_NO_TLSEXT if(!section->option.client) @@ -339,6 +349,25 @@ int context_init(SERVICE_OPTIONS *section) { /* init TLS context */ return 0; /* OK */ } +/**************************************** cleanup TLS context */ + +/* + * free anything allocate from context_init() and callbacks + * also free any cached data allocated in client.c + */ +void context_cleanup(SERVICE_OPTIONS *section) { + s_log(LOG_DEBUG, "Cleaning up context [%s]", section->servname); + +#ifndef OPENSSL_NO_OCSP + ocsp_cleanup(section); +#endif /* !defined(OPENSSL_NO_OCSP) */ + str_free(section->chain); + if(section->session) + SSL_SESSION_free(section->session); + if(section->ctx) + SSL_CTX_free(section->ctx); +} + /**************************************** SNI callback */ #ifndef OPENSSL_NO_TLSEXT @@ -715,7 +744,13 @@ NOEXPORT unsigned psk_server_callback(SSL *ssl, const char *identity, c=SSL_get_ex_data(ssl, index_ssl_cli); found=psk_find(&c->opt->psk_sorted, identity); if(!found) { - s_log(LOG_INFO, "PSK identity not found (session resumption?)"); + const char *c=identity; + while(*c && isprint(*c)) + c++; + if(*c) + s_log(LOG_INFO, "PSK identity not found (session resumption?)"); + else + s_log(LOG_INFO, "PSK identity not found: %s", identity); return 0; } if(found->key_len>max_psk_len) { @@ -843,6 +878,21 @@ NOEXPORT int load_pkcs12_file(SERVICE_OPTIONS *section) { sslerror("SSL_CTX_use_PrivateKey"); return 1; /* FAILED */ } +#if OPENSSL_VERSION_NUMBER>=0x10002000L + if(!SSL_CTX_set0_chain(section->ctx, ca)) { + sslerror("SSL_CTX_set0_chain"); + return 1; /* FAILED */ + } +#else /* OPENSSL_VERSION_NUMBER>=0x10002000L */ + /* FIXME: implement for OpenSSL older than 1.0.2 */ +#if 0 + /* struct cert_st is private, so the following code won't build */ + if(section->ctx->cert->key->chain) + sk_X509_pop_free(section->ctx->cert->key->chain, X509_free); + section->ctx->cert->key->chain=ca; +#endif + sk_X509_pop_free(ca, X509_free); /* just free the memory */ +#endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ s_log(LOG_INFO, "Certificate and private key loaded from file: %s", section->cert); return 0; /* OK */ @@ -897,24 +947,19 @@ NOEXPORT int load_key_file(SERVICE_OPTIONS *section) { #ifndef OPENSSL_NO_ENGINE NOEXPORT int load_cert_engine(SERVICE_OPTIONS *section) { - struct { - const char *id; - X509 *cert; - } parms; + X509 *cert; s_log(LOG_INFO, "Loading certificate from engine ID: %s", section->cert); - parms.id=section->cert; - parms.cert=NULL; - ENGINE_ctrl_cmd(section->engine, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); - if(!parms.cert) { - sslerror("ENGINE_ctrl_cmd"); + cert=engine_get_cert(section->engine, section->cert); + if(!cert) return 1; /* FAILED */ - } - if(!SSL_CTX_use_certificate(section->ctx, parms.cert)) { + if(!SSL_CTX_use_certificate(section->ctx, cert)) { sslerror("SSL_CTX_use_certificate"); + X509_free(cert); return 1; /* FAILED */ } s_log(LOG_INFO, "Certificate loaded from engine ID: %s", section->cert); + X509_free(cert); return 0; /* OK */ } @@ -1005,30 +1050,41 @@ NOEXPORT int ui_retry() { unsigned long err=ERR_peek_error(); switch(ERR_GET_LIB(err)) { - case ERR_LIB_ASN1: - return 1; - case ERR_LIB_PKCS12: + case ERR_LIB_EVP: /* 6 */ switch(ERR_GET_REASON(err)) { - case PKCS12_R_MAC_VERIFY_FAILURE: + case EVP_R_BAD_DECRYPT: return 1; default: + s_log(LOG_ERR, "Unhandled ERR_LIB_EVP error reason: %d", + ERR_GET_REASON(err)); return 0; } - case ERR_LIB_EVP: + case ERR_LIB_PEM: /* 9 */ switch(ERR_GET_REASON(err)) { - case EVP_R_BAD_DECRYPT: + case PEM_R_BAD_PASSWORD_READ: + case PEM_R_BAD_DECRYPT: return 1; default: + s_log(LOG_ERR, "Unhandled ERR_LIB_PEM error reason: %d", + ERR_GET_REASON(err)); return 0; } - case ERR_LIB_PEM: + case ERR_LIB_ASN1: /* 13 */ + return 1; + case ERR_LIB_PKCS12: /* 35 */ switch(ERR_GET_REASON(err)) { - case PEM_R_BAD_PASSWORD_READ: + case PKCS12_R_MAC_VERIFY_FAILURE: return 1; default: + s_log(LOG_ERR, "Unhandled ERR_LIB_PKCS12 error reason: %d", + ERR_GET_REASON(err)); return 0; } - case ERR_LIB_UI: +#ifdef ERR_LIB_DSO /* 37 */ + case ERR_LIB_DSO: + return 1; +#endif + case ERR_LIB_UI: /* 40 */ switch(ERR_GET_REASON(err)) { case UI_R_RESULT_TOO_LARGE: case UI_R_RESULT_TOO_SMALL: @@ -1037,17 +1093,44 @@ NOEXPORT int ui_retry() { #endif return 1; default: + s_log(LOG_ERR, "Unhandled ERR_LIB_UI error reason: %d", + ERR_GET_REASON(err)); + return 0; + } +#ifdef ERR_LIB_OSSL_STORE + case ERR_LIB_OSSL_STORE: /* 44 - added in OpenSSL 1.1.1 */ + switch(ERR_GET_REASON(err)) { + case OSSL_STORE_R_BAD_PASSWORD_READ: + return 1; + default: + s_log(LOG_ERR, "Unhandled ERR_LIB_OSSL_STORE error reason: %d", + ERR_GET_REASON(err)); return 0; } - case ERR_LIB_USER: /* PKCS#11 hacks */ +#endif +#ifdef ERR_LIB_PROV + case ERR_LIB_PROV: /* 57 - added in OpenSSL 3.0 */ + switch(ERR_GET_REASON(err)) { + case PROV_R_BAD_DECRYPT: + return 1; + default: + s_log(LOG_ERR, "Unhandled ERR_LIB_PROV error reason: %d", + ERR_GET_REASON(err)); + return 0; + } +#endif + case ERR_LIB_USER: /* 128 - PKCS#11 hacks */ switch(ERR_GET_REASON(err)) { case 7UL: /* CKR_ARGUMENTS_BAD */ case 0xa0UL: /* CKR_PIN_INCORRECT */ return 1; default: + s_log(LOG_ERR, "Unhandled ERR_LIB_USER error reason: %d", + ERR_GET_REASON(err)); return 0; } default: + s_log(LOG_ERR, "Unhandled error library: %d", ERR_GET_LIB(err)); return 0; } } @@ -1328,7 +1411,7 @@ NOEXPORT void session_cache_save(CLI *c, SSL_SESSION *sess) { old=c->opt->connect_session[c->idx]; c->opt->connect_session[c->idx]=sess; } else { - s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache"); + s_log(LOG_ERR, "INTERNAL ERROR: Uninitialized client session cache (save)"); old=NULL; } } @@ -1542,58 +1625,66 @@ NOEXPORT void info_callback(const SSL *ssl, int where, int ret) { CLI *c; SSL_CTX *ctx; const char *state_string; - - c=SSL_get_ex_data(ssl, index_ssl_cli); - if(c) { #if OPENSSL_VERSION_NUMBER>=0x10100000L - OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); + OSSL_HANDSHAKE_STATE state=SSL_get_state(ssl); #else - int state=SSL_get_state((SSL *)ssl); + int state=SSL_get_state((SSL *)ssl); #endif + c=SSL_get_ex_data(ssl, index_ssl_cli); + if(!c) { + s_log(LOG_ERR, + "INTERNAL ERROR: info_callback() called without CLI, state = %x", + state); + return; + } #if 0 - s_log(LOG_DEBUG, "state = %x", state); + s_log(LOG_DEBUG, "state = %x", state); #endif + /* do not reset the TLS socket after a fatal alert */ + if(where & SSL_CB_ALERT && !strcmp(SSL_alert_type_string(ret), "F")) + c->fatal_alert=1; + /* log the client certificate request (if received) */ #ifndef SSL3_ST_CR_CERT_REQ_A - if(state==TLS_ST_CR_CERT_REQ) + if(state==TLS_ST_CR_CERT_REQ) #else - if(state==SSL3_ST_CR_CERT_REQ_A) + if(state==SSL3_ST_CR_CERT_REQ_A) #endif - print_client_CA_list(SSL_get_client_CA_list(ssl)); + print_CA_list("Received trusted client CA", + SSL_get_client_CA_list(ssl)); #ifndef SSL3_ST_CR_SRVR_DONE_A - if(state==TLS_ST_CR_SRVR_DONE) + if(state==TLS_ST_CR_SRVR_DONE) #else - if(state==SSL3_ST_CR_SRVR_DONE_A) + if(state==SSL3_ST_CR_SRVR_DONE_A) #endif - if(!SSL_get_client_CA_list(ssl)) - s_log(LOG_INFO, "Client certificate not requested"); - - /* prevent renegotiation DoS attack */ - if((where&SSL_CB_HANDSHAKE_DONE) - && c->reneg_state==RENEG_INIT) { - /* first (initial) handshake was completed, remember this, - * so that further renegotiation attempts can be detected */ - c->reneg_state=RENEG_ESTABLISHED; - } else if((where&SSL_CB_ACCEPT_LOOP) - && c->reneg_state==RENEG_ESTABLISHED) { + if(!SSL_get_client_CA_list(ssl)) + s_log(LOG_INFO, "Client certificate not requested"); + + /* prevent renegotiation DoS attack */ + if((where&SSL_CB_HANDSHAKE_DONE) + && c->reneg_state==RENEG_INIT) { + /* first (initial) handshake was completed, remember this, + * so that further renegotiation attempts can be detected */ + c->reneg_state=RENEG_ESTABLISHED; + } else if((where&SSL_CB_ACCEPT_LOOP) + && c->reneg_state==RENEG_ESTABLISHED) { #ifndef SSL3_ST_SR_CLNT_HELLO_A - if(state==TLS_ST_SR_CLNT_HELLO) { + if(state==TLS_ST_SR_CLNT_HELLO) { #else - if(state==SSL3_ST_SR_CLNT_HELLO_A - || state==SSL23_ST_SR_CLNT_HELLO_A) { + if(state==SSL3_ST_SR_CLNT_HELLO_A + || state==SSL23_ST_SR_CLNT_HELLO_A) { #endif - /* client hello received after initial handshake, - * this means renegotiation -> mark it */ - c->reneg_state=RENEG_DETECTED; - } + /* client hello received after initial handshake, + * this means renegotiation -> mark it */ + c->reneg_state=RENEG_DETECTED; } - - if(c->opt->log_levelopt->log_level + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/evc.mak b/src/evc.mak index 635f5c51..89c99dc6 100644 --- a/src/evc.mak +++ b/src/evc.mak @@ -1,4 +1,4 @@ -# wce.mak for stunnel.exe by Michal Trojnara 1998-2022 +# wce.mak for stunnel.exe by Michal Trojnara 1998-2023 # with help of Pierre Delaage # pdelaage 20140610 : added UNICODE optional FLAG, always ACTIVE on WCE because of poor ANSI support # pdelaage 20140610 : added _WIN32_WCE flag for RC compilation, to preprocess out "HELP" unsupported menu flag on WCE @@ -116,7 +116,7 @@ OBJS=$(OBJ)\stunnel.obj $(OBJ)\ssl.obj $(OBJ)\ctx.obj $(OBJ)\verify.obj \ $(OBJ)\file.obj $(OBJ)\client.obj $(OBJ)\protocol.obj $(OBJ)\sthreads.obj \ $(OBJ)\log.obj $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \ $(OBJ)\str.obj $(OBJ)\tls.obj $(OBJ)\fd.obj $(OBJ)\dhparam.obj \ - $(OBJ)\cron.obj + $(OBJ)\ocsp.obj $(OBJ)\cron.obj GUIOBJS=$(OBJ)\ui_win_gui.obj $(OBJ)\resources.res CLIOBJS=$(OBJ)\ui_win_cli.obj diff --git a/src/fd.c b/src/fd.c index 908a184e..6613cd6b 100644 --- a/src/fd.c +++ b/src/fd.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/file.c b/src/file.c index dfb7480f..bcd7ed3f 100644 --- a/src/file.c +++ b/src/file.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -37,63 +37,49 @@ #include "prototypes.h" -#ifdef USE_WIN32 - -DISK_FILE *file_open(char *name, FILE_MODE mode) { +DISK_FILE *file_fdopen(int fd, FILE_MODE file_mode) { DISK_FILE *df; - LPTSTR tname; - HANDLE fh; - DWORD desired_access, creation_disposition; + FILE *f; + char *mode; - /* open file */ - switch(mode) { - case FILE_MODE_READ: - desired_access=GENERIC_READ; - creation_disposition=OPEN_EXISTING; + switch(fd) { + case 0: + f=stdin; break; - case FILE_MODE_APPEND: - /* reportedly more compatible than FILE_APPEND_DATA */ - desired_access=GENERIC_WRITE; - creation_disposition=OPEN_ALWAYS; /* keep the data */ + case 1: + f=stdout; break; - case FILE_MODE_OVERWRITE: - desired_access=GENERIC_WRITE; - creation_disposition=CREATE_ALWAYS; /* remove the data */ + case 2: + f=stderr; break; - default: /* invalid mode */ - return NULL; + default: + switch(file_mode) { + case FILE_MODE_READ: + mode="r"; + break; + case FILE_MODE_APPEND: + mode="a"; + break; + case FILE_MODE_OVERWRITE: + mode="w"; + break; + default: /* invalid file_mode */ + return NULL; + } + f=fdopen(fd, mode); } - tname=str2tstr(name); - fh=CreateFile(tname, desired_access, FILE_SHARE_READ, NULL, - creation_disposition, FILE_ATTRIBUTE_NORMAL, (HANDLE)NULL); - str_free(tname); /* str_free() overwrites GetLastError() value */ - if(fh==INVALID_HANDLE_VALUE) + if(!f) return NULL; - if(mode==FILE_MODE_APPEND) /* workaround for FILE_APPEND_DATA */ - SetFilePointer(fh, 0, NULL, FILE_END); - - /* setup df structure */ - df=str_alloc(sizeof(DISK_FILE)); - df->fh=fh; - return df; -} - -#else /* USE_WIN32 */ - -DISK_FILE *file_fdopen(int fd) { - DISK_FILE *df; - df=str_alloc(sizeof(DISK_FILE)); - df->fd=fd; + df->f=f; return df; } -DISK_FILE *file_open(char *name, FILE_MODE mode) { - DISK_FILE *df; +DISK_FILE *file_open(char *name, FILE_MODE file_mode) { int fd, flags; /* open file */ - switch(mode) { + switch(file_mode) { case FILE_MODE_READ: flags=O_RDONLY; break; @@ -103,66 +89,46 @@ DISK_FILE *file_open(char *name, FILE_MODE mode) { case FILE_MODE_OVERWRITE: flags=O_CREAT|O_WRONLY|O_TRUNC; break; - default: /* invalid mode */ + default: /* invalid file_mode */ return NULL; } -#ifdef O_NONBLOCK - flags|=O_NONBLOCK; -#elif defined O_NDELAY - flags|=O_NDELAY; -#endif #ifdef O_CLOEXEC flags|=O_CLOEXEC; #endif /* O_CLOEXEC */ + /* don't fopen() directly to prevent O_CLOEXEC race condition */ +#ifdef USE_WIN32 + fd=_open(name, flags, _S_IREAD|_S_IWRITE); +#else /* USE_WIN32 */ fd=open(name, flags, 0640); - if(fd==INVALID_SOCKET) +#endif /* USE_WIN32 */ + if(fd<0) return NULL; - - /* setup df structure */ - df=str_alloc(sizeof(DISK_FILE)); - df->fd=fd; - return df; + return file_fdopen(fd, file_mode); } -#endif /* USE_WIN32 */ - void file_close(DISK_FILE *df) { if(!df) /* nothing to do */ return; -#ifdef USE_WIN32 - CloseHandle(df->fh); -#else /* USE_WIN32 */ - if(df->fd>2) /* never close stdin/stdout/stder */ - close(df->fd); -#endif /* USE_WIN32 */ + if(fileno(df->f)>2) /* never close stdin/stdout/stder */ + fclose(df->f); str_free(df); } ssize_t file_getline(DISK_FILE *df, char *line, int len) { - /* this version is really slow, but performance is not important here */ - /* (no buffering is implemented) */ ssize_t i; -#ifdef USE_WIN32 - DWORD num; -#else /* USE_WIN32 */ - ssize_t num; -#endif /* USE_WIN32 */ + int c; if(!df) /* not opened */ return -1; for(i=0; ifh, line+i, 1, &num, NULL); -#else /* USE_WIN32 */ - num=read(df->fd, line+i, 1); -#endif /* USE_WIN32 */ - if(num!=1) { /* EOF */ - if(i) /* any previously retrieved data */ - break; - else + c=getc(df->f); + if(c==EOF) { + if(!i) /* no previously retrieved data */ return -1; + break; /* MSDOS-style last file line */ } + line[i]=(char)c; if(line[i]=='\n') /* LF */ break; if(line[i]=='\r') /* CR */ @@ -172,30 +138,33 @@ ssize_t file_getline(DISK_FILE *df, char *line, int len) { return i; } -ssize_t file_putline(DISK_FILE *df, char *line) { +ssize_t file_putline_nonewline(DISK_FILE *df, char *line) { + /* used for fatal_debug() -> no str.c functions are allowed */ + FILE *f; + int num; + + f=df ? df->f : stderr; /* no file -> write to stderr */ + num=fputs(line, f); /* automatically converts LF->CRLF on Windows */ + return (ssize_t)num; +} + +ssize_t file_putline_newline(DISK_FILE *df, char *line) { char *buff; size_t len; -#ifdef USE_WIN32 - DWORD num; -#else /* USE_WIN32 */ ssize_t num; -#endif /* USE_WIN32 */ len=strlen(line); - buff=str_alloc(len+2); /* +2 for CR+LF */ + buff=str_alloc(len+3); /* +2 for LF+NUL */ strcpy(buff, line); -#ifdef USE_WIN32 - buff[len++]='\r'; /* CR */ -#endif /* USE_WIN32 */ buff[len++]='\n'; /* LF */ -#ifdef USE_WIN32 - WriteFile(df->fh, buff, (DWORD)len, &num, NULL); -#else /* USE_WIN32 */ - /* no file -> write to stderr */ - num=write(df ? df->fd : 2, buff, len); -#endif /* USE_WIN32 */ + buff[len]='\0'; /* NUL */ + num=file_putline_nonewline(df, buff); str_free(buff); - return (ssize_t)num; + return num; +} + +int file_flush(DISK_FILE *df) { + return fflush(df ? df->f : stderr); /* no file -> flush stderr */ } int file_permissions(const char *file_name) { @@ -212,6 +181,7 @@ int file_permissions(const char *file_name) { "Insecure file permissions on %s", file_name); #else (void)file_name; /* squash the unused parameter warning */ + /* not (yet) implemented */ #endif return 0; } diff --git a/src/libwrap.c b/src/libwrap.c index b77b5d50..90fe7001 100644 --- a/src/libwrap.c +++ b/src/libwrap.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/log.c b/src/log.c index 76a20dac..b6a5ffb5 100644 --- a/src/log.c +++ b/src/log.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -41,7 +41,8 @@ NOEXPORT void log_queue(SERVICE_OPTIONS *, int, char *, char *, char *); NOEXPORT void log_raw(SERVICE_OPTIONS *, int, char *, char *, char *); NOEXPORT void safestring(char *); -static DISK_FILE *outfile=NULL; +DISK_FILE *outfile=NULL; + static struct LIST { /* single-linked list of log lines */ struct LIST *next; SERVICE_OPTIONS *opt; @@ -139,7 +140,22 @@ void log_close(int sink) { void s_log(int level, const char *format, ...) { va_list ap; - char *text, *stamp, *id; + + va_start(ap, format); + s_vlog(level, format, ap); + va_end(ap); +} + +#ifdef __GNUC__ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) +#pragma GCC diagnostic push +#endif /* __GNUC__>=4.6 */ +#pragma GCC diagnostic ignored "-Wformat-nonliteral" +#endif /* __GNUC__ */ +void s_vlog(int level, const char *format, va_list ap) { + va_list aq; + char stamp[72], id[72], *text; + int len; #ifdef USE_WIN32 DWORD libc_error; #else @@ -172,15 +188,25 @@ void s_log(int level, const char *format, ...) { #else timeptr=localtime(&gmt); #endif - stamp=str_printf("%04d.%02d.%02d %02d:%02d:%02d", + snprintf(stamp, sizeof stamp, "%04d.%02d.%02d %02d:%02d:%02d", timeptr->tm_year+1900, timeptr->tm_mon+1, timeptr->tm_mday, timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec); - id=str_printf("LOG%d[%s]", level, tls_data->id); + snprintf(id, sizeof id, "LOG%d[%s]", level, tls_data->id); /* format the text to be logged */ - va_start(ap, format); - text=str_vprintf(format, ap); - va_end(ap); + va_copy(aq, ap); + len=vsnprintf(NULL, 0, format, ap); + if(len>1024) + len=1024; +#ifdef USE_WIN32 + text=_alloca((size_t)len+1); +#else + text=alloca((size_t)len+1); +#endif + len=vsnprintf(text, (size_t)len+1, format, aq); + va_end(aq); + while(len>0 && text[len-1]=='\n') + text[--len]='\0'; /* strip trailing newlines */ safestring(text); /* either log or queue for logging */ @@ -195,6 +221,11 @@ void s_log(int level, const char *format, ...) { set_last_error(libc_error); set_last_socket_error(socket_error); } +#ifdef __GNUC__ +#if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6) +#pragma GCC diagnostic pop +#endif /* __GNUC__>=4.6 */ +#endif /* __GNUC__ */ NOEXPORT void log_queue(SERVICE_OPTIONS *opt, int level, char *stamp, char *id, char *text) { @@ -205,12 +236,9 @@ NOEXPORT void log_queue(SERVICE_OPTIONS *opt, tmp->next=NULL; tmp->opt=opt; tmp->level=level; - tmp->stamp=stamp; - str_detach(tmp->stamp); - tmp->id=id; - str_detach(tmp->id); - tmp->text=text; - str_detach(tmp->text); + tmp->stamp=str_dup_detached(stamp); + tmp->id=str_dup_detached(id); + tmp->text=str_dup_detached(text); /* append the new element to the list */ CRYPTO_THREAD_write_lock(stunnel_locks[LOCK_LOG_BUFFER]); @@ -236,6 +264,9 @@ void log_flush(LOG_MODE new_mode) { struct LIST *tmp=head; head=head->next; log_raw(tmp->opt, tmp->level, tmp->stamp, tmp->id, tmp->text); + str_free(tmp->stamp); + str_free(tmp->id); + str_free(tmp->text); str_free(tmp); } head=tail=NULL; @@ -248,6 +279,7 @@ void log_flush(LOG_MODE new_mode) { NOEXPORT void log_raw(SERVICE_OPTIONS *opt, int level, char *stamp, char *id, char *text) { char *line; + size_t size; /* NOTE: opt->log_level may have changed since s_log(). * It is important to use the new value and not the old one. */ @@ -255,33 +287,44 @@ NOEXPORT void log_raw(SERVICE_OPTIONS *opt, /* build the line and log it to syslog/file if configured */ switch(log_mode) { case LOG_MODE_CONFIGURED: - line=str_printf("%s %s: %s", stamp, id, text); + size=strlen(stamp)+strlen(id)+strlen(text)+4; +#ifdef USE_WIN32 + line=_alloca(size); +#else + line=alloca(size); +#endif + snprintf(line, size, "%s %s: %s", stamp, id, text); if(level<=opt->log_level) { #if !defined(USE_WIN32) && !defined(__vms) if(global_options.option.log_syslog) syslog(level, "%s: %s", id, text); #endif /* USE_WIN32, __vms */ - if(outfile) - file_putline(outfile, line); + if(outfile) { + file_putline_newline(outfile, line); +#ifndef USE_OS_THREADS + file_flush(outfile); +#endif /* !USE_OS_THREADS */ + } } break; case LOG_MODE_ERROR: /* don't log the id or the time stamp */ + size=strlen(text)+5; +#ifdef USE_WIN32 + line=_alloca(size); +#else + line=alloca(size); +#endif if(level>=0 && level<=7) /* just in case */ - line=str_printf("[%c] %s", "***!:. "[level], text); + snprintf(line, size, "[%c] %s", "***!:. "[level], text); else - line=str_printf("[?] %s", text); + snprintf(line, size, "[?] %s", text); break; default: /* LOG_MODE_INFO */ /* don't log the level, the id or the time stamp */ - line=str_dup(text); + line=text; } - /* free the memory */ - str_free(stamp); - str_free(id); - str_free(text); - /* log the line to the UI (GUI, stderr, etc.) */ if(log_mode==LOG_MODE_ERROR || (log_mode==LOG_MODE_INFO && levelfh, msg, (DWORD)strlen(msg), &num, NULL); -#else /* USE_WIN32 */ - /* no file -> write to stderr */ - /* no meaningful way here to handle the result */ - write(outfile ? outfile->fd : 2, msg, strlen(msg)); -#endif /* USE_WIN32 */ + file_putline_nonewline(outfile, msg); + file_flush(outfile); } #ifndef USE_WIN32 diff --git a/src/mingw.mak b/src/mingw.mak index 8017eb51..27c751c9 100644 --- a/src/mingw.mak +++ b/src/mingw.mak @@ -1,4 +1,4 @@ -# Simple Makefile.w32 for stunnel.exe by Michal Trojnara 1998-2022 +# Simple Makefile.w32 for stunnel.exe by Michal Trojnara 1998-2023 # # Modified by Brian Hatch (bri@stunnel.org) # 20101030 pdelaage: @@ -73,13 +73,13 @@ OBJS=$(OBJ)/stunnel.o $(OBJ)/ssl.o $(OBJ)/ctx.o $(OBJ)/verify.o \ $(OBJ)/file.o $(OBJ)/client.o $(OBJ)/protocol.o $(OBJ)/sthreads.o \ $(OBJ)/log.o $(OBJ)/options.o $(OBJ)/network.o $(OBJ)/resolver.o \ $(OBJ)/ui_win_gui.o $(OBJ)/resources.o $(OBJ)/str.o $(OBJ)/tls.o \ - $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/cron.o + $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/ocsp.o $(OBJ)/cron.o TOBJS=$(OBJ)/stunnel.o $(OBJ)/ssl.o $(OBJ)/ctx.o $(OBJ)/verify.o \ $(OBJ)/file.o $(OBJ)/client.o $(OBJ)/protocol.o $(OBJ)/sthreads.o \ $(OBJ)/log.o $(OBJ)/options.o $(OBJ)/network.o $(OBJ)/resolver.o \ $(OBJ)/ui_win_cli.o $(OBJ)/str.o $(OBJ)/tls.o \ - $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/cron.o + $(OBJ)/fd.o $(OBJ)/dhparam.o $(OBJ)/ocsp.o $(OBJ)/cron.o CC=gcc RC=windres diff --git a/src/mingw.mk b/src/mingw.mk index c1d1eeef..cf15bee0 100644 --- a/src/mingw.mk +++ b/src/mingw.mk @@ -1,5 +1,5 @@ ## mingw/mingw64 Makefile -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 # 32-bit Windows #win32_arch=win32 @@ -20,7 +20,7 @@ endif win32_cppflags = -I$(win32_ssl_dir)/include win32_cflags = -g -mthreads -O2 win32_cflags += -fstack-protector -win32_cflags += -Wall -Wextra -Wpedantic -Wconversion -Wno-long-long -ansi +win32_cflags += -Wall -Wextra -Wpedantic -Wconversion -std=c99 win32_cflags += -D_FORTIFY_SOURCE=2 -DUNICODE -D_UNICODE win32_ldflags = -g -mthreads -pipe win32_ldflags += -fstack-protector @@ -50,7 +50,7 @@ win32_cli_libs = $(win32_common_libs) $(win32_ssl_libs) common_headers = common.h prototypes.h version.h win32_common = tls str file client log options protocol network resolver -win32_common += ssl ctx verify sthreads fd dhparam cron stunnel +win32_common += ssl ctx verify ocsp sthreads fd dhparam cron stunnel win32_gui = ui_win_gui resources win32_cli = ui_win_cli win32_common_objs = $(addsuffix .o, $(addprefix $(objdir)/, $(win32_common))) diff --git a/src/network.c b/src/network.c index e9c9f296..f737f2dc 100644 --- a/src/network.c +++ b/src/network.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -597,7 +597,7 @@ int get_socket_error(const SOCKET fd) { /**************************************** simulate blocking I/O */ -int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) { +int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen, int timeout) { int error; char *dst; @@ -618,11 +618,11 @@ int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) { } s_log(LOG_DEBUG, "s_connect: s_poll_wait %s: waiting %d seconds", - dst, c->opt->timeout_connect); + dst, timeout); s_poll_init(c->fds, 0); s_poll_add(c->fds, c->fd, 1, 1); s_poll_dump(c->fds, LOG_DEBUG); - switch(s_poll_wait(c->fds, c->opt->timeout_connect, 0)) { + switch(s_poll_wait(c->fds, timeout, 0)) { case -1: error=get_last_socket_error(); s_log(LOG_ERR, "s_connect: s_poll_wait %s: %s (%d)", @@ -657,9 +657,10 @@ int s_connect(CLI *c, SOCKADDR_UNION *addr, socklen_t addrlen) { void s_write(CLI *c, SOCKET fd, const void *buf, size_t len) { /* simulate a blocking write */ const uint8_t *ptr=(const uint8_t *)buf; - ssize_t num; while(len>0) { + ssize_t num; + s_poll_init(c->fds, 0); s_poll_add(c->fds, fd, 0, 1); /* write */ switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { @@ -676,13 +677,15 @@ void s_write(CLI *c, SOCKET fd, const void *buf, size_t len) { s_log(LOG_ERR, "s_write: s_poll_wait: unknown result"); throw_exception(c, 1); /* error */ } + num=writesocket(fd, (const void *)ptr, len); - if(num==-1) { /* error */ - sockerror("writesocket (s_write)"); - throw_exception(c, 1); + if(num>=0) { + ptr+=(size_t)num; + len-=(size_t)num; + } else { /* error */ + if(!socket_needs_retry(c, "s_write: writesocket")) + throw_exception(c, 1); } - ptr+=(size_t)num; - len-=(size_t)num; } } @@ -712,16 +715,16 @@ size_t s_read_eof(CLI *c, SOCKET fd, void *ptr, size_t len) { } num=readsocket(fd, (char *)ptr+total, len); - if(num<0) { /* error */ - sockerror("readsocket (s_read_eof)"); - throw_exception(c, 1); + if(num>0) { + total+=(size_t)num; + len-=(size_t)num; + } else if(num==0) { /* EOF */ + s_log(LOG_DEBUG, "s_read_eof: EOF"); + break; /* EOF */ + } else { /* error */ + if(!socket_needs_retry(c, "s_read_eof: readsocket")) + break; /* EOF */ } - if(num==0) { /* EOF */ - s_log(LOG_DEBUG, "Socket closed (s_read_eof)"); - break; - } - total+=(size_t)num; - len-=(size_t)num; } return total; } @@ -729,8 +732,10 @@ size_t s_read_eof(CLI *c, SOCKET fd, void *ptr, size_t len) { void s_read(CLI *c, SOCKET fd, void *ptr, size_t len) { /* simulate a blocking read */ /* throw an exception on EOF */ - if(s_read_eof(c, fd, ptr, len)!=len) { - s_log(LOG_ERR, "Unexpected socket close (s_read)"); + size_t received=s_read_eof(c, fd, ptr, len); + if(received!=len) { + s_log(LOG_ERR, "s_read: Received %llu out of requested %llu byte(s)", + (unsigned long long)received, (unsigned long long)len); throw_exception(c, 1); } } @@ -794,32 +799,47 @@ void fd_printf(CLI *c, SOCKET fd, const char *format, ...) { void s_ssl_write(CLI *c, const void *buf, int len) { /* simulate a blocking SSL_write */ const uint8_t *ptr=(const uint8_t *)buf; - int num; while(len>0) { + int num, err; + s_poll_init(c->fds, 0); s_poll_add(c->fds, c->ssl_wfd->fd, 0, 1); /* write */ switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { case -1: - sockerror("s_write: s_poll_wait"); + sockerror("s_ssl_write: s_poll_wait"); throw_exception(c, 1); /* error */ case 0: - s_log(LOG_INFO, "s_write: s_poll_wait:" + s_log(LOG_INFO, "s_ssl_write: s_poll_wait:" " TIMEOUTbusy exceeded: sending reset"); throw_exception(c, 1); /* timeout */ case 1: break; /* OK */ default: - s_log(LOG_ERR, "s_write: s_poll_wait: unknown result"); + s_log(LOG_ERR, "s_ssl_write: s_poll_wait: unknown result"); throw_exception(c, 1); /* error */ } + num=SSL_write(c->ssl, (const void *)ptr, len); - if(num==-1) { /* error */ - sockerror("SSL_write (s_ssl_write)"); + err=SSL_get_error(c->ssl, num); + if(err==SSL_ERROR_NONE) { + ptr+=num; + len-=num; + } else if(err==SSL_ERROR_WANT_WRITE) { + s_log(LOG_DEBUG, "s_ssl_write: SSL_ERROR_WANT_WRITE: Retrying"); + } else if(err==SSL_ERROR_SSL) { + sslerror("s_ssl_write: SSL_write"); + throw_exception(c, 1); + } else if(err==SSL_ERROR_SYSCALL) { + if(!socket_needs_retry(c, "s_ssl_write: SSL_write")) { + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ + } + } else { + s_log(LOG_ERR, "s_ssl_write: Unhandled error %d", err); throw_exception(c, 1); } - ptr+=num; - len-=num; } } @@ -829,38 +849,62 @@ size_t s_ssl_read_eof(CLI *c, void *ptr, int len) { size_t total=0; while(len>0) { - int num; + int num, err; if(!SSL_pending(c->ssl)) { s_poll_init(c->fds, 0); s_poll_add(c->fds, c->ssl_rfd->fd, 1, 0); /* read */ switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { case -1: - sockerror("s_read: s_poll_wait"); + sockerror("s_ssl_read_eof: s_poll_wait"); throw_exception(c, 1); /* error */ case 0: - s_log(LOG_INFO, "s_read: s_poll_wait:" + s_log(LOG_INFO, "s_ssl_read_eof: s_poll_wait:" " TIMEOUTbusy exceeded: sending reset"); throw_exception(c, 1); /* timeout */ case 1: break; /* OK */ default: - s_log(LOG_ERR, "s_read: s_poll_wait: unknown result"); + s_log(LOG_ERR, "s_ssl_read_eof: s_poll_wait: unknown result"); throw_exception(c, 1); /* error */ } } num=SSL_read(c->ssl, (char *)ptr+total, len); - if(num<0) { /* error */ - sockerror("SSL_read (s_ssl_read_eof)"); + err=SSL_get_error(c->ssl, num); + if(err==SSL_ERROR_NONE) { + total+=(size_t)num; + len-=num; + } else if(err==SSL_ERROR_ZERO_RETURN) { + s_log(LOG_DEBUG, "s_ssl_read_eof: close_notify"); + break; /* EOF */ + } else if(err==SSL_ERROR_WANT_READ) { + s_log(LOG_DEBUG, "s_ssl_read_eof: SSL_ERROR_WANT_READ: Retrying"); + } else if(err==SSL_ERROR_SSL) { +#ifdef SSL_R_UNEXPECTED_EOF_WHILE_READING + /* OpenSSL 3.0 changed the method of reporting socket EOF */ + if(ERR_GET_REASON(ERR_peek_error())== + SSL_R_UNEXPECTED_EOF_WHILE_READING) { + /* EOF -> buggy (e.g. Microsoft) peer: + * TLS socket closed without close_notify alert */ + s_log(LOG_DEBUG, "s_ssl_read_eof: TLS socket closed"); + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ + } +#endif /* SSL_R_UNEXPECTED_EOF_WHILE_READING */ + sslerror("s_ssl_read_eof: SSL_read"); + throw_exception(c, 1); + } else if(err==SSL_ERROR_SYSCALL) { + if(!socket_needs_retry(c, "s_ssl_read_eof: SSL_read")) { + SSL_set_shutdown(c->ssl, + SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + break; /* EOF */ + } + } else { + s_log(LOG_ERR, "s_ssl_read_oef: Unhandled error %d", err); throw_exception(c, 1); } - if(num==0) { /* EOF */ - s_log(LOG_DEBUG, "Socket close (s_ssl_read_eof)"); - break; - } - total+=(size_t)num; - len-=num; } return total; } @@ -868,8 +912,10 @@ size_t s_ssl_read_eof(CLI *c, void *ptr, int len) { void s_ssl_read(CLI *c, void *ptr, int len) { /* simulate a blocking SSL_read */ /* throw an exception on EOF */ - if(s_ssl_read_eof(c, ptr, len)!=(size_t)len) { - s_log(LOG_ERR, "Unexpected socket close (s_ssl_read)"); + size_t received=s_ssl_read_eof(c, ptr, len); + if(received!=(size_t)len) { + s_log(LOG_ERR, "s_ssl_read: Received %llu out of requested %d byte(s)", + (unsigned long long)received, len); throw_exception(c, 1); } } @@ -1045,4 +1091,46 @@ int original_dst(const SOCKET fd, SOCKADDR_UNION *addr) { return -1; /* failed */ } + /* returns 0 on close and 1 on non-critical errors */ +int socket_needs_retry(CLI *c, const char *text) { + switch(get_last_socket_error()) { + /* http://tangentsoft.net/wskfaq/articles/bsd-compatibility.html */ + case 0: /* close on read, or close on write on WIN32 */ + /* fall through */ +#ifndef USE_WIN32 + case EPIPE: /* close on write on Unix */ + /* fall through */ +#endif + case S_ECONNABORTED: + s_log(LOG_INFO, "%s: Socket is closed", text); + return 0; + case S_EINTR: + s_log(LOG_DEBUG, "%s: Interrupted by a signal: retrying", text); + return 1; + case S_EWOULDBLOCK: + s_log(LOG_NOTICE, "%s: Would block: retrying", text); + s_poll_sleep(1, 0); /* Microsoft bug KB177346 */ + return 1; +#if S_EAGAIN!=S_EWOULDBLOCK + case S_EAGAIN: + s_log(LOG_DEBUG, + "%s: Temporary lack of resources: retrying", text); + return 1; +#endif +#ifdef USE_WIN32 + case S_ECONNRESET: + /* dying "exec" processes on Win32 cause reset instead of close */ + if(c->opt->exec_name) { + s_log(LOG_INFO, "%s: Socket is closed (exec)", text); + return 0; + } +#endif + /* fall through */ + default: + sockerror(text); + throw_exception(c, 1); + return -1; /* some C compilers require a return value */ + } +} + /* end of network.c */ diff --git a/src/ocsp.c b/src/ocsp.c new file mode 100644 index 00000000..5073dedf --- /dev/null +++ b/src/ocsp.c @@ -0,0 +1,909 @@ +/* + * stunnel TLS offloading and load-balancing proxy + * Copyright (C) 1998-2023 Michal Trojnara + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, see . + * + * Linking stunnel statically or dynamically with other modules is making + * a combined work based on stunnel. Thus, the terms and conditions of + * the GNU General Public License cover the whole combination. + * + * In addition, as a special exception, the copyright holder of stunnel + * gives you permission to combine stunnel with free software programs or + * libraries that are released under the GNU LGPL and with code included + * in the standard release of OpenSSL under the OpenSSL License (or + * modified versions of such code, with unchanged license). You may copy + * and distribute such a system following the terms of the GNU GPL for + * stunnel and the licenses of the other code concerned. + * + * Note that people who make modified versions of stunnel are not obligated + * to grant this special exception for their modified versions; it is their + * choice whether to do so. The GNU General Public License gives permission + * to release a modified version without this exception; this exception + * also makes it possible to release a modified version which carries + * forward this exception. + */ + +#include "prototypes.h" + +#ifndef OPENSSL_NO_OCSP + +#define INVALID_TIME ((time_t)-1) +#ifdef DEFINE_STACK_OF +/* defined in openssl/safestack.h: + * DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) */ +#else /* DEFINE_STACK_OF */ +#ifndef sk_OPENSSL_STRING_num +#define sk_OPENSSL_STRING_num(st) sk_num(st) +#endif /* sk_OPENSSL_STRING_num */ +#ifndef sk_OPENSSL_STRING_value +#define sk_OPENSSL_STRING_value(st, i) sk_value((st),(i)) +#endif /* sk_OPENSSL_STRING_value */ +#endif /* DEFINE_STACK_OF */ + +typedef struct { + /* OCSP request and validation parameters */ + int depth; + int nonce; + int aia; + long leeway; + unsigned long flags; + char *url; + STACK_OF(X509) *chain_to_verify; + X509 *root_ca; + OCSP_CERTID *cert_id; + + /* OCSP validation results */ + int requested; + int callback_ctx_error; + + /* OCSP single request and result */ + OCSP_REQUEST *request; + OCSP_RESPONSE *response; + ASN1_GENERALIZEDTIME *revoked_at, *this_update, *next_update; +} OCSP_PARAMS; + +/**************************************** OCSP stapling callbacks */ + +NOEXPORT int ocsp_client_cb(SSL *, void *); +#if OPENSSL_VERSION_NUMBER>=0x10002000L +NOEXPORT int ocsp_server_cb(SSL *, void *); +#endif /* OpenSSL version 1.0.2 or later */ + +/**************************************** OCSP utility functions */ + +NOEXPORT void ocsp_params_free(OCSP_PARAMS *); +NOEXPORT void ocsp_params_cleanup(OCSP_PARAMS *); +NOEXPORT int ocsp_verify(CLI *, OCSP_PARAMS *); +NOEXPORT int check_aia(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_request(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_get_response(CLI *, OCSP_PARAMS *); +NOEXPORT int ocsp_response_validate(CLI *, OCSP_PARAMS *); +NOEXPORT void ocsp_params_setup_cert_id(OCSP_PARAMS *); +NOEXPORT int ocsp_params_append_root_ca(CLI *, OCSP_PARAMS *); +NOEXPORT void log_time(const int, const char *, ASN1_GENERALIZEDTIME *); +#if OPENSSL_VERSION_NUMBER>=0x10101000L +NOEXPORT time_t time_t_get_asn1_time(const ASN1_TIME *); +#endif /* OpenSSL version 1.1.1 or later */ + +/**************************************** OCSP initialization */ + +int ocsp_init(SERVICE_OPTIONS *section) { + section->ocsp_response_lock=CRYPTO_THREAD_lock_new(); + if(section->option.client) { + if(!SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_client_cb)) { + sslerror("OCSP: SSL_CTX_set_tlsext_status_cb"); + return 1; /* FAILED */ + } + s_log(LOG_DEBUG, "OCSP: Client OCSP stapling enabled"); + } else { +#if OPENSSL_VERSION_NUMBER>=0x10002000L + if(!section->psk_keys) { + if(SSL_CTX_set_tlsext_status_cb(section->ctx, ocsp_server_cb)==TLSEXT_STATUSTYPE_ocsp) + s_log(LOG_DEBUG, "OCSP: Server OCSP stapling enabled"); + } else { + s_log(LOG_NOTICE, "OCSP: Server OCSP stapling is incompatible with PSK"); + } +#else /* OpenSSL version 1.0.2 or later */ + s_log(LOG_NOTICE, "OCSP: Server OCSP stapling not supported"); +#endif /* OpenSSL version 1.0.2 or later */ + } + + return 0; /* OK */ +} + +/* free all of the OCSP_PARAMS values */ +NOEXPORT void ocsp_params_free(OCSP_PARAMS *params) { + ocsp_params_cleanup(params); + if(params->chain_to_verify) { + sk_X509_free(params->chain_to_verify); + params->chain_to_verify=NULL; + } + if(params->root_ca) { + X509_free(params->root_ca); + params->root_ca=NULL; + } + if(params->cert_id) { + OCSP_CERTID_free(params->cert_id); + params->cert_id=NULL; + } +} + +/* free the OCSP_PARAMS values required to reuse it for a next request */ +NOEXPORT void ocsp_params_cleanup(OCSP_PARAMS *params) { + if(params->response) { + OCSP_RESPONSE_free(params->response); + params->response=NULL; + } + if(params->request) { + OCSP_REQUEST_free(params->request); + params->request=NULL; + } + params->revoked_at=NULL; + params->this_update=NULL; + params->next_update=NULL; +} + +/**************************************** OCSP cleanup */ + +void ocsp_cleanup(SERVICE_OPTIONS *section) { + if(section->ocsp_response_len) { + OPENSSL_free(section->ocsp_response_der); + section->ocsp_response_len=0; + } + if(section->ocsp_response_lock) + CRYPTO_THREAD_lock_free(section->ocsp_response_lock); +} + +/**************************************** OCSP verify.c callback */ + +int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) { + OCSP_PARAMS params; + int ret=0; /* failed */ + + /* initial checks */ + if(!c->opt->option.verify_chain) { + s_log(LOG_INFO, "OCSP: Certificate chain verification disabled"); + return 1; /* accept */ + } + if(c->opt->option.client && + !X509_STORE_CTX_get_error_depth(callback_ctx) && + !c->opt->stapling_cb_flag) { + /* for client peer certificate verification, + * tlsext_status_ocsp_resp is needed for oscp_verify_ssl() */ + c->opt->verify_cb_flag=1; + /* ocsp_verify() will be invoked from ocsp_client_cb() */ + s_log(LOG_DEBUG, "OCSP: Waiting for OCSP stapling response"); + return 1; /* accept */ + } + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=X509_STORE_CTX_get_error_depth(callback_ctx); + params.nonce=c->opt->option.nonce; + params.aia=c->opt->option.aia; + params.leeway=60; /* allow for one minute leeway */ + params.flags=c->opt->ocsp_flags; + params.url=c->opt->ocsp_url; + params.callback_ctx_error=X509_V_ERR_APPLICATION_VERIFICATION; + + /* get the client certificate chain */ + params.chain_to_verify=sk_X509_dup(X509_STORE_CTX_get0_chain(callback_ctx)); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + ret=ocsp_verify(c, ¶ms); + +cleanup: + if(!ret) + X509_STORE_CTX_set_error(callback_ctx, params.callback_ctx_error); + ocsp_params_free(¶ms); + return ret; +} + +/**************************************** OCSP stapling client callback */ + +/* + * Returns 0 if the response is not acceptable (the handshake will fail) + * or 1 if it is acceptable. + */ +NOEXPORT int ocsp_client_cb(SSL *ssl, void *arg) { + CLI *c; + OCSP_PARAMS params; + int ret=0; /* failed */ + + (void)arg; /* squash the unused parameter warning */ + s_log(LOG_DEBUG, "OCSP stapling: Client callback called"); + + c=SSL_get_ex_data(ssl, index_ssl_cli); + + /* initial checks */ + if(!c->opt->option.verify_chain) { + s_log(LOG_INFO, "OCSP: Certificate chain verification disabled"); + return 1; /* accept */ + } + if(SSL_session_reused(ssl)) { + s_log(LOG_DEBUG, "OCSP: Skipped OCSP stapling (previous session reused)"); + return 1; /* accept: there is nothing we can do at session resumption */ + } + if(!c->opt->option.client) { /* just in case */ + s_log(LOG_DEBUG, "OCSP: Client callback ignored on a server"); + return 1; /* accept */ + } + if(!c->opt->verify_cb_flag) { + /* for client peer certificate verification, + * peer certificates are needed for oscp_verify_ssl() */ + c->opt->stapling_cb_flag=1; + /* ocsp_verify() will be invoked from ocsp_check() */ + s_log(LOG_DEBUG, "OCSP: Waiting for OCSP peer certificates"); + return 1; /* accept */ + } + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=0; /* peer (leaf) certificate */ + params.nonce=c->opt->option.nonce; + params.aia=c->opt->option.aia; + params.leeway=60; /* allow for one minute leeway */ + params.flags=c->opt->ocsp_flags; + params.url=c->opt->ocsp_url; + + /* get the client certificate chain */ + params.chain_to_verify=sk_X509_dup(SSL_get_peer_cert_chain(ssl)); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + ret=ocsp_verify(c, ¶ms); + +cleanup: + ocsp_params_free(¶ms); + return ret; +} + +/**************************************** OCSP stapling server callback */ + +#if OPENSSL_VERSION_NUMBER>=0x10002000L +/* + * This is called when a client includes a certificate status request extension. + * The response is either obtained from a cache, or from an OCSP responder. + * Returns one of: + * SSL_TLSEXT_ERR_OK - the OCSP response that has been set should be returned + * SSL_TLSEXT_ERR_NOACK - the OCSP response should not be returned + * SSL_TLSEXT_ERR_ALERT_FATAL - a fatal error has occurred + */ +NOEXPORT int ocsp_server_cb(SSL *ssl, void *arg) { + CLI *c; + OCSP_PARAMS params; + X509 *cert; + STACK_OF(X509) *chain=NULL; + unsigned char *response_der=NULL; + const unsigned char *response_tmp; + int response_len=0, ret=SSL_TLSEXT_ERR_ALERT_FATAL; + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + (void)arg; /* squash the unused parameter warning */ + s_log(LOG_DEBUG, "OCSP stapling: Server callback called"); + + c=SSL_get_ex_data(ssl, index_ssl_cli); + + /* initialize the OCSP_PARAMS structure */ + memset(¶ms, 0, sizeof(OCSP_PARAMS)); + params.depth=0; /* peer (leaf) certificate */ + params.nonce=0; /* disable nonce */ + params.aia=1; /* enable AIA */ + params.leeway=30; /* allow for 30 second leeway */ + /* OCSP_basic_verify() returns success if the signer certificate + * was found in a set of untrusted intermediate certificates */ + params.flags=OCSP_TRUSTOTHER; + params.url=NULL; /* to be set in check_aia() */ + + /* get the server certificate chain */ + cert=SSL_get_certificate(ssl); + if(!cert) { + s_log(LOG_ERR, "OCSP: SSL_get_certificate"); + goto cleanup; + } + if(!SSL_CTX_get0_chain_certs(c->opt->ctx, &chain)) { + s_log(LOG_ERR, "OCSP: SSL_CTX_get0_chain_certs"); + goto cleanup; + } + if(chain) { + params.chain_to_verify=sk_X509_dup(chain); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_dup"); + goto cleanup; + } + } else { + params.chain_to_verify=sk_X509_new_null(); + if(!params.chain_to_verify) { + s_log(LOG_ERR, "OCSP: sk_X509_new_null"); + goto cleanup; + } + } + /* insert the server certificate into the chain */ + if (!sk_X509_unshift(params.chain_to_verify, cert)) { + s_log(LOG_ERR, "OCSP: sk_X509_unshift"); + goto cleanup; + } + ocsp_params_append_root_ca(c, ¶ms); /* ignore failures */ + + /* retrieve the cached response */ + CRYPTO_THREAD_read_lock(c->opt->ocsp_response_lock); + if(c->opt->ocsp_response_len) { + response_len=c->opt->ocsp_response_len; + response_der=OPENSSL_malloc((size_t)response_len); + memcpy(response_der, c->opt->ocsp_response_der, (size_t)response_len); + } + CRYPTO_THREAD_unlock(c->opt->ocsp_response_lock); + + if(response_len) { /* found a cached response */ + /* decode */ + response_tmp=response_der; + params.response=d2i_OCSP_RESPONSE(NULL, &response_tmp, response_len); + + /* validate */ + ocsp_status=ocsp_response_validate(c, ¶ms); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) { + s_log(LOG_DEBUG, "OCSP: Use the cached OCSP response"); + goto success; + } + + /* cleanup */ + ERR_clear_error(); /* silence any cached errors */ + if(response_der) { + OPENSSL_free(response_der); + response_der=NULL; + } + response_len=0; + } + + /* try fetching response from the OCSP responder */ + ocsp_status=check_aia(c, ¶ms); + if(ocsp_status==V_OCSP_CERTSTATUS_UNKNOWN) { /* no useful response */ + s_log(LOG_INFO, "OCSP: No OCSP stapling response to send"); + ret=SSL_TLSEXT_ERR_NOACK; + goto cleanup; + } + + /* encode */ + response_len=i2d_OCSP_RESPONSE(params.response, &response_der); + + if(params.next_update) { + /* cache the newly fetched OCSP response */ + CRYPTO_THREAD_write_lock(c->opt->ocsp_response_lock); + if(c->opt->ocsp_response_len) + OPENSSL_free(c->opt->ocsp_response_der); + c->opt->ocsp_response_len=response_len; + c->opt->ocsp_response_der=OPENSSL_malloc((size_t)response_len); + memcpy(c->opt->ocsp_response_der, response_der, (size_t)response_len); + CRYPTO_THREAD_unlock(c->opt->ocsp_response_lock); + s_log(LOG_DEBUG, "OCSP: Response cached"); + } + +success: + SSL_set_tlsext_status_ocsp_resp(ssl, response_der, response_len); + s_log(LOG_DEBUG, "OCSP stapling: OCSP response sent back"); + ret=SSL_TLSEXT_ERR_OK; + +cleanup: + ocsp_params_free(¶ms); + return ret; +} +#endif /* OpenSSL version 1.0.2 or later */ + +/**************************************** OCSP utility functions */ + +/* + * Issue an OCSP client-driven request and the validate reponse. + * Returns the error code of X509_STORE_CTX. + * Returns 0 if the response is not acceptable (the handshake will fail) + * or 1 if it is acceptable. + */ +NOEXPORT int ocsp_verify(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + /* ignoring the root certificate */ + if(params->depth==sk_X509_num(params->chain_to_verify)-1) { + s_log(LOG_DEBUG, "OCSP: Ignoring the root certificate"); + return 1; /* accept */ + } + + if(!params->depth) { /* peer (leaf) certificate */ + const unsigned char *resp_der; + long resp_der_len; + + if(c->opt->option.client) { /* no stapling on the server */ + /* process the stapling response if available */ + resp_der_len=SSL_get_tlsext_status_ocsp_resp(c->ssl, &resp_der); + if(resp_der_len>0 && resp_der) { + s_log(LOG_INFO, "OCSP: OCSP stapling response received"); + params->response=d2i_OCSP_RESPONSE(NULL, &resp_der, resp_der_len); + + /* validate */ + ocsp_status=ocsp_response_validate(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) { + params->requested=1; + goto cleanup; + } + } else { + s_log(LOG_ERR, "OCSP: No OCSP stapling response received"); + } + } + + if(params->url) { /* a responder URL was configured */ + s_log(LOG_NOTICE, "OCSP: Connecting the configured responder \"%s\"", + params->url); + ocsp_status=ocsp_request(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) + goto cleanup; + } + } + + /* client-driven checks (configured url, aia) */ + ocsp_status=check_aia(c, params); + +cleanup: + if(!params->requested) /* neither url or aia verification was needed */ + return 1; /* accept */ + switch(ocsp_status) { + case V_OCSP_CERTSTATUS_GOOD: + s_log(LOG_NOTICE, "OCSP: Accepted (good)"); + return 1; /* accept */ + case V_OCSP_CERTSTATUS_REVOKED: + s_log(LOG_ERR, "OCSP: Rejected (revoked)"); + return 0; /* reject */ + default: /* V_OCSP_CERTSTATUS_UNKNOWN */ + if(c->opt->option.ocsp_require) { + s_log(LOG_ERR, "OCSP: Rejected (OCSPrequire = yes)"); + return 0; /* reject */ + } else { + s_log(LOG_NOTICE, "OCSP: Accepted (OCSPrequire = no)"); + return 1; /* accept */ + } + } +} + +/* + * OCSP AIA checks + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int check_aia(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + STACK_OF(OPENSSL_STRING) *aia; + int i, num; + + if(!params->aia) + goto cleanup; + aia=X509_get1_ocsp(sk_X509_value(params->chain_to_verify, params->depth)); + if(!aia) { + s_log(LOG_INFO, "OCSP: No AIA responder URL"); + goto cleanup; + } + num=sk_OPENSSL_STRING_num(aia); + if(!num) { + s_log(LOG_INFO, "OCSP: Empty AIA responder URL list"); + goto cleanup; + } + for(i=0; iurl=sk_OPENSSL_STRING_value(aia, i); + s_log(LOG_NOTICE, "OCSP: Connecting the AIA responder \"%s\"", params->url); + ocsp_status=ocsp_request(c, params); + if(ocsp_status!=V_OCSP_CERTSTATUS_UNKNOWN) + break; /* we received a definitive response */ + } + X509_email_free(aia); + +cleanup: + return ocsp_status; +} + +/* + * OCSP request handling. + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int ocsp_request(CLI *c, OCSP_PARAMS *params) { + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + /* prepare params for reuse */ + ocsp_params_cleanup(params); + + /* build request */ + params->requested=1; + params->request=OCSP_REQUEST_new(); + if(!params->request) { + sslerror("OCSP: OCSP_REQUEST_new"); + goto cleanup; + } + ocsp_params_setup_cert_id(params); + if(!params->cert_id) + goto cleanup; + if(!OCSP_request_add0_id(params->request, + OCSP_CERTID_dup(params->cert_id))) { + sslerror("OCSP: OCSP_request_add0_id"); + goto cleanup; + } + if(params->nonce) { + OCSP_request_add1_nonce(params->request, NULL, -1); + } + + /* send the request and get a response */ + if(!ocsp_get_response(c, params)) { + goto cleanup; + } + + /* validate */ + ocsp_status=ocsp_response_validate(c, params); + if(ocsp_status==V_OCSP_CERTSTATUS_REVOKED) + params->callback_ctx_error=X509_V_ERR_CERT_REVOKED; + +cleanup: + return ocsp_status; +} + +/* + * Sends the OCSP request to the specified URL and retrieves the OCSP response. + * Returns 0 on error or 1 if response received. + */ +NOEXPORT int ocsp_get_response(CLI *c, OCSP_PARAMS *params) { + BIO *bio=NULL; + OCSP_REQ_CTX *req_ctx=NULL; + char *host=NULL, *port=NULL, *path=NULL; + SOCKADDR_UNION addr; + int ssl, ret=0; + + /* parse the OCSP URL */ + if(!OCSP_parse_url(params->url, &host, &port, &path, &ssl)) { + s_log(LOG_ERR, "OCSP: Failed to parse the OCSP URL"); + goto cleanup; + } + if(ssl) { + s_log(LOG_ERR, "OCSP: TLS not supported for OCSP" + " - an additional stunnel service needs to be defined"); + goto cleanup; + } + if(!hostport2addr(&addr, host, port, 0)) { + s_log(LOG_ERR, "OCSP: Failed to resolve the OCSP responder address"); + goto cleanup; + } + + /* connect specified OCSP responder */ + c->fd=s_socket(addr.sa.sa_family, SOCK_STREAM, 0, 1, "OCSP: socket"); + if(c->fd==INVALID_SOCKET) + goto cleanup; + if(s_connect(c, &addr, addr_len(&addr), c->opt->timeout_ocsp)) + goto cleanup; + bio=BIO_new_socket((int)c->fd, BIO_NOCLOSE); + if(!bio) { + sslerror("OCSP: BIO_new_socket"); + goto cleanup; + } + s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port); + + /* initialize an HTTP request with the POST method */ +#if OPENSSL_VERSION_NUMBER>=0x10000000L + req_ctx=OCSP_sendreq_new(bio, path, NULL, -1); +#else /* OpenSSL version >= 1.0.0 */ + /* there is no way to send the Host header with older OpenSSL versions */ + req_ctx=OCSP_sendreq_new(bio, path, params->request, -1); +#endif /* OpenSSL version 1.0.0 or later */ + if(!req_ctx) { + sslerror("OCSP: OCSP_sendreq_new"); + goto cleanup; + } +#if OPENSSL_VERSION_NUMBER>=0x10000000L + /* add the HTTP headers */ + if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { + sslerror("OCSP: OCSP_REQ_CTX_add1_header"); + goto cleanup; + } + if(!OCSP_REQ_CTX_add1_header(req_ctx, "User-Agent", "stunnel")) { + sslerror("OCSP: OCSP_REQ_CTX_add1_header"); + goto cleanup; + } + /* add the remaining HTTP headers and the OCSP request body */ + if(!OCSP_REQ_CTX_set1_req(req_ctx, params->request)) { + sslerror("OCSP: OCSP_REQ_CTX_set1_req"); + goto cleanup; + } +#endif /* OpenSSL version 1.0.0 or later */ + + /* OCSP protocol communication loop */ + while(OCSP_sendreq_nbio(¶ms->response, req_ctx)==-1) { + s_poll_init(c->fds, 0); + s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); + switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { + case -1: + sockerror("OCSP: s_poll_wait"); + goto cleanup; + case 0: + s_log(LOG_INFO, "OCSP: s_poll_wait: TIMEOUTbusy exceeded"); + goto cleanup; + } + } +#if 0 + s_log(LOG_DEBUG, "OCSP: context state: 0x%x", *(int *)req_ctx); +#endif + /* http://www.mail-archive.com/openssl-users@openssl.org/msg61691.html */ + if(params->response) { + s_log(LOG_DEBUG, "OCSP: Response received"); + ret=1; + } else { + if(ERR_peek_error()) + sslerror("OCSP: OCSP_sendreq_nbio"); + else /* OpenSSL error: OCSP_sendreq_nbio does not use OCSPerr */ + s_log(LOG_ERR, "OCSP: OCSP_sendreq_nbio: OpenSSL internal error"); + } + +cleanup: + if(req_ctx) + OCSP_REQ_CTX_free(req_ctx); + if(bio) + BIO_free_all(bio); + if(c->fd!=INVALID_SOCKET) { + closesocket(c->fd); + c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ + } + if(host) + OPENSSL_free(host); + if(port) + OPENSSL_free(port); + if(path) + OPENSSL_free(path); + return ret; +} + +/* + * Validates the cached or fetched OCSP response. + * Returns one of: + * - V_OCSP_CERTSTATUS_GOOD + * - V_OCSP_CERTSTATUS_REVOKED + * - V_OCSP_CERTSTATUS_UNKNOWN + */ +NOEXPORT int ocsp_response_validate(CLI *c, OCSP_PARAMS *params) { + int response_status, reason; + OCSP_BASICRESP *basic_response=NULL; + int ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; + + s_log(LOG_DEBUG, "OCSP: Validate the OCSP response"); + if(!params->response) { + s_log(LOG_ERR, "OCSP: No OCSP response"); + goto cleanup; + } + response_status=OCSP_response_status(params->response); + if(response_status!=OCSP_RESPONSE_STATUS_SUCCESSFUL) { + s_log(LOG_ERR, "OCSP: OCSP responder error: %d: %s", + response_status, OCSP_response_status_str(response_status)); + goto cleanup; + } + basic_response=OCSP_response_get1_basic(params->response); + if(!basic_response) { + s_log(LOG_WARNING, "OCSP: OCSP_response_get1_basic"); + goto cleanup; + } + if(params->request && params->nonce && + OCSP_check_nonce(params->request, basic_response)<=0) { + s_log(LOG_ERR, "OCSP: Invalid or unsupported nonce"); + goto cleanup; + } + if(OCSP_basic_verify(basic_response, params->chain_to_verify, + SSL_CTX_get_cert_store(c->opt->ctx), params->flags)<=0) { + sslerror("OCSP: OCSP_basic_verify"); + goto cleanup; + } + ocsp_params_setup_cert_id(params); + if(!params->cert_id) + goto cleanup; + if(!OCSP_resp_find_status(basic_response, params->cert_id, &ocsp_status, &reason, + ¶ms->revoked_at, ¶ms->this_update, ¶ms->next_update)) { + s_log(LOG_WARNING, "OCSP: OCSP_resp_find_status"); + goto cleanup; + } + s_log(LOG_INFO, "OCSP: Status: %s", OCSP_cert_status_str(ocsp_status)); + log_time(LOG_INFO, "OCSP: This update", params->this_update); + if(params->next_update) + log_time(LOG_INFO, "OCSP: Next update", params->next_update); + if(!OCSP_check_validity(params->this_update, params->next_update, params->leeway, -1)) { + sslerror("OCSP: OCSP_check_validity"); + ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; /* override an invalid response */ + } + switch(ocsp_status) { + case V_OCSP_CERTSTATUS_GOOD: + s_log(LOG_NOTICE, "OCSP: Certificate accepted"); + break; + case V_OCSP_CERTSTATUS_REVOKED: + if(reason==-1) + s_log(LOG_ERR, "OCSP: Certificate revoked"); + else + s_log(LOG_ERR, "OCSP: Certificate revoked: %d: %s", + reason, OCSP_crl_reason_str(reason)); + log_time(LOG_NOTICE, "OCSP: Revoked at", params->revoked_at); + break; + case V_OCSP_CERTSTATUS_UNKNOWN: + s_log(LOG_WARNING, "OCSP: Unknown verification status"); + } + +cleanup: + if(basic_response) + OCSP_BASICRESP_free(basic_response); + return ocsp_status; +} + +/* + * Create an OCSP_CERTID object from params->chain_to_verify at params->depth. + */ +NOEXPORT void ocsp_params_setup_cert_id(OCSP_PARAMS *params) { + X509 *subject, *issuer=NULL; + int chain_len; + + if(params->cert_id) /* already set */ + return; /* nothing to do */ + chain_len=sk_X509_num(params->chain_to_verify); + if(params->depth<0 || params->depth>chain_len-1) { /* sanity check */ + s_log(LOG_ERR, "OCSP: INTERNAL ERROR: Invalid verification depth"); + return; + } + subject=sk_X509_value(params->chain_to_verify, params->depth); + issuer=params->depth==chain_len-1 ? subject /* root CA certificate */ : + sk_X509_value(params->chain_to_verify, params->depth+1); + /* if dgst is NULL then SHA1 is used */ + params->cert_id=OCSP_cert_to_id(NULL, subject, issuer); + if(!params->cert_id) + s_log(LOG_ERR, "OCSP: Can't create an OCSP_CERTID object"); +} + +#if OPENSSL_VERSION_NUMBER<0x10100000L +#define X509_OBJECT_new() str_alloc(sizeof(X509_OBJECT)) +#define X509_OBJECT_free(x) X509_OBJECT_free_contents(x); str_free(x) +#define X509_OBJECT_get0_X509(x) ((x)->data.x509) +#endif /* OpenSSL older than 1.1.0 */ + +NOEXPORT int ocsp_params_append_root_ca(CLI *c, OCSP_PARAMS *params) { + int chain_len; + X509 *cert; + X509_STORE_CTX *store_ctx=NULL; + X509_OBJECT *obj=NULL; + int ret=0; /* failure */ + + chain_len=sk_X509_num(params->chain_to_verify); + if(!chain_len) { /* empty chain */ + s_log(LOG_ERR, "OCSP: Empty verification chain"); + goto cleanup; + } + cert=sk_X509_value(params->chain_to_verify, chain_len-1); + store_ctx=X509_STORE_CTX_new(); + if(!store_ctx) { + s_log(LOG_ERR, "OCSP: X509_STORE_CTX_new"); + goto cleanup; + } + if(!X509_STORE_CTX_init(store_ctx, + SSL_CTX_get_cert_store(c->opt->ctx), NULL, NULL)) { + s_log(LOG_ERR, "OCSP: X509_STORE_CTX_init"); + goto cleanup; + } + obj=X509_OBJECT_new(); + if(X509_STORE_get_by_subject(store_ctx, + X509_LU_X509, X509_get_subject_name(cert), obj)>0) { + goto success; /* the certificate is already trusted */ + } + if(X509_STORE_get_by_subject(store_ctx, + X509_LU_X509, X509_get_issuer_name(cert), obj)<=0) { + s_log(LOG_INFO, "OCSP: The root CA certificate was not found"); + goto cleanup; + } + /* append the root CA certificate into the verified chain */ + params->root_ca=X509_dup(X509_OBJECT_get0_X509(obj)); + if(!params->root_ca) { + s_log(LOG_ERR, "OCSP: X509_dup"); + goto cleanup; + } + if(!sk_X509_push(params->chain_to_verify, params->root_ca)) { + s_log(LOG_ERR, "OCSP: sk_X509_push"); + goto cleanup; + } + +success: + ret=1; /* success: a trusted root CA certificate appended to the chain */ + +cleanup: + if(obj) + X509_OBJECT_free(obj); + if(store_ctx) + X509_STORE_CTX_free(store_ctx); + return ret; +} + +/* Logs the time structure in a human-readable format */ +NOEXPORT void log_time(const int level, const char *txt, ASN1_GENERALIZEDTIME *t) { + char *cp; + BIO *bio; + int n; +#if OPENSSL_VERSION_NUMBER>=0x10101000L + time_t posix_time; + struct tm *timeptr; +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + struct tm timestruct; +#endif /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ +#endif /* OpenSSL version 1.1.1 or later */ + + if(!t) + return; + bio=BIO_new(BIO_s_mem()); + if(!bio) + return; +#if OPENSSL_VERSION_NUMBER>=0x10101000L + posix_time = time_t_get_asn1_time(t); + if(posix_time==INVALID_TIME) { + BIO_free(bio); + return; + } +#if defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) + timeptr=localtime_r(&posix_time, ×truct); +#else /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ + timeptr=localtime(&posix_time); +#endif /* defined(HAVE_LOCALTIME_R) && defined(_REENTRANT) */ + BIO_printf(bio, "%04d.%02d.%02d %02d:%02d:%02d", + timeptr->tm_year + 1900, timeptr->tm_mon + 1, timeptr->tm_mday, + timeptr->tm_hour, timeptr->tm_min, timeptr->tm_sec); +#else /* OpenSSL version 1.1.1 or later */ + ASN1_TIME_print(bio, t); +#endif /* OpenSSL version 1.1.1 or later */ + + n=BIO_pending(bio); + cp=str_alloc((size_t)n+1); + n=BIO_read(bio, cp, n); + if(n<0) { + BIO_free(bio); + str_free(cp); + return; + } + cp[n]='\0'; + BIO_free(bio); + s_log(level, "%s: %s", txt, cp); + str_free(cp); +} + +#if OPENSSL_VERSION_NUMBER>=0x10101000L +/* Converts ASN1_TIME structure to time_t */ +NOEXPORT time_t time_t_get_asn1_time(const ASN1_TIME *s) { + struct tm tm; + + if ((!s) || (!ASN1_TIME_check(s))) { + return INVALID_TIME; + } + /* The ASN1_TIME_to_tm() function was added in OpenSSL 1.1.1 */ + if (ASN1_TIME_to_tm(s, &tm)) { +#ifdef _WIN32 + return _mkgmtime(&tm); +#else /* defined _WIN32 */ + return timegm(&tm); +#endif /* defined _WIN32 */ + } else { + return INVALID_TIME; + } +} +#endif /* OpenSSL version 1.1.0 or later */ + +#endif /* !defined(OPENSSL_NO_OCSP) */ diff --git a/src/options.c b/src/options.c index 78ead37a..6af03bb1 100644 --- a/src/options.c +++ b/src/options.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -39,8 +39,14 @@ #if OPENSSL_VERSION_NUMBER >= 0x10101000L #define DEFAULT_CURVES "X25519:P-256:X448:P-521:P-384" +#ifdef SSL_SYSTEM_DEFAULT_CIPHER_LIST /* Red Hat OpenSSL */ +#define DEFAULT_CURVES_FIPS "P-256:P-521:P-384" +#else /* standard OpenSSL */ +#define DEFAULT_CURVES_FIPS DEFAULT_CURVES +#endif /* Red Hat OpenSSL */ #else /* OpenSSL version < 1.1.1 */ #define DEFAULT_CURVES "prime256v1" +#define DEFAULT_CURVES_FIPS DEFAULT_CURVES #endif /* OpenSSL version >= 1.1.1 */ #if defined(_WIN32_WCE) && !defined(CONFDIR) @@ -322,6 +328,8 @@ static const char *option_not_found= static const char *stunnel_cipher_list= "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK"; +static const char *fips_cipher_list= + "FIPS:!DH:!kDHEPSK"; #ifndef OPENSSL_NO_TLS1_3 static const char *stunnel_ciphersuites= @@ -459,7 +467,7 @@ NOEXPORT int options_file(char *path, CONF_TYPE type, print_syntax(); return 1; } - df=file_fdopen(fd); + df=file_fdopen(fd, FILE_MODE_READ); } else #endif df=file_open(path, FILE_MODE_READ); @@ -694,8 +702,9 @@ void service_free(SERVICE_OPTIONS *section) { #endif if(ref<0) fatal("Negative section reference counter"); - if(ref==0) + if(ref==0) { parse_service_option(CMD_FREE, §ion, NULL, NULL); + } } /**************************************** global options */ @@ -967,6 +976,34 @@ NOEXPORT const char *parse_global_option(CMD cmd, GLOBAL_OPTIONS *options, char "foreground"); break; } +#else + switch(cmd) { + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "foreground")) + break; + if(!strcasecmp(arg, "yes")) { + /* ignore */ + } else if(!strcasecmp(arg, "quiet")) { + /* ignore */ + } else if(!strcasecmp(arg, "no")) { + return "The argument needs to be 'yes' or 'quiet'"; + } else + return "The argument needs to be 'yes' or 'quiet'"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = foreground mode", "foreground"); + break; + } #endif #ifdef ICON_IMAGE @@ -1268,6 +1305,29 @@ NOEXPORT const char *parse_global_option(CMD cmd, GLOBAL_OPTIONS *options, char "syslog"); break; } +#else + switch(cmd) { + case CMD_SET_DEFAULTS: + break; + case CMD_SET_COPY: /* not used for global options */ + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "syslog")) + break; + if(strcasecmp(arg, "no")) + return "The argument needs to be 'no'"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = unused syslog", + "syslog"); + break; + } #endif /* taskbar */ @@ -1401,6 +1461,35 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr break; } +#ifndef OPENSSL_NO_ENGINE + /* CAengine */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->ca_engine=NULL; + break; + case CMD_SET_COPY: + name_list_dup(§ion->ca_engine, + new_service_options.ca_engine); + break; + case CMD_FREE: + name_list_free(section->ca_engine); + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "CAengine")) + break; + name_list_append(§ion->ca_engine, arg); + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = engine-specific CA certificate identifier for 'verify' option", + "CAengine"); + break; + } +#endif /* !OPENSSL_NO_ENGINE */ + /* CApath */ switch(cmd) { case CMD_SET_DEFAULTS: @@ -1626,7 +1715,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr * section->cipher_list is no longer NULL in sections */ #ifdef USE_FIPS if(new_global_options.option.fips) - section->cipher_list=str_dup_detached("FIPS"); + section->cipher_list=str_dup_detached(fips_cipher_list); else #endif /* USE_FIPS */ section->cipher_list=str_dup_detached(stunnel_cipher_list); @@ -1636,7 +1725,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr case CMD_PRINT_DEFAULTS: if(fips_available()) { s_log(LOG_NOTICE, "%-22s = %s %s", "ciphers", - "FIPS", "(with \"fips = yes\")"); + fips_cipher_list, "(with \"fips = yes\")"); s_log(LOG_NOTICE, "%-22s = %s %s", "ciphers", stunnel_cipher_list, "(with \"fips = no\")"); } else { @@ -2064,7 +2153,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr /* curves */ switch(cmd) { case CMD_SET_DEFAULTS: - section->curves=str_dup_detached(DEFAULT_CURVES); + section->curves = NULL; break; case CMD_SET_COPY: section->curves=str_dup_detached(new_service_options.curves); @@ -2079,9 +2168,26 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr section->curves=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: + if(!section->curves) { + /* this is only executed for global options, because + * section->curves is no longer NULL in sections */ +#ifdef USE_FIPS + if(new_global_options.option.fips) + section->curves=str_dup_detached(DEFAULT_CURVES_FIPS); + else +#endif /* USE_FIPS */ + section->curves=str_dup_detached(DEFAULT_CURVES); + } break; case CMD_PRINT_DEFAULTS: - s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES); + if(fips_available()) { + s_log(LOG_NOTICE, "%-22s = %s %s", "curves", + DEFAULT_CURVES_FIPS, "(with \"fips = yes\")"); + s_log(LOG_NOTICE, "%-22s = %s %s", "curves", + DEFAULT_CURVES, "(with \"fips = no\")"); + } else { + s_log(LOG_NOTICE, "%-22s = %s", "curves", DEFAULT_CURVES); + } break; case CMD_PRINT_HELP: s_log(LOG_NOTICE, "%-22s = ECDH curve names", "curves"); @@ -2522,6 +2628,9 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr section->ocsp_url=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: + if((section->ocsp_url || section->option.aia) && + !section->option.verify_chain) + return "\"verifyChain\" has to be enabled for OCSP support"; break; case CMD_PRINT_DEFAULTS: break; @@ -2621,6 +2730,37 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr break; } + /* OCSPrequire */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->option.ocsp_require=1; /* enabled by default */ + break; + case CMD_SET_COPY: + section->option.ocsp_require=new_service_options.option.ocsp_require; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "OCSPrequire")) + break; + if(!strcasecmp(arg, "yes")) + section->option.ocsp_require=1; + else if(!strcasecmp(arg, "no")) + section->option.ocsp_require=0; + else + return "The argument needs to be either 'yes' or 'no'"; + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, + "%-22s = yes|no require a conclusive OCSP response", + "OCSPrequire"); + break; + } + #endif /* !defined(OPENSSL_NO_OCSP) */ /* options */ @@ -2687,11 +2827,11 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr section->protocol=str_dup_detached(arg); return NULL; /* OK */ case CMD_INITIALIZE: - /* PROTOCOL_CHECK also initializes: + /* protocol_init() also initializes: section->option.connect_before_ssl section->option.protocol_endpoint */ { - const char *tmp_str=protocol(NULL, section, PROTOCOL_CHECK); + const char *tmp_str=protocol_init(section); if(tmp_str) return tmp_str; } @@ -3128,22 +3268,26 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr /* retry */ switch(cmd) { case CMD_SET_DEFAULTS: - section->option.retry=0; + section->retry=-1; break; case CMD_SET_COPY: - section->option.retry=new_service_options.option.retry; + section->retry=new_service_options.retry; break; case CMD_FREE: break; case CMD_SET_VALUE: if(strcasecmp(opt, "retry")) break; - if(!strcasecmp(arg, "yes")) - section->option.retry=1; - else if(!strcasecmp(arg, "no")) - section->option.retry=0; - else - return "The argument needs to be either 'yes' or 'no'"; + if(!strcasecmp(arg, "yes")) { + section->retry=1000; /* 1 second */ + } else if(!strcasecmp(arg, "no")) { + section->retry=-1; /* disabled */ + } else { + char *tmp_str; + section->retry=(long)strtol(arg, &tmp_str, 10); + if(tmp_str==arg || *tmp_str || section->retry < 0) + return "Illegal retry delay"; + } return NULL; /* OK */ case CMD_INITIALIZE: break; @@ -3448,7 +3592,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr case CMD_PRINT_DEFAULTS: break; case CMD_PRINT_HELP: - s_log(LOG_NOTICE, "%-22s = master_service:host_name for an SNI virtual service", + s_log(LOG_NOTICE, "%-22s = primary_service:host_name for an SNI virtual service", "sni"); break; } @@ -3552,7 +3696,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr /* sslVersionMin */ switch(cmd) { case CMD_SET_DEFAULTS: - section->min_proto_version=TLS1_VERSION; + section->min_proto_version=0; /* lowest supported */ break; case CMD_SET_COPY: section->min_proto_version=new_service_options.min_proto_version; @@ -3857,6 +4001,36 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr break; } + /* TIMEOUTocsp */ + switch(cmd) { + case CMD_SET_DEFAULTS: + section->timeout_ocsp=5; /* 5 seconds */ + break; + case CMD_SET_COPY: + section->timeout_ocsp=new_service_options.timeout_ocsp; + break; + case CMD_FREE: + break; + case CMD_SET_VALUE: + if(strcasecmp(opt, "TIMEOUTocsp")) + break; + { + char *tmp_str; + section->timeout_ocsp=(int)strtol(arg, &tmp_str, 5); + if(tmp_str==arg || *tmp_str) /* not a number */ + return "Illegal OCSP connect timeout"; + } + return NULL; /* OK */ + case CMD_INITIALIZE: + break; + case CMD_PRINT_DEFAULTS: + s_log(LOG_NOTICE, "%-22s = %d seconds", "TIMEOUTocsp", 5); + break; + case CMD_PRINT_HELP: + s_log(LOG_NOTICE, "%-22s = seconds to connect OCSP responder", "TIMEOUTocsp"); + break; + } + /* transparent */ #ifndef USE_WIN32 switch(cmd) { @@ -3935,9 +4109,16 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr } else #endif + +#ifndef OPENSSL_NO_ENGINE + if((section->option.verify_chain || section->option.verify_peer) && + !section->ca_engine && !section->ca_file && !section->ca_dir) + return "Either \"CAengine\", \"CAfile\" or \"CApath\" has to be configured"; +#else if((section->option.verify_chain || section->option.verify_peer) && !section->ca_file && !section->ca_dir) return "Either \"CAfile\" or \"CApath\" has to be configured"; +#endif break; case CMD_PRINT_DEFAULTS: s_log(LOG_NOTICE, "%-22s = none", "verify"); @@ -4027,6 +4208,7 @@ NOEXPORT const char *parse_service_option(CMD cmd, SERVICE_OPTIONS **section_ptr SSL_SESSION_free(section->session); if(section->ctx) SSL_CTX_free(section->ctx); + context_cleanup(section); #endif /* NO_OPENSSLOFF */ str_free(section->servname); if(section==&service_options || section==&new_service_options) @@ -4093,7 +4275,7 @@ NOEXPORT const char *sni_init(SERVICE_OPTIONS *section) { if(!tmpsrv) return "SNI section name not found"; if(tmpsrv->option.client) - return "SNI master service is a TLS client"; + return "SNI primary service is a TLS client"; if(tmpsrv->servername_list_tail) { tmpsrv->servername_list_tail->next=str_alloc_detached(sizeof(SERVERNAME_LIST)); tmpsrv->servername_list_tail=tmpsrv->servername_list_tail->next; @@ -4104,7 +4286,7 @@ NOEXPORT const char *sni_init(SERVICE_OPTIONS *section) { tmpsrv->ssl_options_set|= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION; } - /* a slave section reference is needed to prevent a race condition + /* a secondary section reference is needed to prevent a race condition while switching to a section after configuration file reload */ service_up_ref(section); tmpsrv->servername_list_tail->servername=str_dup_detached(tmp_str); @@ -4141,7 +4323,7 @@ NOEXPORT void sni_free(SERVICE_OPTIONS *section) { while(curr) { SERVERNAME_LIST *next=curr->next; str_free(curr->servername); - service_free(curr->opt); /* free the slave section */ + service_free(curr->opt); /* free the secondary section */ str_free(curr); curr=next; } @@ -4908,25 +5090,43 @@ NOEXPORT const char *engine_auto(void) { } NOEXPORT const char *engine_open(const char *name) { + ENGINE *e; + struct { + void (*vlog)(int, const char *, va_list); + } vlog_callback; + engine_init(); /* initialize the previous engine (if any) */ if(++current_engine>=MAX_ENGINES) return "Too many open engines"; + s_log(LOG_DEBUG, "Enabling support for engine \"%s\"", name); - engines[current_engine]=ENGINE_by_id(name); - if(!engines[current_engine]) { + e=ENGINE_by_id(name); + if(!e) { sslerror("ENGINE_by_id"); return "Failed to open the engine"; } engine_initialized=0; - if(ENGINE_ctrl(engines[current_engine], ENGINE_CTRL_SET_USER_INTERFACE, - 0, ui_stunnel(), NULL)) { + + vlog_callback.vlog=&s_vlog; + if(ENGINE_ctrl_cmd(e, "VLOG_A", 0, &vlog_callback, NULL, 0)) { + s_log(LOG_NOTICE, "Logging initialized on engine #%d (%s)", + current_engine+1, ENGINE_get_id(e)); + } else { + ERR_clear_error(); + s_log(LOG_INFO, "Logging not supported by engine #%d (%s)", + current_engine+1, ENGINE_get_id(e)); + } + + if(ENGINE_ctrl(e, ENGINE_CTRL_SET_USER_INTERFACE, 0, ui_stunnel(), NULL)) { s_log(LOG_NOTICE, "UI set for engine #%d (%s)", - current_engine+1, ENGINE_get_id(engines[current_engine])); + current_engine+1, ENGINE_get_id(e)); } else { ERR_clear_error(); s_log(LOG_INFO, "UI not supported by engine #%d (%s)", - current_engine+1, ENGINE_get_id(engines[current_engine])); + current_engine+1, ENGINE_get_id(e)); } + + engines[current_engine]=e; return NULL; /* OK */ } diff --git a/src/os2.mak b/src/os2.mak index 0cb2443d..76a99e39 100644 --- a/src/os2.mak +++ b/src/os2.mak @@ -1,11 +1,11 @@ prefix=. DEFS = -DPACKAGE_NAME=\"stunnel\" \ -DPACKAGE_TARNAME=\"stunnel\" \ - -DPACKAGE_VERSION=\"5.65\" \ - -DPACKAGE_STRING=\"stunnel\ 5.65\" \ + -DPACKAGE_VERSION=\"5.71\" \ + -DPACKAGE_STRING=\"stunnel\ 5.71\" \ -DPACKAGE_BUGREPORT=\"\" \ -DPACKAGE=\"stunnel\" \ - -DVERSION=\"5.65\" \ + -DVERSION=\"5.71\" \ -DSTDC_HEADERS=1 \ -DHAVE_SYS_TYPES_H=1 \ -DHAVE_SYS_STAT_H=1 \ @@ -41,7 +41,7 @@ OPENSSLDIR = u:/extras #SYSLOGDIR = /unixos2/workdir/syslog INCLUDES = -I$(OPENSSLDIR)/outinc LIBS = -lsocket -L$(OPENSSLDIR)/out -lssl -lcrypto -lz -lsyslog -OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o +OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o ocsp.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o LIBDIR = . CFLAGS = -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith @@ -64,6 +64,7 @@ pty.o: pty.c common.h prototypes.h ssl.o: ssl.c common.h prototypes.h ctx.o: ctx.c common.h prototypes.h verify.o: verify.c common.h prototypes.h +ocsp.o: ocsp.c common.h prototypes.h sthreads.o: sthreads.c common.h prototypes.h stunnel.o: stunnel.c common.h prototypes.h resolver.o: resolver.c common.h prototypes.h diff --git a/src/os2.mak.in b/src/os2.mak.in new file mode 100644 index 00000000..3eceb73c --- /dev/null +++ b/src/os2.mak.in @@ -0,0 +1,78 @@ +prefix=. +DEFS = -DPACKAGE_NAME=\"stunnel\" \ + -DPACKAGE_TARNAME=\"stunnel\" \ + -DPACKAGE_VERSION=\"@PACKAGE_VERSION@\" \ + -DPACKAGE_STRING=\"stunnel\ @PACKAGE_VERSION@\" \ + -DPACKAGE_BUGREPORT=\"\" \ + -DPACKAGE=\"stunnel\" \ + -DVERSION=\"@PACKAGE_VERSION@\" \ + -DSTDC_HEADERS=1 \ + -DHAVE_SYS_TYPES_H=1 \ + -DHAVE_SYS_STAT_H=1 \ + -DHAVE_STDLIB_H=1 \ + -DHAVE_STRING_H=1 \ + -DHAVE_MEMORY_H=1 \ + -DHAVE_STRINGS_H=1 \ + -DHAVE_UNISTD_H=1 \ + -DSSLDIR=\"/usr\" \ + -DHOST=\"i386-pc-os2-emx\" \ + -DHAVE_LIBSOCKET=1 \ + -DHAVE_GRP_H=1 \ + -DHAVE_UNISTD_H=1 \ + -DHAVE_SYS_SELECT_H=1 \ + -DHAVE_SYS_IOCTL_H=1 \ + -DHAVE_SYS_RESOURCE_H=1 \ + -DHAVE_SNPRINTF=1 \ + -DHAVE_VSNPRINTF=1 \ + -DHAVE_WAITPID=1 \ + -DHAVE_SYSCONF=1 \ + -DHAVE_ENDHOSTENT=1 \ + -DUSE_OS2=1 \ + -DSIZEOF_UNSIGNED_CHAR=1 \ + -DSIZEOF_UNSIGNED_SHORT=2 \ + -DSIZEOF_UNSIGNED_INT=4 \ + -DSIZEOF_UNSIGNED_LONG=4 \ + -DLIBDIR=\"$(prefix)/lib\" \ + -DCONFDIR=\"$(prefix)/etc\" + +CC = gcc +.SUFFIXES = .c .o +OPENSSLDIR = u:/extras +#SYSLOGDIR = /unixos2/workdir/syslog +INCLUDES = -I$(OPENSSLDIR)/outinc +LIBS = -lsocket -L$(OPENSSLDIR)/out -lssl -lcrypto -lz -lsyslog +OBJS = file.o client.o log.o options.o protocol.o network.o ssl.o ctx.o verify.o ocsp.o sthreads.o stunnel.o pty.o resolver.o str.o tls.o fd.o dhparam.o cron.o +LIBDIR = . +CFLAGS = -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith + +all: stunnel.exe + +stunnel.exe: $(OBJS) + $(CC) -Zmap $(CFLAGS) -o $@ $(OBJS) $(LIBS) + +.c.o: + $(CC) $(CFLAGS) $(DEFS) $(INCLUDES) -o $@ -c $< + +client.o: client.c common.h prototypes.h +#env.o: env.c common.h prototypes.h +#gui.o: gui.c common.h prototypes.h +file.o: file.c common.h prototypes.h +network.o: network.c common.h prototypes.h +options.o: options.c common.h prototypes.h +protocol.o: protocol.c common.h prototypes.h +pty.o: pty.c common.h prototypes.h +ssl.o: ssl.c common.h prototypes.h +ctx.o: ctx.c common.h prototypes.h +verify.o: verify.c common.h prototypes.h +ocsp.o: ocsp.c common.h prototypes.h +sthreads.o: sthreads.c common.h prototypes.h +stunnel.o: stunnel.c common.h prototypes.h +resolver.o: resolver.c common.h prototypes.h +str.o: str.c common.h prototypes.h +tls.o: tls.c common.h prototypes.h +fd.o: fd.c common.h prototypes.h +dhparam.o: dhparam.c common.h prototypes.h +cron.o: cron.c common.h prototypes.h + +clean: + rm -f *.o *.exe diff --git a/src/protocol.c b/src/protocol.c index 3954d5ba..cecd2060 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -40,42 +40,63 @@ #define CAPWIN_BUFFER_SIZE 100 /* protocol-specific function prototypes */ -NOEXPORT char *socks_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT void socks_client_late(CLI *); NOEXPORT void socks5_client_method(CLI *); NOEXPORT void socks5_client_address(CLI *); -NOEXPORT char *socks_server(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT const char *socks_server_init(SERVICE_OPTIONS *); +NOEXPORT void socks_server_middle(CLI *); +NOEXPORT void socks_server_late(CLI *); NOEXPORT void socks4_server(CLI *); NOEXPORT void socks5_server_method(CLI *); NOEXPORT void socks5_server(CLI *); -NOEXPORT int validate(CLI *); -NOEXPORT char *proxy_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *cifs_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *cifs_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pgsql_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pgsql_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *smtp_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT int validate_connect_addr(CLI *); + +NOEXPORT void proxy_server_late(CLI *); + +NOEXPORT void cifs_client_middle(CLI *); +NOEXPORT void cifs_server_early(CLI *); + +NOEXPORT void pgsql_client_middle(CLI *); +NOEXPORT void pgsql_server_early(CLI *); + +NOEXPORT void smtp_client_middle(CLI *); +NOEXPORT void smtp_client_late(CLI *); NOEXPORT void smtp_client_negotiate(CLI *); NOEXPORT void smtp_client_plain(CLI *, const char *, const char *); NOEXPORT void smtp_client_login(CLI *, const char *, const char *); -NOEXPORT char *smtp_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pop3_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *pop3_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *imap_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *imap_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *nntp_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *ldap_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *connect_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *connect_client(CLI *, SERVICE_OPTIONS *, const PHASE); +NOEXPORT const char *smtp_server_init(SERVICE_OPTIONS *); +NOEXPORT void smtp_server_middle(CLI *); + +NOEXPORT void pop3_client_middle(CLI *); +NOEXPORT const char *pop3_server_init(SERVICE_OPTIONS *); +NOEXPORT void pop3_server_middle(CLI *); + +NOEXPORT void imap_client_middle(CLI *); +NOEXPORT const char *imap_server_init(SERVICE_OPTIONS *); +NOEXPORT void imap_server_middle(CLI *); + +NOEXPORT void nntp_client_middle(CLI *); + +NOEXPORT void ldap_client_middle(CLI *); + +NOEXPORT void connect_server_early(CLI *); +NOEXPORT void connect_client_middle(CLI *); #ifndef OPENSSL_NO_MD4 -NOEXPORT void ntlm(CLI *, SERVICE_OPTIONS *); +NOEXPORT void ntlm(CLI *); NOEXPORT char *ntlm1(void); NOEXPORT char *ntlm3(char *, char *, char *, char *); -NOEXPORT void crypt_DES(DES_cblock, DES_cblock, unsigned char[7]); +NOEXPORT void crypt_DES(DES_cblock, const_DES_cblock, unsigned char[7]); #endif NOEXPORT char *base64(int, const char *, int); -NOEXPORT char *capwin_server(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *capwin_client(CLI *, SERVICE_OPTIONS *, const PHASE); -NOEXPORT char *capwinctrl_client(CLI *, SERVICE_OPTIONS *, const PHASE); + +NOEXPORT void capwin_server_middle(CLI *); +NOEXPORT void capwin_server_late(CLI *); +NOEXPORT void capwin_client_late(CLI *); +NOEXPORT const char *capwinctrl_client_init(SERVICE_OPTIONS *); +NOEXPORT void capwinctrl_client_early(CLI *); +NOEXPORT int capwin_decode(const char *, char **, char **, char **, char **); +NOEXPORT int ldap_auth(CLI *, const char *, const char *); +NOEXPORT char *ldap_escape_dn(const char *); /* global state */ NOEXPORT char capwin_auth[CAPWIN_BUFFER_SIZE]={0}; @@ -84,61 +105,87 @@ HWND capwin_hwnd=NULL; LONG capwin_connectivity=0; #endif -/**************************************** framework */ - -const char *protocol(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - if(phase==PROTOCOL_CHECK) /* default to be overridden by protocols */ - opt->option.connect_before_ssl=opt->option.client; - if(!opt->protocol) /* no protocol specified */ - return NULL; /* skip further actions */ - if(!strcasecmp(opt->protocol, "socks")) - return opt->option.client ? - socks_client(c, opt, phase) : - socks_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "proxy")) - return opt->option.client ? - "The 'proxy' protocol is not supported in the client mode" : - proxy_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "cifs")) - return opt->option.client ? - cifs_client(c, opt, phase) : - cifs_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "pgsql")) - return opt->option.client ? - pgsql_client(c, opt, phase) : - pgsql_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "smtp")) - return opt->option.client ? - smtp_client(c, opt, phase) : - smtp_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "pop3")) - return opt->option.client ? - pop3_client(c, opt, phase) : - pop3_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "imap")) - return opt->option.client ? - imap_client(c, opt, phase) : - imap_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "nntp")) - return opt->option.client ? - nntp_client(c, opt, phase) : - "The 'nntp' protocol is not supported in the server mode"; - if(!strcasecmp(opt->protocol, "ldap")) - return opt->option.client ? - ldap_client(c, opt, phase) : - "The 'ldap' protocol is not supported in the server mode"; - if(!strcasecmp(opt->protocol, "connect")) - return opt->option.client ? - connect_client(c, opt, phase) : - connect_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "capwin")) - return opt->option.client ? - capwin_client(c, opt, phase) : - capwin_server(c, opt, phase); - if(!strcasecmp(opt->protocol, "capwinctrl")) - return opt->option.client ? - capwinctrl_client(c, opt, phase) : - "The 'capwinctrl' protocol is not supported in the server mode"; +/**************************************** public interface */ + +const char *protocol_init(SERVICE_OPTIONS *opt) { + typedef struct { + const char *(*init)(SERVICE_OPTIONS *); + void (*early)(CLI *); + void (*middle)(CLI *); + void (*late)(CLI *); + } MODE; + typedef struct { + const char *name; + MODE client, server; + } PROTOCOLS; + const PROTOCOLS protocols[] = { + {.name="socks", + .client={.late=socks_client_late}, + .server={.init=socks_server_init, .middle=socks_server_middle, .late=socks_server_late}}, + {.name="proxy", + .server={.late=proxy_server_late}}, + {.name="cifs", + .client={.middle=cifs_client_middle}, + .server={.early=cifs_server_early}}, + {.name="pgsql", + .client={.middle=pgsql_client_middle}, + .server={.early=pgsql_server_early}}, + {.name="smtp", + .client={.middle=smtp_client_middle, .late=smtp_client_late}, + .server={.init=smtp_server_init, .middle=smtp_server_middle}}, + {.name="pop3", + .client={.middle=pop3_client_middle}, + .server={.init=pop3_server_init, .middle=pop3_server_middle}}, + {.name="imap", + .client={.middle=imap_client_middle}, + .server={.init=imap_server_init, .middle=imap_server_middle}}, + {.name="nntp", + .client={.middle=nntp_client_middle}}, + {.name="ldap", + .client={.middle=ldap_client_middle}}, + {.name="connect", + .client={.middle=connect_client_middle}, + .server={.early=connect_server_early}}, + {.name="capwin", + .client={.late=capwin_client_late}, + .server={.middle=capwin_server_middle, .late=capwin_server_late}}, + {.name="capwinctrl", + .client={.init=capwinctrl_client_init, .early=capwinctrl_client_early}}, + {.name=NULL} + }, *p; + + /* the default values to be overridden in protocol initialization */ + opt->option.connect_before_ssl=opt->option.client; + opt->option.protocol_endpoint=0; + + if(!opt->protocol) { /* no protocol specified */ + opt->protocol_early=NULL; + opt->protocol_middle=NULL; + opt->protocol_late=NULL; + return NULL; + } + + for(p=protocols; p->name; p++) { + if(!strcasecmp(p->name, opt->protocol)) { + const MODE *m=opt->option.client ? &p->client : &p->server; + if(!m->init && !m->early && !m->middle && !m->late) { + if(opt->option.client) + return "The configured protocol is not supported in the client mode"; + else + return "The configured protocol is not supported in the server mode"; + } + if(m->init) { + const char *err=m->init(opt); + if(err) + return err; + } + opt->protocol_early=m->early; + opt->protocol_middle=m->middle; + opt->protocol_late=m->late; + return NULL; /* success */ + } + } + return "Protocol not supported"; } @@ -161,13 +208,9 @@ typedef union { } v6; } SOCKS5_UNION; -NOEXPORT char *socks_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_LATE) - return NULL; +NOEXPORT void socks_client_late(CLI *c) { socks5_client_method(c); socks5_client_address(c); - return NULL; } NOEXPORT void socks5_client_method(CLI *c) { @@ -276,38 +319,35 @@ NOEXPORT void socks5_client_address(CLI *c) { throw_exception(c, 2); /* don't reset */ } -NOEXPORT char *socks_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT const char *socks_server_init(SERVICE_OPTIONS *opt) { + opt->option.protocol_endpoint=1; + return NULL; +} + +NOEXPORT void socks_server_middle(CLI *c) { uint8_t version; - switch(phase) { - case PROTOCOL_CHECK: - opt->option.protocol_endpoint=1; + s_log(LOG_DEBUG, "Waiting for the SOCKS request"); + s_ssl_read(c, &version, sizeof version); + switch(version) { + case 4: + socks4_server(c); break; - case PROTOCOL_MIDDLE: - s_log(LOG_DEBUG, "Waiting for the SOCKS request"); - s_ssl_read(c, &version, sizeof version); - switch(version) { - case 4: - socks4_server(c); - break; - case 5: - socks5_server_method(c); - socks5_server(c); - break; - default: - s_log(LOG_ERR, "Unsupported SOCKS version 0x%02x", version); - throw_exception(c, 1); - } - break; - case PROTOCOL_LATE: - /* TODO: send the SOCKS reply *after* the target is connected */ - /* FIXME: the SOCKS replies do not report CONNECT failures */ - /* FIXME: the SOCKS replies do not contain the bound IP address */ + case 5: + socks5_server_method(c); + socks5_server(c); break; default: - break; + s_log(LOG_ERR, "Unsupported SOCKS version 0x%02x", version); + throw_exception(c, 1); } - return NULL; +} + +NOEXPORT void socks_server_late(CLI *c) { + (void)c; /* squash the unused parameter warning */ + /* TODO: send the SOCKS reply *after* the target is connected */ + /* FIXME: the SOCKS replies do not report CONNECT failures */ + /* FIXME: the SOCKS replies do not contain the bound IP address */ } /* SOCKS4 or SOCKS4a */ @@ -339,7 +379,7 @@ NOEXPORT void socks4_server(CLI *c) { if(c->connect_addr.num) { s_log(LOG_INFO, "SOCKS4a resolved \"%s\" to %u host(s)", host_name, c->connect_addr.num); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.cd=90; /* access granted */ close_connection=0; } else { @@ -357,7 +397,7 @@ NOEXPORT void socks4_server(CLI *c) { c->connect_addr.addr[0].in.sin_port=socks.sin_port; c->connect_addr.addr[0].in.sin_addr.s_addr=socks.sin_addr.s_addr; s_log(LOG_INFO, "SOCKS4 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.cd=90; /* access granted */ close_connection=0; } else { @@ -435,7 +475,7 @@ NOEXPORT void socks5_server(CLI *c) { memcpy(&c->connect_addr.addr[0].in.sin_addr, &socks.v4.addr, 4); memcpy(&c->connect_addr.addr[0].in.sin_port, &socks.v4.port, 2); s_log(LOG_INFO, "SOCKS5 IPv4 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -453,7 +493,7 @@ NOEXPORT void socks5_server(CLI *c) { if(c->connect_addr.num) { s_log(LOG_INFO, "SOCKS5 resolved \"%s\" to %u host(s)", host_name, c->connect_addr.num); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -473,7 +513,7 @@ NOEXPORT void socks5_server(CLI *c) { memcpy(&c->connect_addr.addr[0].in6.sin6_addr, &socks.v6.addr, 16); memcpy(&c->connect_addr.addr[0].in6.sin6_port, &socks.v6.port, 2); s_log(LOG_INFO, "SOCKS5 IPv6 address received"); - if(validate(c)) { + if(validate_connect_addr(c)) { socks.resp.rep=0x00; /* succeeded */ close_connection=0; } else { @@ -535,7 +575,7 @@ NOEXPORT void socks5_server(CLI *c) { } /* validate the allocated address */ -NOEXPORT int validate(CLI *c) { +NOEXPORT int validate_connect_addr(CLI *c) { #ifdef USE_IPv6 const unsigned char ipv6_loopback[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}; #endif @@ -583,7 +623,7 @@ NOEXPORT int validate(CLI *c) { #define IP_LEN 40 #define PORT_LEN 6 -NOEXPORT char *proxy_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void proxy_server_late(CLI *c) { SOCKADDR_UNION addr; socklen_t addrlen; char src_host[IP_LEN], dst_host[IP_LEN]; @@ -591,9 +631,6 @@ NOEXPORT char *proxy_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { const char *proto; int err; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_LATE) - return NULL; addrlen=sizeof addr; if(getpeername(c->local_rfd.fd, &addr.sa, &addrlen)) { sockerror("getpeername"); @@ -632,18 +669,14 @@ NOEXPORT char *proxy_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { } fd_printf(c, c->remote_fd.fd, "PROXY %s %s %s %s %s", proto, src_host, dst_host, src_port, dst_port); - return NULL; } /**************************************** cifs */ -NOEXPORT char *cifs_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void cifs_client_middle(CLI *c) { uint8_t buffer[5]; uint8_t request_dummy[4] = {0x81, 0, 0, 0}; /* a zero-length request */ - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_write(c, c->remote_fd.fd, request_dummy, 4); s_read(c, c->remote_fd.fd, buffer, 5); if(buffer[0]!=0x83) { /* NB_SSN_NEGRESP */ @@ -658,18 +691,14 @@ NOEXPORT char *cifs_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { s_log(LOG_ERR, "Remote server does not require TLS"); throw_exception(c, 1); } - return NULL; } -NOEXPORT char *cifs_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void cifs_server_early(CLI *c) { uint8_t buffer[128]; uint8_t response_access_denied[5] = {0x83, 0, 0, 1, 0x81}; uint8_t response_use_ssl[5] = {0x83, 0, 0, 1, 0x8e}; uint16_t len; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; s_read(c, c->local_rfd.fd, buffer, 4); /* NetBIOS header */ len=(uint16_t)(((uint16_t)(buffer[2])<<8)|buffer[3]); if(len>sizeof buffer-4) { @@ -683,7 +712,6 @@ NOEXPORT char *cifs_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { throw_exception(c, 1); } s_write(c, c->local_wfd.fd, response_use_ssl, 5); - return NULL; } /**************************************** pgsql */ @@ -691,12 +719,9 @@ NOEXPORT char *cifs_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { /* http://www.postgresql.org/docs/8.3/static/protocol-flow.html#AEN73982 */ static const uint8_t ssl_request[8]={0, 0, 0, 8, 0x04, 0xd2, 0x16, 0x2f}; -NOEXPORT char *pgsql_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pgsql_client_middle(CLI *c) { uint8_t buffer[1]; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_write(c, c->remote_fd.fd, ssl_request, sizeof ssl_request); s_read(c, c->remote_fd.fd, buffer, 1); /* S - accepted, N - rejected, non-TLS preferred */ @@ -704,10 +729,9 @@ NOEXPORT char *pgsql_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { s_log(LOG_ERR, "PostgreSQL server rejected TLS"); throw_exception(c, 1); } - return NULL; } -NOEXPORT char *pgsql_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pgsql_server_early(CLI *c) { uint8_t buffer[8], ssl_ok[1]={'S'}; /* https://www.postgresql.org/docs/current/protocol-message-formats.html */ static const uint8_t gss_request[8]={0, 0, 0, 8, 0x04, 0xd2, 0x16, 0x30}; @@ -717,9 +741,6 @@ NOEXPORT char *pgsql_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { ' ', 'b', 'u', 't', ' ', 'n', 'o', 't', ' ', 'r', 'e', 'q', 'u', 'e', 's', 't', 'e', 'd', ' ', 'b', 'y', ' ', 'c', 'l', 'i', 'e', 'n', 't', 0, 0}; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; s_log(LOG_DEBUG, "Started server-side psql protocol negotiation"); memset(buffer, 0, sizeof buffer); s_read(c, c->local_rfd.fd, buffer, sizeof buffer); @@ -735,39 +756,31 @@ NOEXPORT char *pgsql_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { } s_log(LOG_DEBUG, "SSLRequest received"); s_write(c, c->local_wfd.fd, ssl_ok, sizeof ssl_ok); - return NULL; } /**************************************** smtp */ -NOEXPORT char *smtp_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - (void)opt; /* squash the unused parameter warning */ - switch(phase) { - case PROTOCOL_MIDDLE: - smtp_client_negotiate(c); - break; - case PROTOCOL_LATE: - if(opt->protocol_username && opt->protocol_password) { - char *line; - - if(opt->protocol_host) - ssl_printf(c, "HELO %s", opt->protocol_host); - else - ssl_putline(c, "HELO localhost"); - line=ssl_getline(c); /* ignore the reply */ - str_free(line); - if(!strcasecmp(c->opt->protocol_authentication, "LOGIN")) - smtp_client_login(c, - opt->protocol_username, opt->protocol_password); - else /* use PLAIN by default */ - smtp_client_plain(c, - opt->protocol_username, opt->protocol_password); - } - break; - default: - break; +NOEXPORT void smtp_client_middle(CLI *c) { + smtp_client_negotiate(c); +} + +NOEXPORT void smtp_client_late(CLI *c) { + if(c->opt->protocol_username && c->opt->protocol_password) { + char *line; + + if(c->opt->protocol_host) + ssl_printf(c, "HELO %s", c->opt->protocol_host); + else + ssl_putline(c, "HELO localhost"); + line=ssl_getline(c); /* ignore the reply */ + str_free(line); + if(!strcasecmp(c->opt->protocol_authentication, "LOGIN")) + smtp_client_login(c, + c->opt->protocol_username, c->opt->protocol_password); + else /* use PLAIN by default */ + smtp_client_plain(c, + c->opt->protocol_username, c->opt->protocol_password); } - return NULL; } NOEXPORT void smtp_client_negotiate(CLI *c) { @@ -877,13 +890,13 @@ NOEXPORT void smtp_client_login(CLI *c, const char *user, const char *pass) { str_free(line); } -NOEXPORT char *smtp_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line, *domain, *greeting; +NOEXPORT const char *smtp_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ + return NULL; +} - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; +NOEXPORT void smtp_server_middle(CLI *c) { + char *line, *domain, *greeting; /* detect RFC 2487 */ s_poll_init(c->fds, 0); @@ -894,7 +907,7 @@ NOEXPORT char *smtp_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { break; case 1: /* fd ready to read */ s_log(LOG_DEBUG, "RFC 2487 not detected"); - return NULL; /* return if RFC 2487 is not used */ + return; /* return if RFC 2487 is not used */ default: /* -1 */ sockerror("RFC2487 (s_poll_wait)"); throw_exception(c, 1); @@ -946,18 +959,13 @@ NOEXPORT char *smtp_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { } fd_putline(c, c->local_wfd.fd, "220 Go ahead"); str_free(line); - - return NULL; } /**************************************** pop3 */ -NOEXPORT char *pop3_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void pop3_client_middle(CLI *c) { char *line; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "+OK ")) { s_log(LOG_ERR, "Unknown server welcome"); @@ -974,17 +982,15 @@ NOEXPORT char *pop3_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { throw_exception(c, 1); } str_free(line); - return NULL; } -NOEXPORT char *pop3_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; +NOEXPORT const char *pop3_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ + return NULL; +} - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void pop3_server_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); fd_printf(c, c->local_wfd.fd, "%s + stunnel", line); str_free(line); line=fd_getline(c, c->local_rfd.fd); @@ -1002,18 +1008,12 @@ NOEXPORT char *pop3_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { } str_free(line); fd_putline(c, c->local_wfd.fd, "+OK Stunnel starts TLS negotiation"); - return NULL; } /**************************************** imap */ -NOEXPORT char *imap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; - - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void imap_client_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "* OK")) { s_log(LOG_ERR, "Unknown server welcome"); str_free(line); @@ -1031,16 +1031,16 @@ NOEXPORT char *imap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { throw_exception(c, 2); /* don't reset */ } str_free(line); +} + +NOEXPORT const char *imap_server_init(SERVICE_OPTIONS *opt) { + opt->option.connect_before_ssl=1; /* c->remote_fd needed */ return NULL; } -NOEXPORT char *imap_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void imap_server_middle(CLI *c) { char *line, *id, *tail, *capa; - if(phase==PROTOCOL_CHECK) - opt->option.connect_before_ssl=1; /* c->remote_fd needed */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; s_poll_init(c->fds, 0); s_poll_add(c->fds, c->local_rfd.fd, 1, 0); switch(s_poll_wait(c->fds, 0, 200)) { @@ -1049,7 +1049,7 @@ NOEXPORT char *imap_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { break; case 1: /* fd ready to read */ s_log(LOG_DEBUG, "RFC 2595 not detected"); - return NULL; /* return if RFC 2595 is not used */ + return; /* return if RFC 2595 is not used */ default: /* -1 */ sockerror("RFC2595 (s_poll_wait)"); throw_exception(c, 1); @@ -1086,7 +1086,7 @@ NOEXPORT char *imap_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { "%s OK Begin TLS negotiation now", id); str_free(line); str_free(id); - return NULL; /* success */ + return; /* success */ } else if(is_prefix(tail, "CAPABILITY")) { fd_putline(c, c->remote_fd.fd, line); /* send it to server */ str_free(line); @@ -1132,18 +1132,12 @@ NOEXPORT char *imap_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { } str_free(line); throw_exception(c, 2); /* don't reset */ - return NULL; /* some C compilers require a return value */ } /**************************************** nntp */ -NOEXPORT char *nntp_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *line; - - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_MIDDLE) - return NULL; - line=fd_getline(c, c->remote_fd.fd); +NOEXPORT void nntp_client_middle(CLI *c) { + char *line=fd_getline(c, c->remote_fd.fd); if(!is_prefix(line, "200 ") && !is_prefix(line, "201 ")) { s_log(LOG_ERR, "Unknown server welcome"); str_free(line); @@ -1159,7 +1153,6 @@ NOEXPORT char *nntp_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { throw_exception(c, 1); } str_free(line); - return NULL; } /**************************************** LDAP, RFC 2830 */ @@ -1205,18 +1198,13 @@ uint8_t ldap_starttls_message[0x1d + 2] = { * https://ldap.com/ldapv3-wire-protocol-reference-extended/ */ -NOEXPORT char *ldap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void ldap_client_middle(CLI *c) { uint8_t buffer_8; uint32_t buffer_32; size_t resp_len; uint8_t ldap_response[128]; size_t resp_idx; - (void)opt; /* squash the unused parameter warning */ - - if(phase!=PROTOCOL_MIDDLE) - return NULL; - s_log(LOG_DEBUG, "Sending LDAP Start TLS request"); s_write(c, c->remote_fd.fd, ldap_starttls_message, sizeof(ldap_starttls_message)); @@ -1285,17 +1273,13 @@ NOEXPORT char *ldap_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { /* any remaining data is ignored */ s_log(LOG_INFO, "LDAP Start TLS successfully negotiated"); - return NULL; } /**************************************** connect */ -NOEXPORT char *connect_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void connect_server_early(CLI *c) { char *request, *proto, *header; - (void)opt; /* squash the unused parameter warning */ - if(phase!=PROTOCOL_EARLY) - return NULL; request=fd_getline(c, c->local_rfd.fd); if(!is_prefix(request, "CONNECT ")) { fd_putline(c, c->local_wfd.fd, "HTTP/1.0 400 Bad Request Method"); @@ -1332,34 +1316,30 @@ NOEXPORT char *connect_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { fd_putline(c, c->local_wfd.fd, "HTTP/1.0 200 OK"); fd_putline(c, c->local_wfd.fd, "Server: stunnel/" STUNNEL_VERSION); fd_putline(c, c->local_wfd.fd, ""); - return NULL; } -NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { +NOEXPORT void connect_client_middle(CLI *c) { char *line, *encoded; NAME_LIST *ptr; - if(phase!=PROTOCOL_MIDDLE) - return NULL; - - if(!opt->protocol_host) { + if(!c->opt->protocol_host) { s_log(LOG_ERR, "protocolHost not specified"); throw_exception(c, 1); } fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", - opt->protocol_host); - fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host); - if(opt->protocol_username && opt->protocol_password) { - if(!strcasecmp(opt->protocol_authentication, "ntlm")) { + c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + if(c->opt->protocol_username && c->opt->protocol_password) { + if(!strcasecmp(c->opt->protocol_authentication, "ntlm")) { #ifndef OPENSSL_NO_MD4 - ntlm(c, opt); + ntlm(c); #else s_log(LOG_ERR, "NTLM authentication is not available"); throw_exception(c, 1); #endif } else { /* basic authentication */ line=str_printf("%s:%s", - opt->protocol_username, opt->protocol_password); + c->opt->protocol_username, c->opt->protocol_password); encoded=base64(1, line, (int)strlen(line)); str_free(line); if(!encoded) { @@ -1371,7 +1351,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { str_free(encoded); } } - for(ptr=opt->protocol_header; ptr; ptr=ptr->next) + for(ptr=c->opt->protocol_header; ptr; ptr=ptr->next) fd_putline(c, c->remote_fd.fd, ptr->name); /* custom header */ fd_putline(c, c->remote_fd.fd, ""); /* empty line */ @@ -1392,7 +1372,6 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { line=fd_getline(c, c->remote_fd.fd); /* read all headers */ } while(*line); str_free(line); - return NULL; } #ifndef OPENSSL_NO_MD4 @@ -1405,7 +1384,7 @@ NOEXPORT char *connect_client(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { #define s_min(a, b) ((a)>(b)?(b):(a)) -NOEXPORT void ntlm(CLI *c, SERVICE_OPTIONS *opt) { +NOEXPORT void ntlm(CLI *c) { char *line, buf[BUFSIZ], *ntlm1_txt, *ntlm2_txt, *ntlm3_txt, *tmpstr; long content_length=0; /* no HTTP content */ @@ -1463,10 +1442,10 @@ NOEXPORT void ntlm(CLI *c, SERVICE_OPTIONS *opt) { } /* send Proxy-Authorization (phase 3) */ - fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", opt->protocol_host); - fd_printf(c, c->remote_fd.fd, "Host: %s", opt->protocol_host); - ntlm3_txt=ntlm3(opt->protocol_domain, - opt->protocol_username, opt->protocol_password, ntlm2_txt); + fd_printf(c, c->remote_fd.fd, "CONNECT %s HTTP/1.1", c->opt->protocol_host); + fd_printf(c, c->remote_fd.fd, "Host: %s", c->opt->protocol_host); + ntlm3_txt=ntlm3(c->opt->protocol_domain, + c->opt->protocol_username, c->opt->protocol_password, ntlm2_txt); str_free(ntlm2_txt); if(!ntlm3_txt) { s_log(LOG_ERR, "Proxy-Authenticate: Failed to build NTLM response"); @@ -1668,6 +1647,111 @@ NOEXPORT char * base64( int encode, const char * in, int len ) /**************************************** capwin authentication support */ +NOEXPORT void capwin_server_middle(CLI *c) { + char *buffer, *user, *pass, *esc_user, *dn; + const char *failure="FAILED"; + int i; + + buffer=str_alloc(CAPWIN_BUFFER_SIZE); + for(i=0; ioption.protocol_endpoint=1; + return NULL; +} + +NOEXPORT void capwinctrl_client_early(CLI *c) { + s_log(LOG_DEBUG, "CapWIN: Setting credentials"); + memset(capwin_auth, 0, CAPWIN_BUFFER_SIZE); + s_read_eof(c, c->local_rfd.fd, capwin_auth, CAPWIN_BUFFER_SIZE - 1); + s_log(LOG_NOTICE, "CapWIN: Credentials set"); + /* skip connecting a remote host */ + throw_exception(c, 2); /* don't reset */ +} + NOEXPORT int capwin_decode(const char *src, char **cmd, char **user, char **pass, char **ctrl) { char *us1, *us2, *us3, *fs; @@ -1743,7 +1827,7 @@ NOEXPORT int ldap_auth(CLI *c, const char *dn, const char *pass) { if(c->fd==INVALID_SOCKET) return 1; /* FAILED */ s_log(LOG_DEBUG, "LDAP: Connecting the server"); - if(s_connect(c, &addr, addr_len(&addr))) { + if(s_connect(c, &addr, addr_len(&addr), c->opt->timeout_connect)) { closesocket(c->fd); c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ return 1; /* FAILED */ @@ -1793,124 +1877,4 @@ NOEXPORT char *ldap_escape_dn(const char *src) { return dst; } -NOEXPORT char *capwin_server(CLI *c, SERVICE_OPTIONS *opt, const PHASE phase) { - char *buffer, *user, *pass, *esc_user, *dn; - const char *success="BINGO", *failure="FAILED"; - int i; - - (void)opt; /* squash the unused parameter warning */ - switch(phase) { - case PROTOCOL_MIDDLE: /* TLS is established */ - buffer=str_alloc(CAPWIN_BUFFER_SIZE); - for(i=0; ioption.protocol_endpoint=1; - break; - case PROTOCOL_EARLY: - s_log(LOG_DEBUG, "CapWIN: Setting credentials"); - memset(capwin_auth, 0, CAPWIN_BUFFER_SIZE); - s_read_eof(c, c->local_rfd.fd, capwin_auth, CAPWIN_BUFFER_SIZE - 1); - s_log(LOG_NOTICE, "CapWIN: Credentials set"); - /* skip connecting a remote host */ - throw_exception(c, 2); /* don't reset */ - default: - break; - } - return NULL; -} - /* end of protocol.c */ diff --git a/src/prototypes.h b/src/prototypes.h index f5349511..52a7730a 100644 --- a/src/prototypes.h +++ b/src/prototypes.h @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -68,6 +68,12 @@ typedef struct tls_data_struct TLS_DATA; typedef struct sock_opt_struct SOCK_OPT; +typedef struct client_data_struct CLI; +typedef struct global_options_struct GLOBAL_OPTIONS; +typedef struct service_options_struct SERVICE_OPTIONS; +#ifndef OPENSSL_NO_TLSEXT +typedef struct servername_list_struct SERVERNAME_LIST; +#endif /* !defined(OPENSSL_NO_TLSEXT) */ /**************************************** data structures */ @@ -78,6 +84,61 @@ typedef struct sock_opt_struct SOCK_OPT; typedef HANDLE THREAD_ID; #endif +#ifdef NO_OPENSSLOFF +#define NO_OPENSSL_LOCKS OPENSSL_VERSION_NUMBER<0x10100004L +#else /* NO_OPENSSLOFF */ +#define NO_OPENSSL_LOCKS 1 +#endif /* NO_OPENSSLOFF */ + +#if NO_OPENSSL_LOCKS + +#ifdef USE_OS_THREADS + +struct CRYPTO_dynlock_value { +#ifdef USE_PTHREAD + pthread_rwlock_t rwlock; +#endif +#ifdef USE_WIN32 + CRITICAL_SECTION critical_section; +#endif +#ifdef DEBUG_LOCKS + const char *init_file, *read_lock_file, *write_lock_file, + *unlock_file, *destroy_file; + int init_line, read_lock_line, write_lock_line, unlock_line, destroy_line; +#endif +}; + +typedef struct CRYPTO_dynlock_value CRYPTO_RWLOCK; + +#else /* USE_OS_THREADS */ + +typedef void CRYPTO_RWLOCK; + +#endif /* USE_OS_THREADS */ + +#endif /* OPENSSL_VERSION_NUMBER<0x10100004L */ + +typedef enum { + LOCK_THREAD_LIST, /* sthreads.c */ + LOCK_SESSION, LOCK_ADDR, + LOCK_CLIENTS, LOCK_SSL, /* client.c */ + LOCK_REF, /* options.c */ + LOCK_INET, /* resolver.c */ +#ifndef USE_WIN32 + LOCK_LIBWRAP, /* libwrap.c */ +#endif + LOCK_LOG_BUFFER, LOCK_LOG_MODE, /* log.c */ + LOCK_LEAK_HASH, LOCK_LEAK_RESULTS, /* str.c */ +#ifndef OPENSSL_NO_DH + LOCK_DH, /* ctx.c */ +#endif /* OPENSSL_NO_DH */ +#ifdef USE_WIN32 + LOCK_WIN_LOG, /* ui_win_gui.c */ +#endif + LOCK_SECTIONS, /* traversing section list */ + STUNNEL_LOCKS /* number of locks */ +} LOCK_TYPE; + #if defined (USE_WIN32) #define ICON_IMAGE HICON #elif defined(__APPLE__) @@ -136,6 +197,7 @@ typedef struct sockaddr_list { /* list of addresses */ NAME_LIST *names; /* a list of unresolved names */ } SOCKADDR_LIST; +extern GLOBAL_OPTIONS global_options; #ifndef OPENSSL_NO_COMP typedef enum { COMP_NONE, /* empty compression algorithms set */ @@ -145,7 +207,7 @@ typedef enum { } COMP_TYPE; #endif /* !defined(OPENSSL_NO_COMP) */ -typedef struct { +struct global_options_struct { /* some data for TLS initialization in ssl.c */ #ifndef OPENSSL_NO_COMP COMP_TYPE compression; /* compression type */ @@ -188,13 +250,7 @@ typedef struct { unsigned fips:1; /* enable FIPS 140-2 mode */ #endif } option; -} GLOBAL_OPTIONS; - -extern GLOBAL_OPTIONS global_options; - -#ifndef OPENSSL_NO_TLSEXT -typedef struct servername_list_struct SERVERNAME_LIST;/* forward declaration */ -#endif /* !defined(OPENSSL_NO_TLSEXT) */ +}; #ifndef OPENSSL_NO_PSK typedef struct psk_keys_struct { @@ -216,7 +272,7 @@ typedef struct ticket_key_struct { } TICKET_KEY; #endif /* OpenSSL 1.0.0 or later */ -typedef struct service_options_struct { +struct service_options_struct { struct service_options_struct *next; /* next node in the services list */ SSL_CTX *ctx; /* TLS context */ char *servname; /* service name for logging & permission checking */ @@ -242,13 +298,21 @@ typedef struct service_options_struct { SOCK_OPT *sock_opts; /* service-specific data for verify.c */ - char *ca_dir; /* directory for hashed certs */ - char *ca_file; /* file containing bunches of certs */ - char *crl_dir; /* directory for hashed CRLs */ - char *crl_file; /* file containing bunches of CRLs */ +#ifndef OPENSSL_NO_ENGINE + NAME_LIST *ca_engine; /* engine-specific CA certificate identifier list */ +#endif + char *ca_dir; /* directory containing hashed CA certs */ + char *ca_file; /* file containing concatenated CA certs */ + char *crl_dir; /* directory containing hashed CRLs */ + char *crl_file; /* file containing concatenated CRLs */ #ifndef OPENSSL_NO_OCSP char *ocsp_url; unsigned long ocsp_flags; + CRYPTO_RWLOCK *ocsp_response_lock; /* protect the OCSP response cache */ + unsigned char *ocsp_response_der; /* OCSP response data */ + int ocsp_response_len; /* OCSP response length */ + unsigned stapling_cb_flag:1; /* OCSP stapling callback executed */ + unsigned verify_cb_flag:1; /* verify callback executed at depth 0 */ #endif /* !defined(OPENSSL_NO_OCSP) */ #if OPENSSL_VERSION_NUMBER>=0x10002000L NAME_LIST *check_host, *check_email, *check_ip; /* cert subject checks */ @@ -322,14 +386,19 @@ typedef struct service_options_struct { SSL_SESSION *session; /* previous client session for delayed resolver */ int timeout_busy; /* maximum waiting for data time */ int timeout_close; /* maximum close_notify time */ - int timeout_connect; /* maximum connect() time */ + int timeout_connect; /* maximum s_connect() time */ int timeout_idle; /* maximum idle connection time */ + int timeout_ocsp; /* maximum s_connect() time for OCSP */ enum {FAILOVER_RR, FAILOVER_PRIO} failover; /* failover strategy */ unsigned rr; /* per-service sequential number for round-robin failover */ - char *username; + char *username; /* ident client username */ + long retry; /* retry delay for remote+program loop or -1 if disabled */ /* service-specific data for protocol.c */ char *protocol; + void (*protocol_early)(CLI *); + void (*protocol_middle)(CLI *); + void (*protocol_late)(CLI *); NAME_LIST *protocol_header; char *protocol_host; char *protocol_domain; @@ -360,7 +429,6 @@ typedef struct service_options_struct { unsigned libwrap:1; #endif unsigned local:1; /* outgoing interface specified */ - unsigned retry:1; /* loop remote+program */ unsigned session_resume:1; /* enable session resumption */ unsigned sessiond:1; #ifndef USE_WIN32 @@ -375,6 +443,7 @@ typedef struct service_options_struct { #ifndef OPENSSL_NO_OCSP unsigned aia:1; /* Authority Information Access */ unsigned nonce:1; /* send and verify OCSP nonce */ + unsigned ocsp_require:1; /* require a conclusive OCSP response */ #endif /* !defined(OPENSSL_NO_OCSP) */ #ifndef OPENSSL_NO_DH unsigned dh_temp_params:1; @@ -383,7 +452,7 @@ typedef struct service_options_struct { unsigned log_stderr:1; /* a copy of the global switch */ #endif /* USE_WIN32 */ } option; -} SERVICE_OPTIONS; +}; extern SERVICE_OPTIONS service_options; @@ -436,13 +505,9 @@ typedef struct { int main_thread; } s_poll_set; -typedef struct disk_file { -#ifdef USE_WIN32 - HANDLE fh; -#else - int fd; -#endif - /* the interface is prepared to easily implement buffering if needed */ +typedef struct { + /* stdio is currently used, but alternative implementations can be added */ + FILE *f; } DISK_FILE; /* definitions for client.c */ @@ -458,7 +523,7 @@ typedef enum { RENEG_DETECTED /* renegotiation detected */ } RENEG_STATE; -typedef struct client_data_struct { +struct client_data_struct { #ifdef MSSPISSL MSSPI_HANDLE msh; #ifdef MAPOIDSSL @@ -496,6 +561,7 @@ typedef struct client_data_struct { FD remote_fd; /* remote file descriptor */ unsigned long pid; /* PID of the local process */ SOCKET fd; /* temporary file descriptor */ + int fatal_alert; /* received a fatal alert */ RENEG_STATE reneg_state; /* used to track renegotiation attempts */ unsigned long long seq; /* sequential thread number for logging */ unsigned rr; /* per-client sequential number for round-robin failover */ @@ -511,7 +577,7 @@ typedef struct client_data_struct { struct { unsigned psk:1; /* PSK identity was found */ } flag; -} CLI; +}; /**************************************** prototypes for stunnel.c */ @@ -562,6 +628,8 @@ void set_nonblock(SOCKET, unsigned long); #define SINK_SYSLOG 1 #define SINK_OUTFILE 2 +extern DISK_FILE *outfile; + int log_open(int); void log_close(int); void log_flush(LOG_MODE); @@ -571,6 +639,7 @@ void s_log(int, const char *, ...) #else ; #endif +void s_vlog(int, const char *, va_list); char *log_id(CLI *); void fatal_debug(const char *, const char *, int) NORETURN; #define fatal(a) fatal_debug((a), __FILE__, __LINE__) @@ -593,7 +662,8 @@ DH *get_dh2048(void); /**************************************** prototypes for cron.c */ #ifdef USE_OS_THREADS -extern THREAD_ID cron_thread_id; +extern THREAD_ID per_second_thread_id; +extern THREAD_ID per_day_thread_id; #endif int cron_init(void); @@ -605,7 +675,7 @@ extern int index_session_authenticated, index_session_connect_address; int fips_default(void); int fips_available(void); -void crypto_init(char *); +void crypto_init(void); int ssl_init(void); int ssl_configure(GLOBAL_OPTIONS *); @@ -619,6 +689,7 @@ extern int dh_temp_params; #endif /* OPENSSL_NO_DH */ int context_init(SERVICE_OPTIONS *); +void context_cleanup(SERVICE_OPTIONS *); #ifndef OPENSSL_NO_PSK void psk_sort(PSK_TABLE *, PSK_KEYS *); PSK_KEYS *psk_find(const PSK_TABLE *, const char *); @@ -632,9 +703,20 @@ void sslerror(const char *); /**************************************** prototypes for verify.c */ int verify_init(SERVICE_OPTIONS *); -void print_client_CA_list(const STACK_OF(X509_NAME) *); +#ifndef OPENSSL_NO_ENGINE +X509 *engine_get_cert(ENGINE *, const char *); +#endif +void print_CA_list(const char *, const STACK_OF(X509_NAME) *); char *X509_NAME2text(X509_NAME *); +/**************************************** prototypes for ocsp.c */ + +#ifndef OPENSSL_NO_OCSP +int ocsp_check(CLI *, X509_STORE_CTX *); /* OCSP client-driven checking */ +int ocsp_init(SERVICE_OPTIONS *); /* OCSP stapling initialization */ +void ocsp_cleanup(SERVICE_OPTIONS *); +#endif /* !defined(OPENSSL_NO_OCSP) */ + /**************************************** prototypes for network.c */ s_poll_set *s_poll_alloc(void); @@ -666,6 +748,7 @@ void s_poll_sleep(int, int); int socket_options_set(SERVICE_OPTIONS *, SOCKET, int); int make_sockets(SOCKET[2]); int original_dst(const SOCKET, SOCKADDR_UNION *); +int socket_needs_retry(CLI *, const char *); /**************************************** prototypes for client.c */ @@ -683,7 +766,7 @@ void throw_exception(CLI *, int) NORETURN; /**************************************** prototypes for network.c */ int get_socket_error(const SOCKET); -int s_connect(CLI *, SOCKADDR_UNION *, socklen_t); +int s_connect(CLI *, SOCKADDR_UNION *, socklen_t, int); void s_write(CLI *, SOCKET fd, const void *, size_t); size_t s_read_eof(CLI *, SOCKET fd, void *, size_t); void s_read(CLI *, SOCKET fd, void *, size_t); @@ -711,19 +794,12 @@ void ssl_printf(CLI *, const char *, ...) /**************************************** prototype for protocol.c */ -typedef enum { - PROTOCOL_CHECK, - PROTOCOL_EARLY, - PROTOCOL_MIDDLE, - PROTOCOL_LATE -} PHASE; - #ifdef USE_WIN32 extern HWND capwin_hwnd; extern LONG capwin_connectivity; #endif -const char *protocol(CLI *, SERVICE_OPTIONS *opt, const PHASE); +const char *protocol_init(SERVICE_OPTIONS *); /**************************************** prototypes for resolver.c */ @@ -769,71 +845,16 @@ int getnameinfo(const struct sockaddr *, socklen_t, extern CLI *thread_head; #endif -#ifdef NO_OPENSSLOFF -#define NO_OPENSSL_LOCKS OPENSSL_VERSION_NUMBER<0x10100004L -#else /* NO_OPENSSLOFF */ -#define NO_OPENSSL_LOCKS 1 -#endif /* NO_OPENSSLOFF */ - -#if NO_OPENSSL_LOCKS - -#ifdef USE_OS_THREADS - -struct CRYPTO_dynlock_value { -#ifdef USE_PTHREAD - pthread_rwlock_t rwlock; -#endif -#ifdef USE_WIN32 - CRITICAL_SECTION critical_section; -#endif -#ifdef DEBUG_LOCKS - const char *init_file, *read_lock_file, *write_lock_file, - *unlock_file, *destroy_file; - int init_line, read_lock_line, write_lock_line, unlock_line, destroy_line; -#endif -}; - -typedef void CRYPTO_RWLOCK; - -#else /* USE_OS_THREADS */ - -typedef void CRYPTO_RWLOCK; - -#endif /* USE_OS_THREADS */ - -#endif /* NO_OPENSSL_LOCKS */ - -typedef enum { - LOCK_THREAD_LIST, /* sthreads.c */ - LOCK_SESSION, LOCK_ADDR, - LOCK_CLIENTS, LOCK_SSL, /* client.c */ - LOCK_REF, /* options.c */ - LOCK_INET, /* resolver.c */ -#ifndef USE_WIN32 - LOCK_LIBWRAP, /* libwrap.c */ -#endif - LOCK_LOG_BUFFER, LOCK_LOG_MODE, /* log.c */ - LOCK_LEAK_HASH, LOCK_LEAK_RESULTS, /* str.c */ -#ifndef OPENSSL_NO_DH - LOCK_DH, /* ctx.c */ -#endif /* OPENSSL_NO_DH */ -#ifdef USE_WIN32 - LOCK_WIN_LOG, /* ui_win_gui.c */ -#endif - LOCK_SECTIONS, /* traversing section list */ - STUNNEL_LOCKS /* number of locks */ -} LOCK_TYPE; - extern CRYPTO_RWLOCK *stunnel_locks[STUNNEL_LOCKS]; #if NO_OPENSSL_LOCKS /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void); -int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *); -int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *); -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *); -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *); -int CRYPTO_atomic_add(int *, int, int *, CRYPTO_RWLOCK *); +void *CRYPTO_THREAD_lock_new(void); +int CRYPTO_THREAD_read_lock(void *); +int CRYPTO_THREAD_write_lock(void *); +int CRYPTO_THREAD_unlock(void *); +void CRYPTO_THREAD_lock_free(void *); +int CRYPTO_atomic_add(int *, int, int *, void *); #endif /* NO_OPENSSL_LOCKS */ int sthreads_init(void); @@ -869,12 +890,14 @@ void ignore_value(void *); /**************************************** prototypes for file.c */ #ifndef USE_WIN32 -DISK_FILE *file_fdopen(int); +DISK_FILE *file_fdopen(int, FILE_MODE mode); #endif DISK_FILE *file_open(char *, FILE_MODE mode); void file_close(DISK_FILE *); ssize_t file_getline(DISK_FILE *, char *, int); -ssize_t file_putline(DISK_FILE *, char *); +ssize_t file_putline_nonewline(DISK_FILE *, char *); +ssize_t file_putline_newline(DISK_FILE *, char *); +int file_flush(DISK_FILE *); int file_permissions(const char *); #ifdef USE_WIN32 @@ -910,8 +933,9 @@ struct tls_data_struct { const char *id; }; -void str_init(TLS_DATA *); -void str_cleanup(TLS_DATA *); +void str_init(void); +void str_thread_init(TLS_DATA *); +void str_thread_cleanup(TLS_DATA *); char *str_dup_debug(const char *, const char *, int); #define str_dup(a) str_dup_debug((a), __FILE__, __LINE__) char *str_dup_detached_debug(const char *, const char *, int); diff --git a/src/pty.c b/src/pty.c index 501740ea..3c896df5 100644 --- a/src/pty.c +++ b/src/pty.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/resolver.c b/src/resolver.c index b9f64bbe..0acd8c70 100644 --- a/src/resolver.c +++ b/src/resolver.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the diff --git a/src/resources.rc b/src/resources.rc index 31892d71..a537ed8a 100644 --- a/src/resources.rc +++ b/src/resources.rc @@ -19,7 +19,7 @@ BEGIN VALUE "FileDescription", "stunnel - TLS offloading and load-balancing proxy" VALUE "FileVersion", STUNNEL_VERSION VALUE "InternalName", "stunnel" - VALUE "LegalCopyright", " by Michal Trojnara, 1998-2022" + VALUE "LegalCopyright", " by Michal Trojnara, 1998-2023" VALUE "OriginalFilename", "stunnel.exe" VALUE "ProductName", STUNNEL_PRODUCTNAME VALUE "ProductVersion", STUNNEL_VERSION @@ -107,7 +107,7 @@ BEGIN ICON IDI_STUNNEL_MAIN, -1, 6, 6, 20, 20 LTEXT "stunnel version", -1, 30, 4, 49, 8 LTEXT STUNNEL_VERSION, -1, 79, 4, 57, 8 - LTEXT " by Michal Trojnara, 1998-2022", -1, 30, 12, 106, 8 + LTEXT " by Michal Trojnara, 1998-2023", -1, 30, 12, 106, 8 LTEXT "All Rights Reserved", -1, 30, 20, 106, 8 LTEXT "Licensed under the GNU GPL version 2", -1, 4, 28, 132, 8 LTEXT "with a special exception for OpenSSL", -1, 4, 36, 132, 8 diff --git a/src/ssl.c b/src/ssl.c index fd6106bb..e64d330e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -38,8 +38,13 @@ #include "prototypes.h" /* global OpenSSL initialization: compression, engine, entropy */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); +#else /* OPENSSL_VERSION_NUMBER>=0x10100000L */ +NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ #if OPENSSL_VERSION_NUMBER>=0x30000000L NOEXPORT int cb_dup_addr(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from, void **from_d, int idx, long argl, void *argp); @@ -54,7 +59,8 @@ NOEXPORT void cb_free_addr(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); #ifndef OPENSSL_NO_COMP NOEXPORT void compression_init(void); -NOEXPORT int compression_configure(GLOBAL_OPTIONS *); +NOEXPORT int compression_set(GLOBAL_OPTIONS *); +NOEXPORT void compression_list(void); #endif NOEXPORT int prng_init(GLOBAL_OPTIONS *); NOEXPORT int add_rand_file(GLOBAL_OPTIONS *, const char *); @@ -101,15 +107,54 @@ int fips_available() { /* either FIPS provider or container is available */ } /* initialize libcrypto before invoking API functions that require it */ -void crypto_init(char *stunnel_dir) { +void crypto_init() { #if OPENSSL_VERSION_NUMBER>=0x10100000L - OPENSSL_INIT_SETTINGS *conf=OPENSSL_INIT_new(); + OPENSSL_INIT_SETTINGS *conf; +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ #ifdef USE_WIN32 - char *path; -#else /* USE_WIN32 */ - (void)stunnel_dir; /* squash the unused parameter warning */ + TCHAR stunnel_exe_path[MAX_PATH]; + LPTSTR c; +#if OPENSSL_VERSION_NUMBER>=0x10100000L + char *stunnel_dir, *path; +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ + + /* identify stunnel_exe_path */ + GetModuleFileName(0, stunnel_exe_path, MAX_PATH); + c=_tcsrchr(stunnel_exe_path, TEXT('\\')); /* last backslash */ + if(c) { /* found */ + *c=TEXT('\0'); /* truncate the program name */ + c=_tcsrchr(stunnel_exe_path, TEXT('\\')); /* previous backslash */ + if(c && !_tcscmp(c+1, TEXT("bin"))) + *c=TEXT('\0'); /* truncate "bin" */ + } + + /* set current working directory */ +#ifndef _WIN32_WCE + if(!SetCurrentDirectory(stunnel_exe_path)) { + LPTSTR errmsg=str_tprintf(TEXT("Cannot set directory to %s"), + stunnel_exe_path); + message_box(errmsg, MB_ICONERROR); + str_free(errmsg); + exit(1); + } + /* try to enter the "config" subdirectory, ignore the result */ + SetCurrentDirectory(TEXT("config")); +#endif + + /* setup the environment */ + _tputenv(str_tprintf(TEXT("OPENSSL_ENGINES=%s\\engines"), + stunnel_exe_path)); + _tputenv(str_tprintf(TEXT("OPENSSL_MODULES=%s\\ossl-modules"), + stunnel_exe_path)); + _tputenv(str_tprintf(TEXT("OPENSSL_CONF=%s\\config\\openssl.cnf"), + stunnel_exe_path)); #endif /* USE_WIN32 */ + + /* initialize OpenSSL */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L + conf=OPENSSL_INIT_new(); #ifdef USE_WIN32 + stunnel_dir=tstr2str(stunnel_exe_path); if(!stunnel_dir) /* fail-safe */ stunnel_dir=str_dup(".."); path=str_printf("%s\\config\\openssl.cnf", stunnel_dir); @@ -117,24 +162,30 @@ void crypto_init(char *stunnel_dir) { s_log(LOG_ERR, "Failed to set OpenSSL configuration file name"); } str_free(path); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - path=str_printf("%s\\ossl-modules", stunnel_dir); - if(!OSSL_PROVIDER_set_default_search_path(NULL, path)) { - s_log(LOG_ERR, "Failed to set default ossl-modules path"); - } - str_free(path); -#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ - str_free(stunnel_dir); #endif /* USE_WIN32 */ OPENSSL_init_crypto( OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, conf); OPENSSL_INIT_free(conf); #else /* OPENSSL_VERSION_NUMBER>=0x10100000L */ - (void)stunnel_dir; /* squash the unused parameter warning */ OPENSSL_config(NULL); SSL_load_error_strings(); SSL_library_init(); #endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ + +#ifdef USE_WIN32 +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + /* setup the default search path for providers */ + /* WARNING: OpenSSL needs to already be initialized */ + path=str_printf("%s\\ossl-modules", stunnel_dir); + if(!OSSL_PROVIDER_set_default_search_path(NULL, path)) { + s_log(LOG_ERR, "Failed to set default ossl-modules path"); + } + str_free(path); +#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */ +#if OPENSSL_VERSION_NUMBER>=0x10100000L + str_free(stunnel_dir); +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ +#endif /* USE_WIN32 */ } /* initialize lbssl before parsing the configuration file */ @@ -186,8 +237,13 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) { #endif #endif +#if OPENSSL_VERSION_NUMBER>=0x10100000L NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { +#else /* OPENSSL_VERSION_NUMBER>=0x10100000L */ +NOEXPORT int cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp) { +#endif /* OPENSSL_VERSION_NUMBER>=0x10100000L */ (void)parent; /* squash the unused parameter warning */ (void)ptr; /* squash the unused parameter warning */ (void)argl; /* squash the unused parameter warning */ @@ -195,6 +251,9 @@ NOEXPORT void cb_new_auth(void *parent, void *ptr, CRYPTO_EX_DATA *ad, (char *)argp); if(!CRYPTO_set_ex_data(ad, idx, (void *)(-1))) sslerror("CRYPTO_set_ex_data"); +#if OPENSSL_VERSION_NUMBER<0x10100000L + return 1; /* success */ +#endif /* OPENSSL_VERSION_NUMBER<0x10100000L */ } #if OPENSSL_VERSION_NUMBER>=0x30000000L @@ -280,8 +339,9 @@ int ssl_configure(GLOBAL_OPTIONS *global) { /* configure global TLS settings */ #endif /* USE_FIPS */ #ifndef OPENSSL_NO_COMP - if(compression_configure(global)) + if(compression_set(global)) return 1; + compression_list(); #endif /* OPENSSL_NO_COMP */ if(prng_init(global)) return 1; @@ -358,32 +418,41 @@ NOEXPORT void compression_init() { comp_methods[COMP_ZLIB]=methods; /* reuse the memory */ } -NOEXPORT int compression_configure(GLOBAL_OPTIONS *global) { - STACK_OF(SSL_COMP) *methods; - int num_methods, i; - +NOEXPORT int compression_set(GLOBAL_OPTIONS *global) { if(!comp_methods[global->compression]) { s_log(LOG_ERR, "Configured compression is unsupported by OpenSSL"); return 1; } SSL_COMP_set0_compression_methods(comp_methods[global->compression]); + return 0; /* success */ +} + +NOEXPORT void compression_list() { + STACK_OF(SSL_COMP) *methods; + int num_methods, i; methods=SSL_COMP_get_compression_methods(); num_methods=sk_SSL_COMP_num(methods); + if(!num_methods) { + s_log(LOG_INFO, "Compression disabled"); + return; + } s_log(LOG_INFO, "Compression enabled: %d method%s", num_methods, num_methods==1 ? "" : "s"); for(i=0; i + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -334,7 +334,7 @@ NOEXPORT int s_add_lock_cb(int *num, int amount, int type, return s_atomic_add(num, amount, lock_cs+type); } -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { +void *CRYPTO_THREAD_lock_new(void) { struct CRYPTO_dynlock_value *lock; lock=str_alloc_detached(sizeof(struct CRYPTO_dynlock_value)); @@ -342,54 +342,54 @@ CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { return lock; } -int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_read_lock(void *lock) { s_read_lock_debug(lock, __FILE__, __LINE__); return 1; } -int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_write_lock(void *lock) { s_write_lock_debug(lock, __FILE__, __LINE__); return 1; } -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_unlock(void *lock) { s_unlock_debug(lock, __FILE__, __LINE__); return 1; } -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { +void CRYPTO_THREAD_lock_free(void *lock) { s_lock_destroy_debug(lock, __FILE__, __LINE__); } #else /* USE_OS_THREADS */ -CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void) { +void *CRYPTO_THREAD_lock_new(void) { return NULL; } -int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_read_lock(void *lock) { (void)lock; /* squash the unused parameter warning */ return 1; } -int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_write_lock(void *lock) { (void)lock; /* squash the unused parameter warning */ return 1; } -int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock) { +int CRYPTO_THREAD_unlock(void *lock) { (void)lock; /* squash the unused parameter warning */ return 1; } -void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) { +void CRYPTO_THREAD_lock_free(void *lock) { (void)lock; /* squash the unused parameter warning */ } #endif /* USE_OS_THREADS */ -int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) { - *ret=s_atomic_add(val, amount, lock); +int CRYPTO_atomic_add(int *val, int amount, int *ret, void *lock) { + *ret=s_atomic_add(val, amount, (CRYPTO_RWLOCK *)lock); return 1; } diff --git a/src/str.c b/src/str.c index b9eca811..0e45ad78 100644 --- a/src/str.c +++ b/src/str.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -84,14 +84,19 @@ struct alloc_list_struct { #define LEAK_TABLE_SIZE 997 typedef struct { + int num, max; /* current and highest number of allocations */ + int64_t total; /* approximate total number of heap operations */ const char *alloc_file; int alloc_line; - int num, max; } LEAK_ENTRY; NOEXPORT LEAK_ENTRY leak_hash_table[LEAK_TABLE_SIZE], *leak_results[LEAK_TABLE_SIZE]; NOEXPORT int leak_result_num=0; +#if OPENSSL_VERSION_NUMBER >= 0x10101000L +DEFINE_STACK_OF(LEAK_ENTRY) +#endif /* OpenSSL version >= 1.1.1 */ + #ifdef USE_WIN32 NOEXPORT LPTSTR str_vtprintf(LPCTSTR, va_list); #endif /* USE_WIN32 */ @@ -102,6 +107,9 @@ NOEXPORT ALLOC_LIST *get_alloc_list_ptr(void *, const char *, int); NOEXPORT void str_leak_debug(const ALLOC_LIST *, int); NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *); +#if OPENSSL_VERSION_NUMBER >= 0x10101000L +NOEXPORT int leak_cmp(const LEAK_ENTRY *const *, const LEAK_ENTRY *const *); +#endif /* OpenSSL version >= 1.1.1 */ NOEXPORT void leak_report(void); NOEXPORT long leak_threshold(void); @@ -111,14 +119,6 @@ NOEXPORT volatile uint64_t canary_initialized=CANARY_UNINTIALIZED; /**************************************** string manipulation functions */ -#ifndef va_copy -#ifdef __va_copy -#define va_copy(dst, src) __va_copy((dst), (src)) -#else /* __va_copy */ -#define va_copy(dst, src) memcpy(&(dst), &(src), sizeof(va_list)) -#endif /* __va_copy */ -#endif /* va_copy */ - char *str_dup_debug(const char *str, const char *file, int line) { char *retval; @@ -157,7 +157,7 @@ char *str_printf(const char *format, ...) { #endif /* __GNUC__ */ char *str_vprintf(const char *format, va_list start_ap) { int n; - size_t size=32; + size_t size=96; char *p; va_list ap; @@ -165,6 +165,7 @@ char *str_vprintf(const char *format, va_list start_ap) { for(;;) { va_copy(ap, start_ap); n=vsnprintf(p, size, format, ap); + va_end(ap); if(n>-1 && n<(int)size) return p; if(n>-1) /* glibc 2.1 */ @@ -213,12 +214,16 @@ NOEXPORT LPTSTR str_vtprintf(LPCTSTR format, va_list start_ap) { /**************************************** memory allocation wrappers */ -void str_init(TLS_DATA *tls_data) { +void str_init(void) { + memset(leak_hash_table, 0, sizeof leak_hash_table); +} + +void str_thread_init(TLS_DATA *tls_data) { tls_data->alloc_head=NULL; tls_data->alloc_bytes=tls_data->alloc_blocks=0; } -void str_cleanup(TLS_DATA *tls_data) { +void str_thread_cleanup(TLS_DATA *tls_data) { /* free all attached allocations */ while(tls_data->alloc_head) /* str_free macro requires an lvalue */ str_free_expression(tls_data->alloc_head+1); @@ -498,7 +503,11 @@ NOEXPORT void str_leak_debug(const ALLOC_LIST *alloc_list, int change) { CRYPTO_THREAD_unlock(stunnel_locks[LOCK_LEAK_HASH]); } - /* for performance we try to avoid calling CRYPTO_atomic_add() here */ + /* for performance reasons, we ignore the race condition, as an approximate + * number of allocations is good enough to identify the most used entries */ + entry->total++; + + /* for performance reasons, we try to avoid calling CRYPTO_atomic_add() */ #ifdef USE_OS_THREADS #ifdef _MSC_VER /* casting is safe, because sizeof(long)==sizeof(int) on Windows */ @@ -536,7 +545,7 @@ NOEXPORT void str_leak_debug(const ALLOC_LIST *alloc_list, int change) { /* O(1) hash table lookup */ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *alloc_list) { /* a trivial hash based on source file name *address* and line number */ - unsigned i=((unsigned)(uintptr_t)alloc_list->alloc_file+ + unsigned i=(1777*(unsigned)(uintptr_t)alloc_list->alloc_file+ (unsigned)alloc_list->alloc_line)%LEAK_TABLE_SIZE; while(!(leak_hash_table[i].alloc_line==0 || @@ -548,19 +557,51 @@ NOEXPORT LEAK_ENTRY *leak_search(const ALLOC_LIST *alloc_list) { void leak_table_utilization() { int i, utilization=0; + int64_t grand_total=0; +#if OPENSSL_VERSION_NUMBER >= 0x10101000L + STACK_OF(LEAK_ENTRY) *stats; +#endif /* OpenSSL version >= 1.1.1 */ + + /* leak_hash_table[] is only filled at the DEBUG logging level */ + if(service_options.log_level= 0x10101000L + /* log up to 5 most frequently used heap allocations */ + stats=sk_LEAK_ENTRY_new_reserve(leak_cmp, utilization); + for(i=0; itotal/(double)grand_total, + entry->alloc_file, entry->alloc_line); + } + sk_LEAK_ENTRY_free(stats); +#endif /* OpenSSL version >= 1.1.1 */ +} + +#if OPENSSL_VERSION_NUMBER >= 0x10101000L +NOEXPORT int leak_cmp(const LEAK_ENTRY *const *a, const LEAK_ENTRY *const *b) { + int64_t d = (*a)->total - (*b)->total; + if(d>0) + return 1; + if(d<0) + return -1; + return 0; } +#endif /* OpenSSL version >= 1.1.1 */ /* report identified leaks */ NOEXPORT void leak_report() { diff --git a/src/stunnel.c b/src/stunnel.c index b18c7eab..a86ba126 100644 --- a/src/stunnel.c +++ b/src/stunnel.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -268,7 +268,7 @@ NOEXPORT void terminate_threads() { threads=0; for(c=thread_head; c; c=c->thread_next) /* count client threads */ threads++; - thread_list=str_alloc((threads+1)*sizeof(THREAD_ID)); + thread_list=str_alloc((threads+2)*sizeof(THREAD_ID)); i=0; for(c=thread_head; c; c=c->thread_next) { /* copy client threads */ thread_list[i++]=c->thread_id; @@ -279,6 +279,16 @@ NOEXPORT void terminate_threads() { thread_list[threads++]=cron_thread_id; s_log(LOG_DEBUG, "Terminating the cron thread"); } + + if(per_second_thread_id) { /* append per_second_thread_id if used */ + thread_list[threads++]=per_second_thread_id; + s_log(LOG_DEBUG, "Terminating the per-second thread"); + } + + if(per_day_thread_id) { /* append per_day_thread_id if used */ + thread_list[threads++]=per_day_thread_id; + s_log(LOG_DEBUG, "Terminating the per-day thread"); + } #endif /* NO_OPENSSLOFF */ CRYPTO_THREAD_unlock(stunnel_locks[LOCK_THREAD_LIST]); @@ -367,6 +377,7 @@ void daemon_loop(void) { s_log(LOG_CRIT, "Failed to start exec+connect services"); exit(1); } + s_log(LOG_INFO, "Accepting new connections"); while(1) { int temporary_lack_of_resources=0; int num=s_poll_wait(fds, -1, -1); @@ -451,7 +462,6 @@ NOEXPORT int accept_connection(SERVICE_OPTIONS *opt, unsigned i) { #endif if(create_client(fd, s, alloc_client_session(opt, s, s))) { s_log(LOG_ERR, "Connection rejected: create_client failed"); - closesocket(s); #ifndef USE_FORK service_free(opt); #endif @@ -507,7 +517,7 @@ NOEXPORT void unbind_ports(void) { /* FIXME: this is just a crude workaround */ /* is it better to kill the service? */ /* FIXME: this won't work with FORK threads */ - opt->option.retry=0; + opt->retry=-1; /* disable */ } s_log(LOG_DEBUG, "Service [%s] closed", opt->servname); @@ -594,7 +604,7 @@ NOEXPORT int bind_ports(void) { s_log(LOG_DEBUG, "Skipped exec+connect service [%s]", opt->servname); #ifndef OPENSSL_NO_TLSEXT } else if(!opt->option.client && opt->sni) { - s_log(LOG_DEBUG, "Skipped SNI slave service [%s]", opt->servname); + s_log(LOG_DEBUG, "Skipped SNI secondary service [%s]", opt->servname); #endif } else { /* each service must define two endpoints */ s_log(LOG_ERR, "Invalid service [%s]", opt->servname); diff --git a/src/tls.c b/src/tls.c index 9299dbdd..6b9aade8 100644 --- a/src/tls.c +++ b/src/tls.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -60,6 +60,7 @@ void tls_init() { str_realloc_detached_debug, free_function); #endif #endif /* NO_OPENSSLOFF */ + str_init(); } /* this has to be the first function called by a new thread */ @@ -75,7 +76,7 @@ TLS_DATA *tls_alloc(CLI *c, TLS_DATA *inherited, const char *txt) { fatal("Out of memory"); if(c) c->tls=tls_data; - str_init(tls_data); + str_thread_init(tls_data); tls_data->c=c; tls_data->opt=c?c->opt:&service_options; } @@ -101,7 +102,7 @@ void tls_cleanup() { tls_data=tls_get(); if(!tls_data) return; - str_cleanup(tls_data); + str_thread_cleanup(tls_data); str_free_const(tls_data->id); /* detached allocation */ tls_set(NULL); free(tls_data); diff --git a/src/ui_unix.c b/src/ui_unix.c index fbb93d76..c169c8f4 100644 --- a/src/ui_unix.c +++ b/src/ui_unix.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -55,7 +55,7 @@ int main(int argc, char* argv[]) { /* execution begins here 8-) */ #endif tls_init(); /* initialize thread-local storage */ #ifdef NO_OPENSSLOFF - crypto_init(NULL); /* initialize libcrypto */ + crypto_init(); /* initialize libcrypto */ #endif // NO_OPENSSLOFF retval=main_unix(argc, argv); main_cleanup(); diff --git a/src/ui_win_cli.c b/src/ui_win_cli.c index f8ea644c..3b021426 100644 --- a/src/ui_win_cli.c +++ b/src/ui_win_cli.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -39,7 +39,6 @@ int main(int argc, char *argv[]) { static struct WSAData wsa_state; - TCHAR *c, stunnel_exe_path[MAX_PATH]; tls_init(); /* initialize thread-local storage */ @@ -69,7 +68,7 @@ int main(int argc, char *argv[]) { stunnel_exe_path)); _tputenv(str_tprintf(TEXT("OPENSSL_CONF=%s\\config\\openssl.cnf"), stunnel_exe_path)); - crypto_init(tstr2str(stunnel_exe_path)); /* initialize libcrypto */ + crypto_init(); /* initialize libcrypto */ #endif // NO_OPENSSLOFF if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) @@ -123,8 +122,8 @@ void ui_new_log(const char *line) { RETAILMSG(TRUE, (TEXT("%s\r\n"), tstr)); #else /* use UTF-16 or native codepage rather than UTF-8 */ - _ftprintf(stderr, TEXT("%s\r\n"), tstr); - fflush(stderr); + _putts(tstr); + fflush(stdout); #endif str_free(tstr); } diff --git a/src/ui_win_gui.c b/src/ui_win_gui.c index ae1a2820..511398ad 100644 --- a/src/ui_win_gui.c +++ b/src/ui_win_gui.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -224,7 +224,7 @@ int WINAPI WinMain(HINSTANCE this_instance, HINSTANCE prev_instance, stunnel_exe_path)); _tputenv(str_tprintf(TEXT("OPENSSL_CONF=%s\\config\\openssl.cnf"), stunnel_exe_path)); - crypto_init(tstr2str(stunnel_exe_path)); /* initialize libcrypto */ + crypto_init(); /* initialize libcrypto */ #endif // NO_OPENSSLOFF gui_cmdline(); /* setup global cmdline structure */ diff --git a/src/vc.mak b/src/vc.mak index 500135da..b4aa60af 100644 --- a/src/vc.mak +++ b/src/vc.mak @@ -1,4 +1,4 @@ -# vc.mak by Michal Trojnara 1998-2022 +# vc.mak by Michal Trojnara 1998-2023 # with help of David Gillingham # with help of Pierre Delaage @@ -43,7 +43,7 @@ SHAREDOBJS=$(OBJ)\stunnel.obj $(OBJ)\ssl.obj $(OBJ)\ctx.obj \ $(OBJ)\protocol.obj $(OBJ)\sthreads.obj $(OBJ)\log.obj \ $(OBJ)\options.obj $(OBJ)\network.obj $(OBJ)\resolver.obj \ $(OBJ)\str.obj $(OBJ)\tls.obj $(OBJ)\fd.obj $(OBJ)\dhparam.obj \ - $(OBJ)\cron.obj + $(OBJ)\cron.obj $(OBJ)\ocsp.obj GUIOBJS=$(OBJ)\ui_win_gui.obj $(OBJ)\resources.res CLIOBJS=$(OBJ)\ui_win_cli.obj diff --git a/src/verify.c b/src/verify.c index 4058d6c5..e59ac49a 100644 --- a/src/verify.c +++ b/src/verify.c @@ -1,6 +1,6 @@ /* * stunnel TLS offloading and load-balancing proxy - * Copyright (C) 1998-2022 Michal Trojnara + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -40,11 +40,11 @@ /**************************************** prototypes */ /* verify initialization */ -NOEXPORT void set_client_CA_list(SERVICE_OPTIONS *section); -NOEXPORT void auth_warnings(SERVICE_OPTIONS *); -NOEXPORT int crl_init(SERVICE_OPTIONS *section); +NOEXPORT int init_ca(SERVICE_OPTIONS *section); +NOEXPORT int init_crl(SERVICE_OPTIONS *section); NOEXPORT int load_file_lookup(X509_STORE *, char *); NOEXPORT int add_dir_lookup(X509_STORE *, char *); +NOEXPORT void auth_warnings(SERVICE_OPTIONS *); /* verify callback */ NOEXPORT int verify_callback(int, X509_STORE_CTX *); @@ -55,38 +55,21 @@ NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *); #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */ NOEXPORT int cert_check_local(X509_STORE_CTX *); NOEXPORT int compare_pubkeys(X509 *, X509 *); -#ifndef OPENSSL_NO_OCSP -NOEXPORT int ocsp_check(CLI *, X509_STORE_CTX *); -NOEXPORT int ocsp_request(CLI *, X509_STORE_CTX *, OCSP_CERTID *, char *); -NOEXPORT OCSP_RESPONSE *ocsp_get_response(CLI *, OCSP_REQUEST *, char *); -#endif - -/* utility functions */ -#ifndef OPENSSL_NO_OCSP -NOEXPORT X509 *get_current_issuer(X509_STORE_CTX *); -NOEXPORT void log_time(const int, const char *, ASN1_TIME *); -#endif /**************************************** verify initialization */ int verify_init(SERVICE_OPTIONS *section) { int verify_mode=0; - /* CA initialization */ - if(section->ca_file || section->ca_dir) { - if(!SSL_CTX_load_verify_locations(section->ctx, - section->ca_file, section->ca_dir)) { - sslerror("SSL_CTX_load_verify_locations"); + if(init_ca(section)) { + if(section->option.verify_chain || section->option.verify_peer) { + s_log(LOG_ERR, "No trusted certificates found"); return 1; /* FAILED */ } + s_log(LOG_INFO, "No trusted certificates found"); } - if(section->ca_file && !section->option.client) - set_client_CA_list(section); /* only performed on the server */ - - /* CRL initialization */ - if(section->crl_file || section->crl_dir) - if(crl_init(section)) - return 1; /* FAILED */ + if(init_crl(section)) + return 1; /* FAILED */ /* verify callback setup */ if(section->option.request_cert) { @@ -95,24 +78,71 @@ int verify_init(SERVICE_OPTIONS *section) { verify_mode|=SSL_VERIFY_FAIL_IF_NO_PEER_CERT; } SSL_CTX_set_verify(section->ctx, verify_mode, verify_callback); + auth_warnings(section); return 0; /* OK */ } -/* trusted CA names sent to clients for client cert selection */ -NOEXPORT void set_client_CA_list(SERVICE_OPTIONS *section) { - STACK_OF(X509_NAME) *ca_dn; +NOEXPORT int init_ca(SERVICE_OPTIONS *section) { + STACK_OF(X509_NAME) *ca_dn=NULL; +#ifndef OPENSSL_NO_ENGINE + NAME_LIST *ptr; +#endif + + /* CA initialization with the file and/or directory */ + if(section->ca_file || section->ca_dir) { + if(!SSL_CTX_load_verify_locations(section->ctx, + section->ca_file, section->ca_dir)) { + sslerror("SSL_CTX_load_verify_locations"); + } + } + + ca_dn=sk_X509_NAME_new_null(); + +#ifndef OPENSSL_NO_ENGINE + /* CA and client CA list initialization with the engine */ + for(ptr=section->ca_engine; ptr; ptr=ptr->next) { + X509 *cert=engine_get_cert(section->engine, ptr->name); + if(cert) { + X509_STORE_add_cert(SSL_CTX_get_cert_store(section->ctx), cert); + sk_X509_NAME_push(ca_dn, + X509_NAME_dup(X509_get_subject_name(cert))); + X509_free(cert); + } else { + s_log(LOG_ERR, "CAengine failed to retrieve \"%s\"", ptr->name); + } + } +#endif - s_log(LOG_DEBUG, "Client CA list: %s", section->ca_file); - ca_dn=SSL_load_client_CA_file(section->ca_file); - SSL_CTX_set_client_CA_list(section->ctx, ca_dn); - print_client_CA_list(ca_dn); + /* client CA list initialization with the file and/or directory */ + if(section->ca_file) + SSL_add_file_cert_subjects_to_stack(ca_dn, section->ca_file); + if(section->ca_dir) + SSL_add_dir_cert_subjects_to_stack(ca_dn, section->ca_dir); + + if(!sk_X509_NAME_num(ca_dn)) { + sk_X509_NAME_pop_free(ca_dn, X509_NAME_free); + return 1; /* FAILED */ + } + + if(section->option.client) { + print_CA_list("Configured trusted server CA", ca_dn); + sk_X509_NAME_pop_free(ca_dn, X509_NAME_free); + } else { /* only set the client CA list on the server */ + print_CA_list("Configured trusted client CA", ca_dn); + SSL_CTX_set_client_CA_list(section->ctx, ca_dn); + } + + return 0; /* OK */ } -NOEXPORT int crl_init(SERVICE_OPTIONS *section) { +NOEXPORT int init_crl(SERVICE_OPTIONS *section) { X509_STORE *store; + if(!section->crl_file && !section->crl_dir) + return 0; /* OK (nothing to initialize) */ + store=SSL_CTX_get_cert_store(section->ctx); if(section->crl_file) { if(load_file_lookup(store, section->crl_file)) @@ -210,7 +240,7 @@ NOEXPORT int verify_callback(int preverify_ok, X509_STORE_CTX *callback_ctx) { c=SSL_get_ex_data(ssl, index_ssl_cli); if(!c->opt->option.verify_chain && !c->opt->option.verify_peer) { - s_log(LOG_INFO, "Certificate verification disabled"); + s_log(LOG_INFO, "CERT: Certificate verification disabled"); return 1; /* accept */ } if(verify_checks(c, preverify_ok, callback_ctx)) @@ -251,8 +281,7 @@ NOEXPORT int verify_checks(CLI *c, return 0; /* reject */ } #ifndef OPENSSL_NO_OCSP - if((c->opt->ocsp_url || c->opt->option.aia) && - !ocsp_check(c, callback_ctx)) { + if(!ocsp_check(c, callback_ctx)) { s_log(LOG_WARNING, "Rejected by OCSP at depth=%d: %s", depth, subject); str_free(subject); return 0; /* reject */ @@ -411,347 +440,40 @@ NOEXPORT int compare_pubkeys(X509 *c1, X509 *c2) { return 1; /* accept */ } -/**************************************** OCSP checking */ - -#ifndef OPENSSL_NO_OCSP - -#ifdef DEFINE_STACK_OF -/* defined in openssl/safestack.h: - * DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char) */ -#else /* DEFINE_STACK_OF */ -#ifndef sk_OPENSSL_STRING_num -#define sk_OPENSSL_STRING_num(st) sk_num(st) -#endif /* sk_OPENSSL_STRING_num */ -#ifndef sk_OPENSSL_STRING_value -#define sk_OPENSSL_STRING_value(st, i) sk_value((st),(i)) -#endif /* sk_OPENSSL_STRING_value */ -#endif /* DEFINE_STACK_OF */ - -NOEXPORT int ocsp_check(CLI *c, X509_STORE_CTX *callback_ctx) { - X509 *cert; - OCSP_CERTID *cert_id; - STACK_OF(OPENSSL_STRING) *aia; - int i, ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN, saved_error; - char *url; - - /* the original error code is restored unless we report our own error */ - saved_error=X509_STORE_CTX_get_error(callback_ctx); - - /* get the current certificate ID */ - cert=X509_STORE_CTX_get_current_cert(callback_ctx); - if(!cert) { - s_log(LOG_ERR, "OCSP: Failed to get the current certificate"); - X509_STORE_CTX_set_error(callback_ctx, - X509_V_ERR_APPLICATION_VERIFICATION); - return 0; /* reject */ - } - if(!X509_NAME_cmp(X509_get_subject_name(cert), - X509_get_issuer_name(cert))) { - s_log(LOG_DEBUG, "OCSP: Ignoring root certificate"); - return 1; /* accept */ - } - cert_id=OCSP_cert_to_id(NULL, cert, get_current_issuer(callback_ctx)); - if(!cert_id) { - sslerror("OCSP: OCSP_cert_to_id"); - X509_STORE_CTX_set_error(callback_ctx, - X509_V_ERR_APPLICATION_VERIFICATION); - return 0; /* reject */ - } - - /* use the responder specified in the configuration file */ - if(c->opt->ocsp_url) { - s_log(LOG_NOTICE, "OCSP: Connecting the configured responder \"%s\"", - c->opt->ocsp_url); - if(ocsp_request(c, callback_ctx, cert_id, c->opt->ocsp_url)!= - V_OCSP_CERTSTATUS_GOOD) { - OCSP_CERTID_free(cert_id); - return 0; /* reject */ - } - } - - /* use the responder from AIA (Authority Information Access) */ - if(c->opt->option.aia && (aia=X509_get1_ocsp(cert))!=NULL) { - for(i=0; iopt->option.nonce) - OCSP_request_add1_nonce(request, NULL, -1); - - /* send the request and get a response */ - response=ocsp_get_response(c, request, url); - if(!response) - goto cleanup; - response_status=OCSP_response_status(response); - if(response_status!=OCSP_RESPONSE_STATUS_SUCCESSFUL) { - s_log(LOG_ERR, "OCSP: Responder error: %d: %s", - response_status, OCSP_response_status_str(response_status)); - goto cleanup; - } +X509 *engine_get_cert(ENGINE *engine, const char *id) { + struct { + const char *id; + X509 *cert; + } parms; - /* verify the response */ - basic_response=OCSP_response_get1_basic(response); - if(!basic_response) { - sslerror("OCSP: OCSP_response_get1_basic"); - goto cleanup; - } - if(c->opt->option.nonce && OCSP_check_nonce(request, basic_response)<=0) { - s_log(LOG_ERR, "OCSP: Invalid or unsupported nonce"); - goto cleanup; - } - if(OCSP_basic_verify(basic_response, - X509_STORE_CTX_get0_chain(callback_ctx), - SSL_CTX_get_cert_store(c->opt->ctx), c->opt->ocsp_flags)<=0) { - sslerror("OCSP: OCSP_basic_verify"); - goto cleanup; - } - if(!OCSP_resp_find_status(basic_response, cert_id, &ocsp_status, &reason, - &revoked_at, &this_update, &next_update)) { - sslerror("OCSP: OCSP_resp_find_status"); - goto cleanup; - } - s_log(LOG_INFO, "OCSP: Status: %s", OCSP_cert_status_str(ocsp_status)); - log_time(LOG_INFO, "OCSP: This update", this_update); - log_time(LOG_INFO, "OCSP: Next update", next_update); - /* check if the response is valid for at least one minute */ - if(!OCSP_check_validity(this_update, next_update, 60, -1)) { - sslerror("OCSP: OCSP_check_validity"); - ocsp_status=V_OCSP_CERTSTATUS_UNKNOWN; - goto cleanup; - } - switch(ocsp_status) { - case V_OCSP_CERTSTATUS_GOOD: - s_log(LOG_NOTICE, "OCSP: Certificate accepted"); - break; - case V_OCSP_CERTSTATUS_REVOKED: - if(reason==-1) - s_log(LOG_ERR, "OCSP: Certificate revoked"); - else - s_log(LOG_ERR, "OCSP: Certificate revoked: %d: %s", - reason, OCSP_crl_reason_str(reason)); - log_time(LOG_NOTICE, "OCSP: Revoked at", revoked_at); - ctx_err=X509_V_ERR_CERT_REVOKED; - break; - case V_OCSP_CERTSTATUS_UNKNOWN: - s_log(LOG_WARNING, "OCSP: Unknown verification status"); - } -cleanup: - if(request) - OCSP_REQUEST_free(request); - if(response) - OCSP_RESPONSE_free(response); - if(basic_response) - OCSP_BASICRESP_free(basic_response); - if(ocsp_status!=V_OCSP_CERTSTATUS_GOOD) - X509_STORE_CTX_set_error(callback_ctx, ctx_err); - return ocsp_status; + parms.id=id; + parms.cert=NULL; + ENGINE_ctrl_cmd(engine, "LOAD_CERT_CTRL", 0, &parms, NULL, 1); + if(!parms.cert) + sslerror("ENGINE_ctrl_cmd"); + return parms.cert; } -NOEXPORT OCSP_RESPONSE *ocsp_get_response(CLI *c, - OCSP_REQUEST *req, char *url) { - BIO *bio=NULL; - OCSP_REQ_CTX *req_ctx=NULL; - OCSP_RESPONSE *resp=NULL; - char *host=NULL, *port=NULL, *path=NULL; - SOCKADDR_UNION addr; - int ssl; - - /* parse the OCSP URL */ - if(!OCSP_parse_url(url, &host, &port, &path, &ssl)) { - s_log(LOG_ERR, "OCSP: Failed to parse the OCSP URL"); - goto cleanup; - } - if(ssl) { - s_log(LOG_ERR, "OCSP: TLS not supported for OCSP" - " - an additional stunnel service needs to be defined"); - goto cleanup; - } - if(!hostport2addr(&addr, host, port, 0)) { - s_log(LOG_ERR, "OCSP: Failed to resolve the OCSP responder address"); - goto cleanup; - } - - /* connect specified OCSP responder */ - c->fd=s_socket(addr.sa.sa_family, SOCK_STREAM, 0, 1, "OCSP: socket"); - if(c->fd==INVALID_SOCKET) - goto cleanup; - if(s_connect(c, &addr, addr_len(&addr))) - goto cleanup; - bio=BIO_new_socket((int)c->fd, BIO_NOCLOSE); - if(!bio) { - sslerror("OCSP: BIO_new_socket"); - goto cleanup; - } - s_log(LOG_DEBUG, "OCSP: Connected %s:%s", host, port); - - /* initialize an HTTP request with the POST method */ -#if OPENSSL_VERSION_NUMBER>=0x10000000L - req_ctx=OCSP_sendreq_new(bio, path, NULL, -1); -#else - /* there is no way to send the Host header with older OpenSSL versions */ - req_ctx=OCSP_sendreq_new(bio, path, req, -1); -#endif - if(!req_ctx) { - sslerror("OCSP: OCSP_sendreq_new"); - goto cleanup; - } -#if OPENSSL_VERSION_NUMBER>=0x10000000L - /* add the HTTP headers */ - if(!OCSP_REQ_CTX_add1_header(req_ctx, "Host", host)) { - sslerror("OCSP: OCSP_REQ_CTX_add1_header"); - goto cleanup; - } - if(!OCSP_REQ_CTX_add1_header(req_ctx, "User-Agent", "stunnel")) { - sslerror("OCSP: OCSP_REQ_CTX_add1_header"); - goto cleanup; - } - /* add the remaining HTTP headers and the OCSP request body */ - if(!OCSP_REQ_CTX_set1_req(req_ctx, req)) { - sslerror("OCSP: OCSP_REQ_CTX_set1_req"); - goto cleanup; - } #endif - /* OCSP protocol communication loop */ - while(OCSP_sendreq_nbio(&resp, req_ctx)==-1) { - s_poll_init(c->fds, 0); - s_poll_add(c->fds, c->fd, BIO_should_read(bio), BIO_should_write(bio)); - switch(s_poll_wait(c->fds, c->opt->timeout_busy, 0)) { - case -1: - sockerror("OCSP: s_poll_wait"); - goto cleanup; - case 0: - s_log(LOG_INFO, "OCSP: s_poll_wait: TIMEOUTbusy exceeded"); - goto cleanup; - } - } -#if 0 - s_log(LOG_DEBUG, "OCSP: context state: 0x%x", *(int *)req_ctx); -#endif - /* http://www.mail-archive.com/openssl-users@openssl.org/msg61691.html */ - if(resp) { - s_log(LOG_DEBUG, "OCSP: Response received"); - } else { - if(ERR_peek_error()) - sslerror("OCSP: OCSP_sendreq_nbio"); - else /* OpenSSL error: OCSP_sendreq_nbio does not use OCSPerr */ - s_log(LOG_ERR, "OCSP: OCSP_sendreq_nbio: OpenSSL internal error"); - } - -cleanup: - if(req_ctx) - OCSP_REQ_CTX_free(req_ctx); - if(bio) - BIO_free_all(bio); - if(c->fd!=INVALID_SOCKET) { - closesocket(c->fd); - c->fd=INVALID_SOCKET; /* avoid double close on cleanup */ - } - if(host) - OPENSSL_free(host); - if(port) - OPENSSL_free(port); - if(path) - OPENSSL_free(path); - return resp; -} - -/* find the issuer certificate without lookups */ -NOEXPORT X509 *get_current_issuer(X509_STORE_CTX *callback_ctx) { - STACK_OF(X509) *chain; - int depth; - - chain=X509_STORE_CTX_get0_chain(callback_ctx); - depth=X509_STORE_CTX_get_error_depth(callback_ctx); - if(depth + * Copyright (C) 1998-2023 Michal Trojnara * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -65,7 +65,7 @@ /* START CUSTOMIZE */ #define VERSION_MAJOR 5 -#define VERSION_MINOR 65 +#define VERSION_MINOR 71 /* END CUSTOMIZE */ /* all the following macros are ABSOLUTELY NECESSARY to have proper string diff --git a/tests/Makefile.am b/tests/Makefile.am index cfcb385a..c184f938 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 SUBDIRS = certs @@ -11,7 +11,7 @@ check-local: for v in $$(seq 20 -1 7); do command -v python3.$$v && python3.$$v $(srcdir)/maketest.py --debug=10 --libs=$(SSLDIR)/lib64:$(SSLDIR)/lib && break; done dist-hook: - rm -rf __pycache__ plugins/__pycache__ + rm -rf $(distdir)/__pycache__ $(distdir)/plugins/__pycache__ distclean-local: rm -f logs/*.log diff --git a/tests/Makefile.in b/tests/Makefile.in index aacd3e2e..81e3d85d 100644 --- a/tests/Makefile.in +++ b/tests/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -244,9 +244,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -314,7 +311,6 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ SUBDIRS = certs EXTRA_DIST = maketest.py plugin_collection.py reader.py error.py plugins all: all-recursive @@ -643,7 +639,7 @@ check-local: for v in $$(seq 20 -1 7); do command -v python3.$$v && python3.$$v $(srcdir)/maketest.py --debug=10 --libs=$(SSLDIR)/lib64:$(SSLDIR)/lib && break; done dist-hook: - rm -rf __pycache__ plugins/__pycache__ + rm -rf $(distdir)/__pycache__ $(distdir)/plugins/__pycache__ distclean-local: rm -f logs/*.log diff --git a/tests/certs/Makefile.am b/tests/certs/Makefile.am index fd280b73..17f90920 100644 --- a/tests/certs/Makefile.am +++ b/tests/certs/Makefile.am @@ -1,7 +1,9 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 -EXTRA_DIST = maketestcert.sh openssltest.cnf +EXTRA_DIST = maketestcert.sh openssl_root.cnf openssl_intermediate.cnf + +CLEANFILES = makecerts.log check-local: $(srcdir)/maketestcert.sh diff --git a/tests/certs/Makefile.in b/tests/certs/Makefile.in index 2744a9f5..6a21679a 100644 --- a/tests/certs/Makefile.in +++ b/tests/certs/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ @@ -186,9 +186,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -256,8 +253,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ -EXTRA_DIST = maketestcert.sh openssltest.cnf +EXTRA_DIST = maketestcert.sh openssl_root.cnf openssl_intermediate.cnf +CLEANFILES = makecerts.log all: all-am .SUFFIXES: @@ -362,6 +359,7 @@ install-strip: mostlyclean-generic: clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) diff --git a/tests/certs/maketestcert.sh b/tests/certs/maketestcert.sh index 3c4f8b5f..cbcaaf31 100755 --- a/tests/certs/maketestcert.sh +++ b/tests/certs/maketestcert.sh @@ -1,15 +1,14 @@ -#!/bin/sh +# How to run mini OCSP servers: +# openssl ocsp -index tests/certs/index.txt -port 19253 -rsigner tests/certs/inter_ocsp.pem -CA tests/certs/CACert.pem +# openssl ocsp -index tests/certs/index.txt -port 19254 -rsigner tests/certs/leaf_ocsp.pem -CA tests/certs/intermediateCA.pem -ddays=1461 +#!/bin/sh result_path=$(pwd) cd $(dirname "$0") script_path=$(pwd) cd "${result_path}" -mkdir "tmp/" - -# create new psk secrets gen_psk () { tr -c -d 'A-Za-z0-9' > "maketestcert.log" | head -c 50 > tmp/psk.txt if [ -s tmp/psk.txt ] @@ -21,84 +20,195 @@ gen_psk () { rm -f tmp/psk.txt } + +################################################################################ +# OpenSSL settings +################################################################################ +TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH +LD_LIBRARY_PATH="" +OPENSSL=openssl + +mkdir "tmp/" export LC_ALL=C +mkdir "CA/" 2>> "maketestcert.log" 1>&2 +touch "CA/index.txt" +echo -n "unique_subject = no" > "CA/index.txt.attr" +"$OPENSSL" rand -hex 16 > "CA/serial" +echo 1001 > "CA/crlnumber" +date > "maketestcert.log" +"$OPENSSL" version 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Create new psk secrets +################################################################################ gen_psk 1 cat tmp/psk1.txt > tmp/secrets.txt 2>> "maketestcert.log" gen_psk 2 cat tmp/psk2.txt >> tmp/secrets.txt 2>> "maketestcert.log" gen_psk 2 -# OpenSSL settings -TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH -LD_LIBRARY_PATH="" -OPENSSL=openssl -CONF="${script_path}/openssltest.cnf" - -mkdir "demoCA/" -touch "demoCA/index.txt" -touch "demoCA/index.txt.attr" -echo 1000 > "demoCA/serial" -# generate a self-signed certificate -$OPENSSL req -config $CONF -new -x509 -days $ddays -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ +################################################################################ +# self-signed certificate +################################################################################ +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" req -config $CONF -new -x509 -keyout tmp/stunnel.pem -out tmp/stunnel.pem \ -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost/emailAddress=stunnel@example.com" \ - 1>&2 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 -# generate root CA certificate -$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \ - -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \ - 1>&2 2>> "maketestcert.log" -# generate a certificate to revoke -$OPENSSL genrsa -out demoCA/revoked.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/revoked.key -out demoCA/revoked.csr \ +################################################################################ +# Root CA certificate +################################################################################ +"$OPENSSL" genrsa -out CA/CA.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -x509 -days 3600 -key CA/CA.key -out tmp/CACert.pem \ + -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Intermediate CA certificate +################################################################################ +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/intermediateCA.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config "$CONF" -new -key CA/intermediateCA.key -out CA/intermediateCA.csr \ + -subj "/C=PL/O=Stunnel Developers/OU=Intermediate CA/CN=Intermediate CA" \ + 2>> "maketestcert.log" 1>&2 + +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" ca -config "$CONF" -batch -in CA/intermediateCA.csr -out CA/intermediateCA.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/intermediateCA.cer -out tmp/intermediateCA.pem \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Revoked certificate chain +################################################################################ +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/revoked.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/revoked.key -out CA/revoked.csr \ -subj "/C=PL/O=Stunnel Developers/OU=revoked/CN=revoked/emailAddress=revoked@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked_cert.pem 1>&2 2>> "maketestcert.log" -cat demoCA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/revoked.csr -out CA/revoked.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/revoked.cer -out tmp/revoked_cert.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/revoked_cert.pem 2>> "maketestcert.log" # revoke above certificate and generate CRL file -$OPENSSL ca -config $CONF -revoke demoCA/1000.pem 1>&2 2>> "maketestcert.log" -$OPENSSL ca -config $CONF -gencrl -crldays $ddays -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log" - -# generate a client certificate -$OPENSSL genrsa -out demoCA/client.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/client.key -out demoCA/client.csr \ - -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/client.cer -out tmp/client_cert.pem 1>&2 2>> "maketestcert.log" -cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log" -cat demoCA/client.key >> tmp/client_cert.pem 2>> "maketestcert.log" - -# generate a server certificate -$OPENSSL genrsa -out demoCA/server.key 1>&2 2>> "maketestcert.log" -$OPENSSL req -config $CONF -new -key demoCA/server.key -out demoCA/server.csr \ +"$OPENSSL" ca -config $CONF -revoke CA/revoked.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -gencrl -crldays 1461 -out tmp/CACertCRL.pem \ + 2>> "maketestcert.log" 1>&2 + + +################################################################################ +# Server certificate chain +################################################################################ +"$OPENSSL" genrsa -out CA/server.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/server.key -out CA/server.csr \ -subj "/C=PL/O=Stunnel Developers/OU=server/CN=server/emailAddress=server@example.com" \ - 1>&2 2>> "maketestcert.log" - -$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log" - -$OPENSSL x509 -in demoCA/server.cer -out tmp/server_cert.pem 1>&2 2>> "maketestcert.log" + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/server.csr -out CA/server.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/server.cer -out tmp/server_cert.pem \ + 2>> "maketestcert.log" 1>&2 cat tmp/server_cert.pem >> tmp/PeerCerts.pem 2>> "maketestcert.log" -cat demoCA/server.key >> tmp/server_cert.pem 2>> "maketestcert.log" +cat CA/server.key >> tmp/server_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/server_cert.pem 2>> "maketestcert.log" -# create a PKCS#12 file with a server certificate -$OPENSSL pkcs12 -export -certpbe pbeWithSHA1And3-KeyTripleDES-CBC -in tmp/server_cert.pem -out tmp/server_cert.p12 -passout pass: 1>&2 2>> "maketestcert.log" +# create a PKCS#12 file with a server certificate chain +"$OPENSSL" pkcs12 -export -certpbe pbeWithSHA1And3-KeyTripleDES-CBC \ + -in tmp/server_cert.pem -out tmp/server_cert.p12 -passout pass: \ + 2>> "maketestcert.log" 1>&2 -# copy new files -if [ -s tmp/stunnel.pem ] && [ -s tmp/CACert.pem ] && [ -s tmp/CACertCRL.pem ] && \ - [ -s tmp/revoked_cert.pem ] && [ -s tmp/client_cert.pem ] && [ -s tmp/server_cert.pem ] && \ - [ -s tmp/PeerCerts.pem ] && [ -s tmp/server_cert.p12 ] && \ - [ -s tmp/psk1.txt ] && [ -s tmp/psk2.txt ] && [ -s tmp/secrets.txt ] + +################################################################################ +# Client certificate chain +################################################################################ +"$OPENSSL" genrsa -out CA/client.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/client.key -out CA/client.csr \ + -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/client.csr -out CA/client.cer \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/client.cer -out tmp/client_cert.pem \ + 2>> "maketestcert.log" 1>&2 +cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log" +cat CA/client.key >> tmp/client_cert.pem 2>> "maketestcert.log" +cat tmp/intermediateCA.pem >> tmp/client_cert.pem 2>> "maketestcert.log" + + +################################################################################ +# OCSP certificates with XKU_OCSP_SIGN +# openssl ocsp -port 19253 -index index.txt -rsigner inter_ocsp.pem -CA CACert.pem -nmin 1 +# openssl ocsp -port 19254 -index index.txt -rsigner leaf_ocsp.pem -CA intermediateCA.pem -nmin 1 +################################################################################ +CONF="${script_path}/openssl_root.cnf" +"$OPENSSL" genrsa -out CA/inter_ocsp.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/inter_ocsp.key -out CA/inter_ocsp.csr \ + -extensions v3_OCSP \ + -subj "/C=PL/O=Stunnel Developers/OU=Intermediate OCSP/CN=inter_ocsp/emailAddress=inter_ocsp@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/inter_ocsp.csr -out CA/inter_ocsp.cer \ + -extensions v3_OCSP \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/inter_ocsp.cer -out tmp/inter_ocsp.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/inter_ocsp.key >> tmp/inter_ocsp.pem 2>> "maketestcert.log" + +CONF="${script_path}/openssl_intermediate.cnf" +"$OPENSSL" genrsa -out CA/leaf_ocsp.key \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" req -config $CONF -new -key CA/leaf_ocsp.key -out CA/leaf_ocsp.csr \ + -extensions v3_OCSP \ + -subj "/C=PL/O=Stunnel Developers/OU=Leaf OCSP/CN=leaf_ocsp/emailAddress=leaf_ocsp@example.com" \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" ca -config $CONF -batch -in CA/leaf_ocsp.csr -out CA/leaf_ocsp.cer \ + -extensions v3_OCSP \ + 2>> "maketestcert.log" 1>&2 +"$OPENSSL" x509 -in CA/leaf_ocsp.cer -out tmp/leaf_ocsp.pem \ + 2>> "maketestcert.log" 1>&2 +cat CA/leaf_ocsp.key >> tmp/leaf_ocsp.pem 2>> "maketestcert.log" + + +################################################################################ +# OCSP certificates without XKU_OCSP_SIGN +# Don't include any certificates in the OCSP response +# openssl ocsp -port 19253 -index index.txt -rsigner CA_ocsp.pem -CA CACert.pem -nmin 1 -resp_no_certs +# openssl ocsp -port 19254 -index index.txt -rsigner interCA_ocsp.pem -CA intermediateCA.pem -nmin 1 -resp_no_certs +################################################################################ +cat tmp/CACert.pem >> tmp/CA_ocsp.pem 2>> "makecerts.log" +cat CA/CA.key >> tmp/CA_ocsp.pem 2>> "makecerts.log" +cat tmp/intermediateCA.pem >> tmp/interCA_ocsp.pem 2>> "makecerts.log" +cat CA/intermediateCA.key >> tmp/interCA_ocsp.pem 2>> "makecerts.log" + + +################################################################################ +# Copy new files +################################################################################ +if test -s tmp/CACert.pem -a -s tmp/CACertCRL.pem \ + -a -s tmp/intermediateCA.pem \ + -a -s tmp/stunnel.pem -a -s tmp/revoked_cert.pem \ + -a -s tmp/client_cert.pem -a -s tmp/server_cert.pem \ + -a -s tmp/server_cert.p12 \ + -a -s tmp/inter_ocsp.pem -a -s tmp/leaf_ocsp.pem \ + -a -s tmp/CA_ocsp.pem -a -s tmp/interCA_ocsp.pem \ + -a -s tmp/PeerCerts.pem -a -s tmp/secrets.txt \ + -a -s tmp/psk1.txt -a -s tmp/psk2.txt \ + -a -s CA/index.txt then - cp tmp/* ./ + cp tmp/* ../certs + cp CA/index.txt ../certs printf "%s\n" "keys & certificates successfully generated" printf "%s\n" "./maketestcert.sh finished" rm -f "maketestcert.log" @@ -107,8 +217,11 @@ if [ -s tmp/stunnel.pem ] && [ -s tmp/CACert.pem ] && [ -s tmp/CACertCRL.pem ] & printf "%s\n" "error logs ${result_path}/maketestcert.log" fi -# remove the working directory -rm -rf "demoCA/" + +################################################################################ +# Remove the working directory +################################################################################ +rm -rf "CA/" rm -rf "tmp/" # restore settings diff --git a/tests/certs/openssl_intermediate.cnf b/tests/certs/openssl_intermediate.cnf new file mode 100644 index 00000000..25bbdc84 --- /dev/null +++ b/tests/certs/openssl_intermediate.cnf @@ -0,0 +1,74 @@ +# OpenSSL intermediate CA configuration file + +[ default ] +name = intermediateCA +default_ca = CA_default + +[ CA_default ] +# Directory and file locations. +dir = . +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial +rand_serial = yes +private_key = $dir/CA/$name.key +certificate = $dir/tmp/$name.pem +crlnumber = $dir/CA/crlnumber +crl_extensions = crl_ext +default_md = sha256 +preserve = no +policy = policy_loose +default_days = 2200 +x509_extensions = usr_cert + +[ crl_ext ] +authorityKeyIdentifier = keyid:always + +[ v3_OCSP ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning + +[ req ] +# Options for the `req` tool +encrypt_key = no +default_bits = 2048 +default_md = sha256 +string_mask = utf8only +x509_extensions = usr_extensions +distinguished_name = req_distinguished_name + +[ usr_cert ] +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid, issuer +authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp + +[ usr_extensions ] +# Extension to add when the -x509 option is used +basicConstraints = CA:FALSE +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +keyUsage = critical, digitalSignature, keyCertSign + +[ policy_loose ] +# Allow the intermediate CA to sign a more diverse range of certificates. +# See the POLICY FORMAT section of the `ca` man page. +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +stateOrProvinceName = State or Province Name +localityName = Locality Name +0.organizationName = Organization Name +organizationalUnitName = Organizational Unit Name +commonName = Common Name +emailAddress = Email Address diff --git a/tests/certs/openssltest.cnf b/tests/certs/openssl_root.cnf similarity index 61% rename from tests/certs/openssltest.cnf rename to tests/certs/openssl_root.cnf index f95c9c6a..c3438458 100644 --- a/tests/certs/openssltest.cnf +++ b/tests/certs/openssl_root.cnf @@ -6,20 +6,31 @@ default_ca = CA_default [ CA_default ] # Directory and file locations. dir = . -certs = $dir/demoCA -crl_dir = $dir/demoCA -new_certs_dir = $dir/demoCA -database = $dir/demoCA/index.txt -serial = $dir/demoCA/serial +certs = $dir/CA +crl_dir = $dir/CA +new_certs_dir = $dir/CA +database = $dir/CA/index.txt +serial = $dir/CA/serial +rand_serial = yes +private_key = $dir/CA/CA.key +certificate = $dir/tmp/CACert.pem crl_extensions = crl_ext default_md = sha256 preserve = no policy = policy_match -x509_extensions = usr_cert -private_key = $dir/demoCA/CA.key -certificate = $dir/tmp/CACert.pem +default_days = 3000 +x509_extensions = v3_intermediate_ca + +[ crl_ext ] +authorityKeyIdentifier = keyid:always + +[ v3_OCSP ] +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = OCSPSigning [ req ] +# Options for the `req` tool encrypt_key = no default_bits = 2048 default_md = sha256 @@ -27,20 +38,21 @@ string_mask = utf8only x509_extensions = ca_extensions distinguished_name = req_distinguished_name -[ crl_ext ] -authorityKeyIdentifier = keyid:always - -[ usr_cert ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid, issuer - [ ca_extensions ] +# Extension to add when the -x509 option is used basicConstraints = critical, CA:true subjectKeyIdentifier = hash authorityKeyIdentifier = keyid:always,issuer keyUsage = critical, digitalSignature, cRLSign, keyCertSign +[ v3_intermediate_ca ] +# Extensions for a typical intermediate CA (`man x509v3_config`) +basicConstraints = critical, CA:true, pathlen:0 +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always,issuer +keyUsage = critical, digitalSignature, cRLSign, keyCertSign +authorityInfoAccess = OCSP;URI:http://127.0.0.1:19254/ocsp + [ policy_match ] countryName = match organizationName = match diff --git a/tests/maketest.py b/tests/maketest.py index 8443dbc0..e48ac02f 100644 --- a/tests/maketest.py +++ b/tests/maketest.py @@ -7,6 +7,7 @@ import asyncio import contextlib import dataclasses +import http.client import logging import os import pathlib @@ -17,6 +18,7 @@ import subprocess import sys import tempfile +import threading from typing import ( Any, @@ -28,7 +30,13 @@ Optional, TypeVar ) - +from datetime import datetime, timedelta, timezone +from functools import partial +from urllib.parse import urlparse +from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.x509 import load_pem_x509_certificate, ocsp, ReasonFlags +from cryptography.x509 import SubjectKeyIdentifier, ExtensionNotFound, OCSPNonce from plugin_collection import PluginCollection EXIT_SUCCESS = 0 @@ -39,6 +47,8 @@ DEFAULT_CERTS = os.path.join(RESULT_PATH, "certs") DEFAULT_LOGS = os.path.join(RESULT_PATH, "logs") DEFAULT_LEVEL = logging.INFO +DEFAULT_PORT = 19254 +OCSP_INDEX=os.path.join(DEFAULT_CERTS, "index.txt") RE_STUNNEL_VERSION = re.compile( r""" ^ @@ -61,8 +71,18 @@ RE_LINE_IDX = re.compile(r" ^ Hello \s+ (?P 0 | [1-9][0-9]* ) $ ", re.X) -class UnsupportedOpenSSL(Exception): - """Unsupported version of OpenSSL""" +class UnsupportedVersion(Exception): + """Unsupported version""" + + +class OutputError(Exception): + """Output error + Logging: Something went wrong + """ + + +class UnexpectedWarning(Exception): + """Unexpected warning""" @dataclasses.dataclass(frozen=True) @@ -73,7 +93,7 @@ class LogEvent(): log: str -TLogEvent = TypeVar("TEvent", bound=LogEvent) +TypeLogEvent = TypeVar("TypeLogEvent", bound=LogEvent) @dataclasses.dataclass(frozen=True) @@ -175,6 +195,7 @@ class Config(NamedTuple): results: pathlib.Path summary: pathlib.Path debug: int + port: int class TestConnections(NamedTuple): @@ -245,17 +266,17 @@ async def process_client(self, evt: ListenerClientEvent) -> None: if evt.etype == "client_send_data": conn = conns.by_id.get(evt.idx) if conn is None: - raise Exception("Listener reported unknown connection") + raise OutputError("Listener reported unknown connection") if conn.peer is not None: - raise Exception(f"Listener reported bad conn {conn!r}") + raise OutputError(f"Listener reported bad conn {conn!r}") conn.peer = peer return if evt.etype != "client_connected": - raise Exception(f"Expected 'client connected' first, got {evt.etype}") + raise OutputError(f"Expected 'client connected' first, got {evt.etype}") conns.pending[peer] = [evt] - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -272,7 +293,7 @@ async def remove_connection(self, evt: ConnectionDoneEvent, num: int) -> None: conns = evt.conns conn = conns.by_id.get(evt.idx) if conn is None: - raise Exception("No connection") + raise OutputError("No connection") del conns.by_id[evt.idx] if conn.peer is None: await self.cfg.mainq.put( @@ -305,7 +326,7 @@ async def remove_connection(self, evt: ConnectionDoneEvent, num: int) -> None: ) return num - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -326,14 +347,11 @@ async def process_events(self, logger: logging.Logger) -> None: while True: evt = await self.cfg.mainq.get() self.log_event(evt, logger) - if evt.etype == "cleanup_event" or evt.etype == "output_event" \ - or evt.etype == "fatal_event": + if evt.etype in ["cleanup_event", "output_event", "fatal_event"]: await self.cfg.resq.put(evt) - elif evt.etype == "stunnel_event" or evt.etype == "result_event" \ - or evt.etype == "all_connections_event": + elif evt.etype in ["stunnel_event", "result_event", "all_connections_event"]: await self.cfg.logsq.put(evt) - elif evt.etype == "client_connected" or evt.etype == "client_send_data" \ - or evt.etype == "client_done": + elif evt.etype in ["client_connected", "client_send_data", "client_done"]: await self.process_client(evt) elif evt.etype == "connection_done_event": await self.cfg.logsq.put(evt) @@ -353,7 +371,7 @@ async def check_version(self, cmd_str: str, p_err: str) -> None: tag = "check_version" lines = p_err.splitlines() if not lines: - raise Exception(f"Expected at least one line of output from `{cmd_str}`") + raise OutputError(f"Expected at least one line of output from `{cmd_str}`") openssl_version = None stunnel_version = None for line in lines: @@ -364,15 +382,16 @@ async def check_version(self, cmd_str: str, p_err: str) -> None: if match: openssl_version = match.group("version") if not openssl_version: - raise Exception("Stunnel was compiled and run with different OpenSSL versions") - """TLSv1.1 and TLSv1.2 available only with OpenSSL version 1.0.1 and later""" + raise UnsupportedVersion("Stunnel was compiled and run with different OpenSSL versions") + #TLSv1.1 and TLSv1.2 available only with OpenSSL version 1.0.1 and later if openssl_version < "1.0.1": - raise UnsupportedOpenSSL(f"OpenSSL version {openssl_version} is deprecated and not supported") + raise UnsupportedVersion( + f"OpenSSL version {openssl_version} is deprecated and not supported") if not (sys.version_info.major == 3 and sys.version_info.minor >= 7): - raise Exception("Python 3.7 or higher is required.\n" - + "You are using Python {}.{}.".format(sys.version_info.major, sys.version_info.minor)) + raise UnsupportedVersion("Python 3.7 or higher is required.\n" + + "You are using Python {sys.version_info.major}.{sys.version_info.minor}.") if not stunnel_version: - raise Exception( + raise UnsupportedVersion( f"Could not find the version line in the `{cmd_str}` output:\n" + "\n".join(lines) ) @@ -422,16 +441,16 @@ async def get_version(self, logger:logging.Logger) -> str: ) b_out, b_err = await proc.communicate() if b_out is None or b_err is None: - raise Exception("proc.communicate() failed") + raise OutputError("proc.communicate() failed") p_out, p_err = b_out.decode("UTF-8"), b_err.decode("UTF-8") logger.info(p_err) rcode = await proc.wait() if rcode != 0: print(b_out.decode("UTF-8")) print(b_err.decode("UTF-8"), file=sys.stderr) - raise Exception(f"`{cmd_str}` exited with code {rcode}") + raise OutputError(f"`{cmd_str}` exited with code {rcode}") if p_out: - raise Exception(f"`{cmd_str}` produced output on its stdout stream:\n{p_out}") + raise OutputError(f"`{cmd_str}` produced output on its stdout stream:\n{p_out}") await self.check_version(cmd_str, p_err) await self.cfg.mainq.put( LogEvent( @@ -479,7 +498,7 @@ async def set_result(self) -> str: result = "UNKNOWN" while True: evt = await self.cfg.resq.get() - if evt.etype == "output_event" or evt.etype == "fatal_event": + if evt.etype in ["output_event", "fatal_event"]: if result != "skipped": parsed = await self.parse_event(evt) if result == "UNKNOWN": @@ -523,11 +542,11 @@ def __init__(self, cfg: Config, logger: logging.Logger): ) - async def expect_event(self, msgq: asyncio.Queue[LogEvent], pattern: str) -> TLogEvent: + async def expect_event(self, msgq: asyncio.Queue[LogEvent], pattern: str) -> TypeLogEvent: """Make sure the next event in the logsq queue is of that etype.""" evt = await msgq.get() if evt.etype != pattern: - raise Exception(f"Expected {pattern}, got {evt.etype}") + raise OutputError(f"Expected {pattern}, got {evt.etype}") return evt @@ -559,8 +578,9 @@ async def start_connections(self, cfgfile: pathlib.Path, port: int) -> None: async def test_stunnel(self, cfg: Config) -> None: """Make a single test of the given stunnel configuration""" + tag = "test_stunnel" + task = None try: - tag = "test_stunnel" self.logger.info(self.params.description) await self.cfg.mainq.put(LogEvent(etype="log", level=30, log="")) await self.cfg.mainq.put( @@ -585,12 +605,12 @@ async def test_stunnel(self, cfg: Config) -> None: if cfgnew is not os.devnull: port = await self.reload_stunnel(cfgfile, cfgnew) else: - raise Exception(f"Unknown '{service}' service") + raise OutputError(f"Unknown '{service}' service") cfgfile = await self.prepare_additional_server_cfgfile(cfg, ports, lport) await self.start_connections(cfgfile, port) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: await cfg.mainq.put( LogEvent( etype="fatal_event", @@ -598,6 +618,14 @@ async def test_stunnel(self, cfg: Config) -> None: log=f"[{tag}] Something went wrong: {err}" ) ) + except asyncio.CancelledError: + await cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"[{tag}] Something went wrong: Cancelled task" + ) + ) finally: await self.cleanup_stunnels() await self.cleanup_tasks() @@ -625,9 +653,12 @@ async def stunnel_output(self, p_out: asyncio.StreamReader, service: str) -> Non LogEvent( etype="log", level=20, - log=f"[{tag}] Done with task '{service} output'" + log=f"[{tag}] Waiting for an EOF on the '{service}_output' reader" ) ) + line = await p_out.read(1) + if line: + raise OutputError(f"Did not expect to read {line!r}") return line = data.decode("UTF-8").rstrip("\r\n") @@ -650,6 +681,16 @@ async def stunnel_output(self, p_out: asyncio.StreamReader, service: str) -> Non port=port ) ) + elif re.search("Accepting new connections", line): + await self.cfg.mainq.put( + StunnelEvent( + etype="stunnel_event", + level=10, + log=f"[{tag}] Accepting new connections", + service=service, + port=0 + ) + ) elif re.search(r"Service \[inetd\] started", line): await self.cfg.mainq.put( StunnelEvent( @@ -677,11 +718,19 @@ async def stunnel_output(self, p_out: asyncio.StreamReader, service: str) -> Non level=30, log=f"[{tag}] Stunnel '{service}' configuration failed", service=service, - port=0 + port=-1 ) ) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"[{tag}] Something went wrong: {err}" + ) + ) + except OSError as err: await self.cfg.mainq.put( StunnelEvent( etype="stunnel_event", @@ -713,14 +762,15 @@ async def run_stunnel(self, cfgfile: pathlib.Path, service: str) -> int: ) ) self.cfg.children[Keys(pid=proc.pid, service=service)] = proc - asyncio.create_task(self.stunnel_output(proc.stderr, service)) + self.cfg.tasks[f"{service}_output"] = asyncio.create_task( + self.stunnel_output(proc.stderr, service)) async def check_listening_port(self, port:int, service: str) -> int: """Raise exception if configuration failed.""" tag = "check_listening_port" - if port == 0: - raise Exception(f"stunnel \'{service}\' failed") + if port == -1: + raise OutputError(f"stunnel \'{service}\' failed") await self.cfg.mainq.put( LogEvent( etype="log", @@ -730,6 +780,13 @@ async def check_listening_port(self, port:int, service: str) -> int: ) + async def accepting_connections(self, port:int, service: str) -> int: + """If stunnel bound, expect log: Accepting new connections.""" + await self.check_listening_port(port, service) + if int(port) > 0: + await self.expect_event(self.cfg.logsq, "stunnel_event") + + async def start_stunnel(self, cfgfile: pathlib.Path, service: str) -> int: """Launch the stunnel with the specified config file.""" tag = "start_stunnel" @@ -757,7 +814,7 @@ async def start_stunnel(self, cfgfile: pathlib.Path, service: str) -> int: ) ) evt = await self.expect_event(self.cfg.logsq, "stunnel_event") - await self.check_listening_port(evt.port, evt.service) + await self.accepting_connections(evt.port, evt.service) return evt.port @@ -924,7 +981,7 @@ async def client_connected_cb( try: match = RE_LINE_IDX.match(line.decode("UTF-8")) if not match: - raise Exception(f"Server received unexpected message: {line!r}") + raise OutputError(f"Server received unexpected message: {line!r}") idx = int(match.group("idx")) await self.cfg.mainq.put( ClientSendDataEvent( @@ -946,7 +1003,15 @@ async def client_connected_cb( log=f"[{tag}] The server sent data to the client #{idx}: {line!r}", ) ) - except Exception as err: # pylint: disable=broad-except + except OutputError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"[{tag}] Something went wrong: {err}" + ) + ) + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -962,17 +1027,27 @@ async def client_connected_cb( log=f"[{tag}] Closing down the server writer socket" ) ) - server_writer.close() - await server_writer.wait_closed() - await self.cfg.mainq.put( - ListenerClientEvent( - etype="client_done", - level=10, - log=f"[{tag}] The 'listener' task closed a connection to the client", - peer=peer, - conns=self.conns + try: + server_writer.close() + await server_writer.wait_closed() + except ConnectionResetError as err: + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=20, + log=f"[{tag}] Handling {peer}: {err}" + ) + ) + finally: + await self.cfg.mainq.put( + ListenerClientEvent( + etype="client_done", + level=10, + log=f"[{tag}] The 'listener' task closed a connection", + peer=peer, + conns=self.conns + ) ) - ) async def start_listener(self) -> int: @@ -990,9 +1065,9 @@ async def start_listener(self) -> int: ) srv = await self.start_socket_server(self.client_connected_cb) if not srv: - raise Exception(f"The listening {protocol} socket server failed") + raise OutputError(f"The listening {protocol} socket server failed") if not srv.sockets: - raise Exception(f"Expected a listening socket, got {srv.sockets!r}") + raise OutputError(f"Expected a listening socket, got {srv.sockets!r}") hostname, port = srv.sockets[0].getsockname()[:2] await self.cfg.mainq.put( LogEvent( @@ -1047,12 +1122,12 @@ async def cleanup_tasks(self) -> None: ) ) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError: await self.cfg.mainq.put( LogEvent( etype="cleanup_event", level=20, - log=f"[{tag}] Cleanup '{name}' task failed: {err}" + log=f"[{tag}] Cleanup '{name}' task failed: Cancelled task" ) ) @@ -1069,6 +1144,8 @@ async def cleanup_stunnels(self) -> None: log=f"[{tag}] About to kill and wait for {num} stunnel process(es)" ) ) + await self.cleanup_stunnel("client") + waiters = [asyncio.create_task(proc.wait()) for proc in self.cfg.children.values()] children = [] for key, proc in self.cfg.children.items(): @@ -1090,7 +1167,7 @@ async def cleanup_stunnels(self) -> None: log=f"[{tag}] PID {key.pid} already finished" ) ) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1101,7 +1178,7 @@ async def cleanup_stunnels(self) -> None: for key in children: self.cfg.children.pop(key) - wait_res = await asyncio.gather(*waiters) + wait_res = await asyncio.gather(*waiters, return_exceptions=True) await self.cfg.mainq.put( LogEvent( etype="log", @@ -1110,7 +1187,7 @@ async def cleanup_stunnels(self) -> None: ) ) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -1121,9 +1198,10 @@ async def cleanup_stunnels(self) -> None: async def cleanup_stunnel(self, service: str) -> None: - """Terminate and remove a stunnel processe.""" + """Terminate and remove a stunnel process.""" tag = f"cleanup_stunnel {service}" try: + children = [] for key, proc in self.cfg.children.items(): if key.service is service: await self.cfg.mainq.put( @@ -1133,7 +1211,7 @@ async def cleanup_stunnel(self, service: str) -> None: log=f"[{tag}] Waiting for the '{key.service}' PID {key.pid} to exit..." ) ) - finished = key + children.append(key) try: proc.terminate() except ProcessLookupError: @@ -1144,7 +1222,7 @@ async def cleanup_stunnel(self, service: str) -> None: log=f"[{tag}] - already finished, it seems" ) ) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1152,7 +1230,7 @@ async def cleanup_stunnel(self, service: str) -> None: log=f"[{tag}] - {err!r}" ) ) - wait_res = await asyncio.gather(proc.wait()) + wait_res = await asyncio.gather(proc.wait(), return_exceptions=True) await self.cfg.mainq.put( LogEvent( etype="log", @@ -1160,9 +1238,10 @@ async def cleanup_stunnel(self, service: str) -> None: log=f"[{tag}] Got stunnel processes' exit status: {wait_res!r}", ) ) - self.cfg.children.pop(finished) + for key in children: + self.cfg.children.pop(key) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", @@ -1294,7 +1373,7 @@ async def establish_connection( return await asyncio.open_connection('127.0.0.1', conn.port, ssl=ctx) - except OSError as err: # pylint: disable=broad-except + except OSError as err: await self.cfg.mainq.put( LogEvent( etype="log", @@ -1311,7 +1390,7 @@ async def get_io_stream( """Start a network connection and return a pair of (reader, writer) objects.""" client_reader, client_writer = await self.establish_connection(conn) if not client_reader or not client_writer: - raise Exception("Establish connection failed") + raise OutputError("Establish connection failed") return client_reader, client_writer @@ -1330,7 +1409,7 @@ async def test_connect(self, conn: TestConnection) -> None: ) client_reader, client_writer = await self.get_io_stream(conn) if client_writer.is_closing(): - raise Exception("Client writer is closing") + raise UnexpectedWarning("Client writer is closing") line = f"Hello {conn.idx}\n".encode("UTF-8") await self.cfg.mainq.put( @@ -1352,7 +1431,7 @@ async def test_connect(self, conn: TestConnection) -> None: ) ) if line != "There!\n".encode("UTF-8"): - raise Exception(f"Client received unexpected message: {line!r}") + raise UnexpectedWarning(f"Client received unexpected message: {line!r}") await self.cfg.mainq.put( LogEvent( @@ -1372,14 +1451,22 @@ async def test_connect(self, conn: TestConnection) -> None: ) line = await client_reader.read(1) if line: - raise Exception(f"Did not expect to read {line!r}") + raise UnexpectedWarning(f"Did not expect to read {line!r}") - except Exception as err: # pylint: disable=broad-except + except UnexpectedWarning as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", - level=20, - log=f"[{tag}] {err}", + level=30, + log=f"[{tag}] Warning: {err}" + ) + ) + except OSError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=30, + log=f"[{tag}] Warning: {err}", ) ) finally: @@ -1403,6 +1490,10 @@ class ExpectedConfigurationFailure(StunnelAcceptConnect): async def check_listening_port(self, port:int, service: str) -> int: """Configuration failed as expected.""" + async def accepting_connections(self, port:int, service: str) -> int: + """If stunnel bound, expect log: Accepting new connections.""" + if int(port) > 0: + await self.expect_event(self.cfg.logsq, "stunnel_event") class ClientInetd(StunnelAcceptConnect): """Base class for inetd mode tests. @@ -1420,6 +1511,12 @@ async def check_listening_port(self, port:int, service: str) -> int: """You do not want stunnel to have any accept option.""" + async def accepting_connections(self, port:int, service: str) -> int: + """If stunnel bound, expect log: Accepting new connections.""" + if int(port) > 0: + await self.expect_event(self.cfg.logsq, "stunnel_event") + + async def run_stunnel(self, cfgfile: pathlib.Path, service: str) -> int: """Create the stunnel subprocess.""" tag = "run_stunnel" @@ -1442,7 +1539,8 @@ async def run_stunnel(self, cfgfile: pathlib.Path, service: str) -> int: ) ) self.cfg.children[Keys(pid=proc.pid, service=service)] = proc - asyncio.create_task(self.stunnel_output(proc.stderr, service)) + self.cfg.tasks[f"{service}_output"] = asyncio.create_task( + self.stunnel_output(proc.stderr, service)) async def get_io_stream( @@ -1465,7 +1563,15 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): async def check_listening_port(self, port:int, service: str) -> int: - """You do not want stunnel to have any accept option.""" + """Raise exception if configuration failed.""" + if port == -1: + raise OutputError(f"stunnel \'{service}\' failed") + + + async def accepting_connections(self, port:int, service: str) -> int: + """Expect log: Accepting new connections.""" + await self.check_listening_port(port, service) + await self.expect_event(self.cfg.logsq, "stunnel_event") async def socket_connected_cb( @@ -1473,6 +1579,18 @@ async def socket_connected_cb( ) -> None: """Handle a socket connection.""" tag = f"socket_connected_cb #{self.idx}" + if self.idx >= self.params.conn_num: + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"[{tag}] Skipping test connection #{self.idx}" + ) + ) + writer.close() + await writer.wait_closed() + return + conn = TestConnection(idx=self.idx, port=0, peer=None) self.conns.by_id[self.idx] = conn line = f"Hello {self.idx}\n".encode("UTF-8") @@ -1495,7 +1613,7 @@ async def socket_connected_cb( ) ) if line != "There!\n".encode("UTF-8"): - raise Exception(f"Client received unexpected message: {line!r}") + raise UnexpectedWarning(f"Client received unexpected message: {line!r}") await self.cfg.mainq.put( LogEvent( etype="log", @@ -1514,14 +1632,22 @@ async def socket_connected_cb( ) line = await reader.read(1) if line: - raise Exception(f"Did not expect to read {line!r}") + raise UnexpectedWarning(f"Did not expect to read {line!r}") - except Exception as err: # pylint: disable=broad-except + except UnexpectedWarning as err: await self.cfg.mainq.put( LogEvent( etype="fatal_event", - level=20, - log=f"[{tag}] {err}", + level=30, + log=f"[{tag}] Warning: {err}" + ) + ) + except IOError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=30, + log=f"[{tag}] Warning: {err}" ) ) finally: @@ -1576,6 +1702,237 @@ async def reopen_stunnel(self, cfgfile: pathlib.Path, idx: int, service: str) -> await self.start_stunnel(cfgfile, service) +class OcspResponder(): + """Base class for OCSP responder""" + + def __init__(self, cfg: Config): + self.cfg = cfg + + + async def start_responder(self): + """Start OCSP responder""" + tag = "start_responder" + try: + server=HttpServerThread(self.cfg) + await server.start_server() + except OSError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"[{tag}] Something went wrong: {err}" + ) + ) + + + async def stop_responder(self): + """Stop OCSP responder""" + tag = "stop_responder" + conn = http.client.HTTPConnection('localhost', self.cfg.port) + conn.request('POST', '/kill_server') + response = conn.getresponse() + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"[{tag}] HTTP status code: '{response.getcode()}'" + ) + ) + try: + text = response.read().decode('UTF-8') + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"[{tag}] HTTP status code: '{text}'" + ) + ) + except OSError as err: + await self.cfg.mainq.put( + LogEvent( + etype="fatal_event", + level=50, + log=f"[{tag}] Something went wrong: {err}" + ) + ) + conn.close() + + +class OCSPHandler(SimpleHTTPRequestHandler): + """Handle the HTTP POST request that arrive at the server""" + + def __init__(self, cfg, database, request, client_address, server): + #pylint: disable=too-many-arguments + self.cfg=cfg + self.database = database + self.server=server + SimpleHTTPRequestHandler.__init__(self, request, client_address, server) + + + def log_message(self, format, *args): + """"Override log_message method to log to a file rather than to sys.stderr""" + # pylint: disable=redefined-builtin + with open(self.cfg.results, mode="a", encoding="utf-8", buffering=1) as file: + file.write(f"do_POST: {self.log_date_time_string()}:" + +f"{self.client_address[0]}: {format%args}\n") + + + def do_POST(self): # pylint: disable=invalid-name + """"Serves the POST request type""" + try: + url=urlparse(self.path) + if url.path == "/kill_server": + self.send_response(200) + self.send_header('Content-type', 'text/plain') + self.end_headers() + self.wfile.write(bytes('Shutting down HTTP server', 'utf-8')) + self.server.shutdown() + elif url.path == "/ocsp": + content_length=int(self.headers['Content-Length']) + request_data=self.rfile.read(content_length) + request=ocsp.load_der_ocsp_request(request_data) + self.process_ocsp_request(request) + + except Exception as err: # pylint: disable=broad-except + self.send_error(404, f"{err}") + + + def process_ocsp_request(self, request: ocsp.OCSPRequest): + """Process OCSP request data""" + response=None + this_update=datetime.now(timezone.utc) + try: + issuer = self.database.get(request.issuer_key_hash) + if issuer is None: + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.UNAUTHORIZED) + else: + serial=request.serial_number + subject_cert = issuer.get('certificates').get(serial) + if subject_cert is None: + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.UNAUTHORIZED) + else: + ocsp_cert=issuer.get('ocsp_cert') + cert_info=issuer.get('revocations').get(serial) + revoked=cert_info is not None + if revoked: + cert_status=ocsp.OCSPCertStatus.REVOKED + else: + cert_status=ocsp.OCSPCertStatus.GOOD + + # create a OCSPResponse object + builder=ocsp.OCSPResponseBuilder() + + # add status information about the certificate that was requested + builder=builder.add_response( + cert=subject_cert, + issuer=ocsp_cert, + algorithm=request.hash_algorithm, + cert_status=cert_status, + this_update=this_update, + next_update=this_update + timedelta(seconds=60), + revocation_time=cert_info['revocation_time'] if revoked else None, + revocation_reason=ReasonFlags.unspecified if revoked else None) + + # set the responderID on the OCSP response + # encode the X.509 NAME of the certificate or HASH of the public key + builder=builder.responder_id(ocsp.OCSPResponderEncoding.NAME, ocsp_cert) + + # add OCSP nonce if present + try: + nonce = request.extensions.get_extension_for_class(OCSPNonce) + builder = builder.add_extension(nonce.value, critical=nonce.critical) + except ExtensionNotFound: + pass + + # create the SUCCESSFUL response that can then be serialized and sent + response=builder.sign(issuer.get('ocsp_key'), hashes.SHA256()) + + except Exception: # pylint: disable=broad-except + response=ocsp.OCSPResponseBuilder.build_unsuccessful( + ocsp.OCSPResponseStatus.INTERNAL_ERROR) + + self.send_response(200) + self.end_headers() + # only DER encoding is supported + self.wfile.write(response.public_bytes(serialization.Encoding.DER)) + + +class HttpServerThread(): + """HTTP server thread handler""" + + def __init__(self, cfg: Config): + self.cfg = cfg + self.server=None + self.server_thread=None + + async def start_server(self) -> (int): + """Starting HTTP server on localhost and a given port""" + tag = "start_server" + database=self.load_database() + ocsp_handler = partial(OCSPHandler, self.cfg, database) + self.server=ThreadingHTTPServer(('localhost', self.cfg.port), ocsp_handler) + self.server_thread=threading.Thread(target=self.server.serve_forever) + self.server_thread.start() + hostname, port=self.server.server_address[:2] + await self.cfg.mainq.put( + LogEvent( + etype="log", + level=10, + log=f"[{tag}] OCSP responder started, URL http://'{hostname}':'{port}'" + ) + ) + return port + + + def load_database(self): + """Create an in memory database of issuer/certificates and issuer/revocations""" + database = {} + for ca_cert, certs in [("CA_ocsp.pem", ["intermediateCA.pem"]), + ("interCA_ocsp.pem", ["server_cert.pem", "client_cert.pem", "revoked_cert.pem"])]: + path = os.path.join(DEFAULT_CERTS, ca_cert) + ocsp_cert = self.load_certificate(path) + ocsp_sha1 = ocsp_cert.extensions.get_extension_for_class( + SubjectKeyIdentifier).value.digest + database[ocsp_sha1] = {} + database[ocsp_sha1]['ocsp_cert'] = ocsp_cert + database[ocsp_sha1]['ocsp_key'] = self.load_private_key(path) + + certificates = {} + for filename in certs: + path = os.path.join(DEFAULT_CERTS, filename) + cert = self.load_certificate(path) + certificates[cert.serial_number] = cert + database[ocsp_sha1]['certificates'] = certificates + + with open(OCSP_INDEX, mode="r", encoding="utf-8") as index: + revocations = {} + for line in index.readlines(): + tokens = line.split('\t') + if tokens[0] == 'R': + certinfo = { + "revocation_time": datetime.strptime(tokens[2], "%y%m%d%H%M%S%z"), + "serial_number": int(tokens[3], 16), + } + revocations[certinfo["serial_number"]] = certinfo + database[ocsp_sha1]['revocations'] = revocations + + return database + + + def load_certificate(self, path): + """Deserialize a certificate from PEM encoded data""" + with open(path, mode="rb") as file: + return load_pem_x509_certificate(file.read()) + + + def load_private_key(self, path, password=None): + """Deserialize a private key from PEM encoded data""" + with open(path, mode="rb") as file: + return serialization.load_pem_private_key(file.read(), password) + + @contextlib.contextmanager def parse_args() -> Config: """Parse the command-line arguments.""" @@ -1619,12 +1976,21 @@ def parse_args() -> Config: help="the logging level " "(default: INFO)", ) + parser.add_argument( + "--port", + type=int, + default=DEFAULT_PORT, + metavar="PORT", + help="OCSP responder port number" + f"(default: {DEFAULT_PORT})" + ) args = parser.parse_args() utf8_env = dict(os.environ) + # environment can only contain strings utf8_env.update({ "LC_ALL": "C.UTF-8", "LANGUAGE": "", - "LD_LIBRARY_PATH": args.libs}) + "LD_LIBRARY_PATH": str(args.libs)}) if not os.path.isdir(args.logs): os.mkdir(args.logs) with os.scandir(args.logs) as entries: @@ -1646,7 +2012,8 @@ def parse_args() -> Config: utf8_env=utf8_env, results=os.path.join(args.logs, "results.log"), summary=os.path.join(args.logs, "summary.log"), - debug=args.debug + debug=args.debug, + port=args.port ) @@ -1665,7 +2032,7 @@ async def main() -> None: slogs = TestLogs(cfg) formats = "%(message)s" slogger = slogs.setup_logger("summary", formats, cfg.summary, DEFAULT_LEVEL) - except Exception as err: # pylint: disable=broad-except + except asyncio.CancelledError as err: # Logging is not available at this point. print(err) print("Framework initalization failed") @@ -1676,7 +2043,15 @@ async def main() -> None: await slogs.get_version(slogger) slogs.transcript_logs("summary", formats) + # Start OCSP responder. + responder = OcspResponder(cfg) + await responder.start_responder() + + # Check plugins. await PluginCollection(cfg, slogger, 'plugins') + + # Stop OCSP responder. + await responder.stop_responder() await cfg.mainq.put( LogEvent( etype="finish_event", @@ -1684,16 +2059,26 @@ async def main() -> None: log=f"[{tag}] Stunnel tests completed" ) ) - except UnsupportedOpenSSL as err: + + except UnsupportedVersion as err: await cfg.mainq.put( LogEvent( etype="finish_event", level=30, - log=f"[{tag}] Unsupported OpenSSL: {err}" + log=f"[{tag}] Unsupported version: {err}" + ) + ) + print(err) + except OutputError as err: + await cfg.mainq.put( + LogEvent( + etype="finish_event", + level=50, + log=f"[{tag}] Something went wrong: {err}" ) ) print(err) - except Exception as err: # pylint: disable=broad-except + except OSError as err: await cfg.mainq.put( LogEvent( etype="finish_event", @@ -1716,9 +2101,9 @@ async def main() -> None: if failed == 0: sys.exit(EXIT_SUCCESS) else: - slogger.errror("Failed (not all plugins were executed)") + slogger.error("Failed (not all plugins were executed)") else: # not synchronized -> stats may be misleading - slogger.errror("Failed (expected 'finish_event')") + slogger.error("Failed (expected 'finish_event')") sys.exit(EXIT_FAILURE) diff --git a/tests/plugin_collection.py b/tests/plugin_collection.py index b06bcc5e..8590d53e 100644 --- a/tests/plugin_collection.py +++ b/tests/plugin_collection.py @@ -1,11 +1,22 @@ """A plugin structure""" import dataclasses +import errno import inspect import os +import posix import pkgutil +def err_msg(err: int) -> str: + """Build the message to expect when an OS error occurs.""" + raw = str(OSError(err, posix.strerror(err))) + return raw.replace("[", "\\[").replace("]", "\\]") + + +ERR_CONN_RESET = err_msg(errno.ECONNRESET) + + @dataclasses.dataclass(frozen=True) class LogEvent(): """The base class for an event.""" diff --git a/tests/plugins/__pycache__/p01_client_cert.cpython-39.pyc b/tests/plugins/__pycache__/p01_client_cert.cpython-39.pyc deleted file mode 100644 index 35f0d467..00000000 Binary files a/tests/plugins/__pycache__/p01_client_cert.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p02_require_cert.cpython-39.pyc b/tests/plugins/__pycache__/p02_require_cert.cpython-39.pyc deleted file mode 100644 index 20117b0c..00000000 Binary files a/tests/plugins/__pycache__/p02_require_cert.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p03_verify_peer.cpython-39.pyc b/tests/plugins/__pycache__/p03_verify_peer.cpython-39.pyc deleted file mode 100644 index 05a04d15..00000000 Binary files a/tests/plugins/__pycache__/p03_verify_peer.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p04_verify_chain.cpython-39.pyc b/tests/plugins/__pycache__/p04_verify_chain.cpython-39.pyc deleted file mode 100644 index 2e93f907..00000000 Binary files a/tests/plugins/__pycache__/p04_verify_chain.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p05_verify_crl.cpython-39.pyc b/tests/plugins/__pycache__/p05_verify_crl.cpython-39.pyc deleted file mode 100644 index b8f3edd7..00000000 Binary files a/tests/plugins/__pycache__/p05_verify_crl.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p06_psk_secrets.cpython-39.pyc b/tests/plugins/__pycache__/p06_psk_secrets.cpython-39.pyc deleted file mode 100644 index fb4ff596..00000000 Binary files a/tests/plugins/__pycache__/p06_psk_secrets.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p07_p12cert.cpython-39.pyc b/tests/plugins/__pycache__/p07_p12cert.cpython-39.pyc deleted file mode 100644 index f661508f..00000000 Binary files a/tests/plugins/__pycache__/p07_p12cert.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p08_ipv6.cpython-39.pyc b/tests/plugins/__pycache__/p08_ipv6.cpython-39.pyc deleted file mode 100644 index 8b8bd57b..00000000 Binary files a/tests/plugins/__pycache__/p08_ipv6.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p09_bind.cpython-39.pyc b/tests/plugins/__pycache__/p09_bind.cpython-39.pyc deleted file mode 100644 index 92a3b728..00000000 Binary files a/tests/plugins/__pycache__/p09_bind.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p10_fips.cpython-39.pyc b/tests/plugins/__pycache__/p10_fips.cpython-39.pyc deleted file mode 100644 index b7e0d2f9..00000000 Binary files a/tests/plugins/__pycache__/p10_fips.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p11_fips_cipher.cpython-39.pyc b/tests/plugins/__pycache__/p11_fips_cipher.cpython-39.pyc deleted file mode 100644 index 763c685c..00000000 Binary files a/tests/plugins/__pycache__/p11_fips_cipher.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p12_sni.cpython-39.pyc b/tests/plugins/__pycache__/p12_sni.cpython-39.pyc deleted file mode 100644 index 3a5189b3..00000000 Binary files a/tests/plugins/__pycache__/p12_sni.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p13_resume.cpython-39.pyc b/tests/plugins/__pycache__/p13_resume.cpython-39.pyc deleted file mode 100644 index a1bcc31d..00000000 Binary files a/tests/plugins/__pycache__/p13_resume.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p14_resume_ticket.cpython-39.pyc b/tests/plugins/__pycache__/p14_resume_ticket.cpython-39.pyc deleted file mode 100644 index 11750f05..00000000 Binary files a/tests/plugins/__pycache__/p14_resume_ticket.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p15_resume_secret.cpython-39.pyc b/tests/plugins/__pycache__/p15_resume_secret.cpython-39.pyc deleted file mode 100644 index 3ca2ae85..00000000 Binary files a/tests/plugins/__pycache__/p15_resume_secret.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p16_redirect.cpython-39.pyc b/tests/plugins/__pycache__/p16_redirect.cpython-39.pyc deleted file mode 100644 index 9b75d7f7..00000000 Binary files a/tests/plugins/__pycache__/p16_redirect.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p17_redirect_proxy.cpython-39.pyc b/tests/plugins/__pycache__/p17_redirect_proxy.cpython-39.pyc deleted file mode 100644 index dd22010a..00000000 Binary files a/tests/plugins/__pycache__/p17_redirect_proxy.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p18_redirect_resume.cpython-39.pyc b/tests/plugins/__pycache__/p18_redirect_resume.cpython-39.pyc deleted file mode 100644 index aad863a3..00000000 Binary files a/tests/plugins/__pycache__/p18_redirect_resume.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p19_reload.cpython-39.pyc b/tests/plugins/__pycache__/p19_reload.cpython-39.pyc deleted file mode 100644 index afda3d65..00000000 Binary files a/tests/plugins/__pycache__/p19_reload.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p20_failover.cpython-39.pyc b/tests/plugins/__pycache__/p20_failover.cpython-39.pyc deleted file mode 100644 index 39e9737b..00000000 Binary files a/tests/plugins/__pycache__/p20_failover.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p21_include.cpython-39.pyc b/tests/plugins/__pycache__/p21_include.cpython-39.pyc deleted file mode 100644 index a81a7428..00000000 Binary files a/tests/plugins/__pycache__/p21_include.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p22_inetd.cpython-39.pyc b/tests/plugins/__pycache__/p22_inetd.cpython-39.pyc deleted file mode 100644 index 182efda4..00000000 Binary files a/tests/plugins/__pycache__/p22_inetd.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p23_exec_conn.cpython-39.pyc b/tests/plugins/__pycache__/p23_exec_conn.cpython-39.pyc deleted file mode 100644 index ebf1c1f1..00000000 Binary files a/tests/plugins/__pycache__/p23_exec_conn.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p24_delay.cpython-39.pyc b/tests/plugins/__pycache__/p24_delay.cpython-39.pyc deleted file mode 100644 index 9b42f9c5..00000000 Binary files a/tests/plugins/__pycache__/p24_delay.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p25_wrong_client.cpython-39.pyc b/tests/plugins/__pycache__/p25_wrong_client.cpython-39.pyc deleted file mode 100644 index 77242aef..00000000 Binary files a/tests/plugins/__pycache__/p25_wrong_client.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/__pycache__/p26_wrong_server.cpython-39.pyc b/tests/plugins/__pycache__/p26_wrong_server.cpython-39.pyc deleted file mode 100644 index 9f22422c..00000000 Binary files a/tests/plugins/__pycache__/p26_wrong_server.cpython-39.pyc and /dev/null differ diff --git a/tests/plugins/p01_client_cert.py b/tests/plugins/p01_client_cert.py index 2df2dab0..fcda60db 100644 --- a/tests/plugins/p01_client_cert.py +++ b/tests/plugins/p01_client_cert.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -35,7 +35,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -78,7 +77,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.count = 1 self.events.success = [ "Client received unexpected message", - "Connection reset by peer" + ERR_CONN_RESET ] self.events.failure = [ "peer did not return a certificate", @@ -87,7 +86,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", #"Client received unexpected message", "Server received unexpected message", @@ -101,7 +100,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p02_require_cert.py b/tests/plugins/p02_require_cert.py index f174b6da..39e618e4 100644 --- a/tests/plugins/p02_require_cert.py +++ b/tests/plugins/p02_require_cert.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -34,7 +34,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -48,7 +48,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -74,7 +73,9 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.params.description = '022. Failure test \"requireCert\" option' self.events.count = 1 self.events.success = [ - "peer did not return a certificate" + "peer did not return a certificate", + "alert certificate required", + ERR_CONN_RESET ] self.events.failure = [ #"peer did not return a certificate", @@ -83,7 +84,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", #"Client received unexpected message", "Server received unexpected message", @@ -97,7 +98,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p03_verify_peer.py b/tests/plugins/p03_verify_peer.py index cedff935..08d590ae 100644 --- a/tests/plugins/p03_verify_peer.py +++ b/tests/plugins/p03_verify_peer.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -35,7 +35,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -79,7 +78,9 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.count = 1 self.events.success = [ "certificate verify failed", - "unknown CA" + "unknown CA", + "alert unknown ca", + ERR_CONN_RESET ] self.events.failure = [ "peer did not return a certificate", @@ -88,7 +89,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -102,7 +103,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p04_verify_chain.py b/tests/plugins/p04_verify_chain.py index d6fb4086..9f97e11b 100644 --- a/tests/plugins/p04_verify_chain.py +++ b/tests/plugins/p04_verify_chain.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -35,7 +35,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -79,7 +78,9 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.count = 1 self.events.success = [ "certificate verify failed", - "unknown CA" + "unknown CA", + "alert unknown ca", + ERR_CONN_RESET ] self.events.failure = [ "peer did not return a certificate", @@ -88,7 +89,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -102,7 +103,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p05_verify_crl.py b/tests/plugins/p05_verify_crl.py index b5a9eaec..3dcf4173 100644 --- a/tests/plugins/p05_verify_crl.py +++ b/tests/plugins/p05_verify_crl.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -37,7 +37,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -51,7 +51,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -84,7 +83,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.count = 1 self.events.success = [ "certificate verify failed", - "certificate revoked" + "certificate revoked", + ERR_CONN_RESET ] self.events.failure = [ "peer did not return a certificate", @@ -93,7 +93,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -107,7 +107,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p06_psk_secrets.py b/tests/plugins/p06_psk_secrets.py index 21871ccd..f0795e12 100644 --- a/tests/plugins/p06_psk_secrets.py +++ b/tests/plugins/p06_psk_secrets.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -34,7 +34,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -48,7 +48,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -69,7 +68,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -97,7 +95,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.count = 1 self.events.success = [ "binder does not verify", - "bad record mac" + "bad record mac", + ERR_CONN_RESET ] self.events.failure = [ #"peer did not return a certificate", @@ -106,7 +105,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - #"Connection reset by peer", + #ERR_CONN_RESET, #"Connection lost", #"Client received unexpected message", "Server received unexpected message", @@ -120,7 +119,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -141,7 +139,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p07_p12cert.py b/tests/plugins/p07_p12cert.py index 662aefc1..b40319b3 100644 --- a/tests/plugins/p07_p12cert.py +++ b/tests/plugins/p07_p12cert.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -35,7 +35,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p08_ipv6.py b/tests/plugins/p08_ipv6.py index 2483a54e..dbfb4737 100644 --- a/tests/plugins/p08_ipv6.py +++ b/tests/plugins/p08_ipv6.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -32,7 +32,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -46,7 +46,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -66,7 +65,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p09_bind.py b/tests/plugins/p09_bind.py index bf44b746..621be808 100644 --- a/tests/plugins/p09_bind.py +++ b/tests/plugins/p09_bind.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -34,7 +34,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -48,7 +48,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p10_fips.py b/tests/plugins/p10_fips.py index 5d2bc567..eab94395 100644 --- a/tests/plugins/p10_fips.py +++ b/tests/plugins/p10_fips.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -29,7 +29,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.skip = [ "FIPS provider not available", "fips mode not supported", - r"FIPS PROVIDER.*could not load the shared library" + r"FIPS PROVIDER.*could not load the shared library", + r"FIPS PROVIDER.*missing config data" ] self.events.failure = [ "peer did not return a certificate", @@ -38,7 +39,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -52,7 +53,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -74,7 +74,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p11_fips_cipher.py b/tests/plugins/p11_fips_cipher.py index 0280a1d7..e778d216 100644 --- a/tests/plugins/p11_fips_cipher.py +++ b/tests/plugins/p11_fips_cipher.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ExpectedConfigurationFailure @@ -30,7 +30,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.skip = [ "FIPS provider not available", "fips mode not supported", - r"FIPS PROVIDER.*could not load the shared library" + r"FIPS PROVIDER.*could not load the shared library", + r"FIPS PROVIDER.*missing config data" ] self.events.count = 1 self.events.success = [ @@ -43,7 +44,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -57,7 +58,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -88,7 +88,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): "FIPS provider not available", "fips mode not supported", r"FIPS PROVIDER.*could not load the shared library", - "Specified option name is not valid here" + "Specified option name is not valid here", + r"FIPS PROVIDER.*missing config data" ] self.events.count = 1 self.events.success = [ @@ -102,7 +103,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -116,7 +117,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -147,7 +147,8 @@ def __init__(self, cfg: Config, logger: logging.Logger): self.events.skip = [ "FIPS provider not available", "fips mode not supported", - r"FIPS PROVIDER.*could not load the shared library" + r"FIPS PROVIDER.*could not load the shared library", + r"FIPS PROVIDER.*missing config data" ] self.events.count = 1 self.events.success = [ @@ -161,7 +162,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -175,7 +176,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p12_sni.py b/tests/plugins/p12_sni.py index 1dce2a2c..3a94a420 100644 --- a/tests/plugins/p12_sni.py +++ b/tests/plugins/p12_sni.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -19,9 +19,9 @@ def __init__(self, cfg: Config, logger: logging.Logger): class SNITest(StunnelTest): - """Use the service as a slave service (a name-based virtual server) + """Use the service as a secondary service (a name-based virtual server) for Server Name Indication TLS extension. - SERVICE_NAME (server_virtual) specifies the master service that + SERVICE_NAME (server_virtual) specifies the primary service that accepts client connections with the accept option. SERVER_NAME_PATTERN (*.mydomain.com) specifies the host name to be redirected. The success is expected because the client presents the sni pattern (sni.mydomain.com) @@ -38,7 +38,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -52,7 +52,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -74,7 +73,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -98,9 +96,9 @@ async def prepare_server_cfgfile( class FailureSNITest(StunnelTest): - """Use the service as a slave service (a name-based virtual server) + """Use the service as a secondary service (a name-based virtual server) for Server Name Indication TLS extension. - SERVICE_NAME (server_virtual) specifies the master service that + SERVICE_NAME (server_virtual) specifies the primary service that accepts client connections with the accept option. SERVER_NAME_PATTERN sni.mydomain.com) specifies the host name to be redirected. The success is expected because the client doesn't present any sni pattern. @@ -116,7 +114,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -130,7 +128,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -153,7 +150,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p13_resume.py b/tests/plugins/p13_resume.py index 76455253..b982dde8 100644 --- a/tests/plugins/p13_resume.py +++ b/tests/plugins/p13_resume.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -44,7 +44,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -58,7 +58,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -79,7 +78,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -122,7 +120,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -136,7 +134,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -157,7 +154,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -199,7 +195,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -213,7 +209,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -234,7 +229,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -271,7 +265,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -285,7 +279,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -306,7 +299,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p14_resume_ticket.py b/tests/plugins/p14_resume_ticket.py index 22db91ed..58f64bc3 100644 --- a/tests/plugins/p14_resume_ticket.py +++ b/tests/plugins/p14_resume_ticket.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ClientConnectExec @@ -44,7 +44,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -59,12 +59,11 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no - retry = yes + retry = 10 [{service}] client = yes @@ -83,7 +82,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -132,7 +130,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -147,12 +145,11 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no - retry = yes + retry = 10 [{service}] client = yes @@ -171,7 +168,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p15_resume_secret.py b/tests/plugins/p15_resume_secret.py index 85bd69b8..437396c6 100644 --- a/tests/plugins/p15_resume_secret.py +++ b/tests/plugins/p15_resume_secret.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ServerReopen @@ -42,7 +42,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -57,12 +57,11 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no - retry = yes + retry = 10 [{service}] client = yes @@ -81,7 +80,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -107,7 +105,6 @@ async def prepare_additional_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for new stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_new_server.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p16_redirect.py b/tests/plugins/p16_redirect.py index dd29a194..4287f263 100644 --- a/tests/plugins/p16_redirect.py +++ b/tests/plugins/p16_redirect.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -37,7 +37,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -51,7 +51,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -89,7 +88,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -103,7 +102,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -138,7 +136,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -152,7 +150,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -189,7 +186,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -203,7 +200,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -241,7 +237,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -255,7 +251,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -290,7 +285,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -304,7 +299,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p17_redirect_proxy.py b/tests/plugins/p17_redirect_proxy.py index 437d91d2..716a9655 100644 --- a/tests/plugins/p17_redirect_proxy.py +++ b/tests/plugins/p17_redirect_proxy.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -37,7 +37,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -51,7 +51,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -91,7 +90,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -105,7 +104,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -142,7 +140,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -156,7 +154,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p18_redirect_resume.py b/tests/plugins/p18_redirect_resume.py index a0030c02..97cd5aa8 100644 --- a/tests/plugins/p18_redirect_resume.py +++ b/tests/plugins/p18_redirect_resume.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -43,7 +43,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -57,7 +57,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -80,7 +79,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -120,7 +118,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", #"Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -134,7 +132,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -155,7 +152,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -196,7 +192,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -210,7 +206,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -232,7 +227,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p19_reload.py b/tests/plugins/p19_reload.py index 413ae204..162a65f9 100644 --- a/tests/plugins/p19_reload.py +++ b/tests/plugins/p19_reload.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -33,7 +33,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -48,7 +48,6 @@ async def prepare_client_cfgfile( """Create a configuration file for a stunnel client.""" contents = f""" ;client doesn't present any certificate - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -60,7 +59,6 @@ async def prepare_client_cfgfile( """ reload_contents = f""" ;client presents a certificate - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p20_failover.py b/tests/plugins/p20_failover.py index 95f5a6ae..32b4703b 100644 --- a/tests/plugins/p20_failover.py +++ b/tests/plugins/p20_failover.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -41,7 +41,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -55,7 +55,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -79,7 +78,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -118,7 +116,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -132,7 +130,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -156,7 +153,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p21_include.py b/tests/plugins/p21_include.py index 93321d87..38b7f10d 100644 --- a/tests/plugins/p21_include.py +++ b/tests/plugins/p21_include.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, StunnelAcceptConnect @@ -33,7 +33,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_client_cfgfile( with open(f"{cfg.tempd}/conf.d/00-global.conf", "w") as conf: conf.write(f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -78,7 +77,6 @@ async def prepare_server_cfgfile( os.mkdir(f"{cfg.tempd}/conf.d") with open(f"{cfg.tempd}/conf.d/00-global.conf", "w") as conf: conf.write(f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p22_inetd.py b/tests/plugins/p22_inetd.py index 35dc94e3..9a5de2f9 100644 --- a/tests/plugins/p22_inetd.py +++ b/tests/plugins/p22_inetd.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ClientInetd @@ -32,7 +32,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -47,7 +47,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p23_exec_conn.py b/tests/plugins/p23_exec_conn.py index 5dea6684..b4ea017d 100644 --- a/tests/plugins/p23_exec_conn.py +++ b/tests/plugins/p23_exec_conn.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ClientConnectExec @@ -34,7 +34,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -49,7 +49,6 @@ async def prepare_client_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p24_delay.py b/tests/plugins/p24_delay.py index a66e8330..d8e4e056 100644 --- a/tests/plugins/p24_delay.py +++ b/tests/plugins/p24_delay.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ClientConnectExec @@ -50,7 +50,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -65,13 +65,12 @@ async def prepare_client_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no delay = yes - retry = yes + retry = 10 [{service}] client = yes @@ -92,7 +91,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no @@ -132,7 +130,7 @@ def __init__(self, cfg: Config, logger: logging.Logger, path:pathlib.Path): "unsupported protocol", #"TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -147,14 +145,13 @@ async def prepare_client_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no delay = no failover = rr - retry = yes + retry = 10 [{service}] client = yes @@ -175,7 +172,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p25_wrong_client.py b/tests/plugins/p25_wrong_client.py index 688c9a63..e7b05500 100644 --- a/tests/plugins/p25_wrong_client.py +++ b/tests/plugins/p25_wrong_client.py @@ -3,7 +3,7 @@ import logging import os import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ExpectedConfigurationFailure @@ -38,7 +38,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -52,7 +52,6 @@ async def prepare_client_cfgfile( ) -> (pathlib.Path, pathlib.Path): """Create a configuration file for a stunnel client.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p26_wrong_server.py b/tests/plugins/p26_wrong_server.py index d79ee338..fc209fd1 100644 --- a/tests/plugins/p26_wrong_server.py +++ b/tests/plugins/p26_wrong_server.py @@ -2,7 +2,7 @@ import logging import pathlib -from plugin_collection import Plugin +from plugin_collection import Plugin, ERR_CONN_RESET from maketest import ( Config, ExpectedConfigurationFailure @@ -37,7 +37,7 @@ def __init__(self, cfg: Config, logger: logging.Logger): "unsupported protocol", "TLS accepted: previous session reused", "Redirecting connection", - "Connection reset by peer", + ERR_CONN_RESET, "Connection lost", "Client received unexpected message", "Server received unexpected message", @@ -51,7 +51,6 @@ async def prepare_server_cfgfile( ) -> pathlib.Path: """Create a configuration file for a stunnel server.""" contents = f""" - pid = {cfg.tempd}/stunnel_{service}.pid foreground = yes debug = debug syslog = no diff --git a/tests/plugins/p27_ocsp.py b/tests/plugins/p27_ocsp.py new file mode 100644 index 00000000..cf5e465f --- /dev/null +++ b/tests/plugins/p27_ocsp.py @@ -0,0 +1,331 @@ +"""stunnel client-server tests""" + +import logging +import os +import pathlib +from plugin_collection import Plugin, ERR_CONN_RESET +from maketest import ( + Config, + StunnelAcceptConnect +) + + +class StunnelTest(StunnelAcceptConnect): + """Base class for stunnel client-server tests.""" + # pylint: disable=too-few-public-methods + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.services = ['server', 'client'] + + +class VerifyOCSPStapling(StunnelTest): + """ Checking OCSP stapling certificate verification. + OCSP stapling is always available in the server mode. + Using "verifyChain" automatically enables OCSP stapling in the client mode. + The success is expected because the server presents a valid certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '271. Test OCSP stapling' + self.events.count = 1 + self.events.success = [ + r"OCSP: Accepted \(good\)" + ] + self.events.failure = [ + "peer did not return a certificate", + "bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + ] + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports[1]} + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class VerifyOCSPClientDriven(StunnelTest): + """ Checking OCSP stapling certificate verification. + Using "OCSPaia" enables stunnel to validate certificates with the list of OCSP + responder URLs retrieved from their AIA (Authority Information Access) extension. + The success is expected because the client presents a valid certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '272. Test OCSP client-driven' + self.events.count = 1 + self.events.success = [ + r"OCSP: Accepted \(good\)" + ] + self.events.failure = [ + "peer did not return a certificate", + "bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + ] + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports[1]} + cert = {cfg.certdir}/client_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + OCSPaia = yes + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class FailureVerifyOCSPStapling(StunnelTest): + """ Checking OCSP stapling certificate verification. + OCSP stapling is always available in the server mode. + Using "verifyChain" automatically enables OCSP stapling in the client mode. + The failure is expected because the server presents a revoked certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '273. Failure test OCSP stapling' + self.events.count = 1 + self.events.success = [ + r"OCSP: Rejected \(revoked\)" + ] + self.events.failure = [ + "peer did not return a certificate", + #"bad certificate", + "certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + #ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + ] + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports[1]} + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + + [{service}] + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/revoked_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class FailureVerifyOCSPClientDriven(StunnelTest): + """ Checking OCSP stapling certificate verification. + Using "OCSPaia" enables stunnel to validate certificates with the list of OCSP + responder URLs retrieved from their AIA (Authority Information Access) extension. + The failure is expected because client presents a revoked certificate. + """ + + def __init__(self, cfg: Config, logger: logging.Logger): + super().__init__(cfg, logger) + self.params.description = '274. Failure test OCSP client-driven' + self.events.count = 1 + self.events.success = [ + "Rejected by OCSP at depth=0" + ] + self.events.failure = [ + "peer did not return a certificate", + "bad certificate", + #"certificate verify failed", + "unsupported protocol", + "TLS accepted: previous session reused", + "Redirecting connection", + #ERR_CONN_RESET, + "Connection lost", + "Client received unexpected message", + "Server received unexpected message", + "Something went wrong", + "INTERNAL ERROR" + ] + + + async def prepare_client_cfgfile( + self, cfg: Config, ports: list, service: str + ) -> (pathlib.Path, pathlib.Path): + """Create a configuration file for a stunnel client.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + [{service}] + client = yes + accept = 127.0.0.1:0 + connect = 127.0.0.1:{ports[1]} + cert = {cfg.certdir}/revoked_cert.pem + """ + cfgfile = cfg.tempd / "stunnel_client.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile, os.devnull + + + async def prepare_server_cfgfile( + self, cfg: Config, port: int, service: str + ) -> pathlib.Path: + """Create a configuration file for a stunnel server.""" + contents = f""" + foreground = yes + debug = debug + syslog = no + + + [{service}] + accept = 127.0.0.1:0 + connect = 127.0.0.1:{port} + cert = {cfg.certdir}/server_cert.pem + CAfile = {cfg.certdir}/CACert.pem + verifyChain = yes + OCSPaia = yes + """ + cfgfile = cfg.tempd / "stunnel_server.conf" + cfgfile.write_text(contents, encoding="UTF-8") + return cfgfile + + +class StunnelClientServerTest(Plugin): + """Stunnel client-server tests + HTTP client --> stunnel client --> stunnel server --> HTTP server + """ + # pylint: disable=too-few-public-methods + + def __init__(self): + super().__init__() + self.description = 'OCSP certificate verification' + + + async def perform_operation(self, cfg: Config, logger: logging.Logger) -> None: + """Run tests""" + stunnel = VerifyOCSPStapling(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = VerifyOCSPClientDriven(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = FailureVerifyOCSPStapling(cfg, logger) + await stunnel.test_stunnel(cfg) + + stunnel = FailureVerifyOCSPClientDriven(cfg, logger) + await stunnel.test_stunnel(cfg) diff --git a/tools/Makefile.am b/tools/Makefile.am index df245093..c38c8ee2 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -1,10 +1,10 @@ ## Process this file with automake to produce Makefile.in -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh makecert.sh -EXTRA_DIST += openssl.cnf stunnel.nsi stunnel.license stunnel.conf +EXTRA_DIST += openssl.cnf stunnel.nsi ReplaceInFile3.nsh stunnel.license stunnel.conf EXTRA_DIST += stunnel.conf-sample.in stunnel.init.in stunnel.service.in -EXTRA_DIST += stunnel.logrotate stunnel.rh.init stunnel.spec +EXTRA_DIST += stunnel.logrotate stunnel.rh.init stunnel.spec.in EXTRA_DIST += ca-certs.pem confdir = $(sysconfdir)/stunnel @@ -20,7 +20,7 @@ examples_DATA += ca.html ca.pl importCA.html importCA.sh script.sh bashcompdir = @bashcompdir@ dist_bashcomp_DATA = stunnel.bash -CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service +CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service stunnel.spec install-data-local: ${INSTALL} -d -m 1770 $(DESTDIR)$(localstatedir)/lib/stunnel @@ -36,11 +36,13 @@ edit = sed \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ - -e 's|@DEFAULT_GROUP[@]|$(DEFAULT_GROUP)|g' + -e 's|@DEFAULT_GROUP[@]|$(DEFAULT_GROUP)|g' \ + -e 's|@PACKAGE_VERSION[@]|$(PACKAGE_VERSION)|g' -stunnel.conf-sample stunnel.init stunnel.service: Makefile +stunnel.conf-sample stunnel.init stunnel.service stunnel.spec: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel.conf-sample: $(srcdir)/stunnel.conf-sample.in stunnel.init: $(srcdir)/stunnel.init.in stunnel.service: $(srcdir)/stunnel.service.in +stunnel.spec: $(srcdir)/stunnel.spec.in diff --git a/tools/Makefile.in b/tools/Makefile.in index 3274593c..113ddda6 100644 --- a/tools/Makefile.in +++ b/tools/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -14,7 +14,7 @@ @SET_MAKE@ -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 VPATH = @srcdir@ am__is_gnu_make = { \ @@ -218,9 +218,6 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ -PKG_CONFIG = @PKG_CONFIG@ -PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ -PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_CXX = @PTHREAD_CXX@ @@ -290,12 +287,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -with_bashcompdir = @with_bashcompdir@ EXTRA_DIST = ca.html ca.pl importCA.html importCA.sh script.sh \ - makecert.sh openssl.cnf stunnel.nsi stunnel.license \ - stunnel.conf stunnel.conf-sample.in stunnel.init.in \ - stunnel.service.in stunnel.logrotate stunnel.rh.init \ - stunnel.spec ca-certs.pem + makecert.sh openssl.cnf stunnel.nsi ReplaceInFile3.nsh \ + stunnel.license stunnel.conf stunnel.conf-sample.in \ + stunnel.init.in stunnel.service.in stunnel.logrotate \ + stunnel.rh.init stunnel.spec.in ca-certs.pem confdir = $(sysconfdir)/stunnel conf_DATA = stunnel.conf-sample examplesdir = $(docdir)/examples @@ -303,13 +299,14 @@ examples_DATA = stunnel.init stunnel.service stunnel.logrotate \ stunnel.rh.init stunnel.spec ca.html ca.pl importCA.html \ importCA.sh script.sh dist_bashcomp_DATA = stunnel.bash -CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service +CLEANFILES = stunnel.conf-sample stunnel.init stunnel.service stunnel.spec edit = sed \ -e 's|@prefix[@]|$(prefix)|g' \ -e 's|@bindir[@]|$(bindir)|g' \ -e 's|@localstatedir[@]|$(localstatedir)|g' \ -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ - -e 's|@DEFAULT_GROUP[@]|$(DEFAULT_GROUP)|g' + -e 's|@DEFAULT_GROUP[@]|$(DEFAULT_GROUP)|g' \ + -e 's|@PACKAGE_VERSION[@]|$(PACKAGE_VERSION)|g' all: all-am @@ -586,12 +583,13 @@ cert: ${INSTALL} -b -m 600 stunnel.pem $(DESTDIR)$(confdir)/stunnel.pem rm -f stunnel.pem -stunnel.conf-sample stunnel.init stunnel.service: Makefile +stunnel.conf-sample stunnel.init stunnel.service stunnel.spec: Makefile $(edit) '$(srcdir)/$@.in' >$@ stunnel.conf-sample: $(srcdir)/stunnel.conf-sample.in stunnel.init: $(srcdir)/stunnel.init.in stunnel.service: $(srcdir)/stunnel.service.in +stunnel.spec: $(srcdir)/stunnel.spec.in # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/tools/ReplaceInFile3.nsh b/tools/ReplaceInFile3.nsh new file mode 100644 index 00000000..57900c1a --- /dev/null +++ b/tools/ReplaceInFile3.nsh @@ -0,0 +1,154 @@ +/* +First occurrence to be replaced: FST_OCC. + FST_OCC = all, renders the same as FST_OCC = 1. + if FST_OCC greater than the number of occurences in the file: no alteration of the file, + FST_OCC negative or 0 will leave the file content unchanged no matter the NR_OCC value. +Nr max of occurrences replaced onwards: NR_OCC, + if NR_OCC = all --> replacement as long as a string to be replaced is found, + if NR_OCC = stritly positive integer, replaces up to NR_OCC occurrences provided they exist, + NR_OCC negative or 0 yields the same as all. + +Order to run down and search the file: from left to right and top down. +REPLACEMENT_STR, OLD_STR, read line should be less than 1024 characters long. +For NSIS Unicode, FILE_TO_MODIFIED must be utf-8 encoded. +*/ + +Var /Global OLD_STR +Var /Global FST_OCC +Var /Global NR_OCC +Var /Global REPLACEMENT_STR +Var /Global FILE_TO_MODIFIED + +!macro ReplaceInFile OLD_STR FST_OCC NR_OCC REPLACEMENT_STR FILE_TO_MODIFIED + + Push "${OLD_STR}" ;text to be replaced + Push "${REPLACEMENT_STR}" ;replace with + Push "${FST_OCC}" ; starts replacing onwards FST_OCC occurrences + Push "${NR_OCC}" ; replaces NR_OCC occurrences in all + Push "${FILE_TO_MODIFIED}" ; file to replace in + Call AdvReplaceInFile + +!macroend + + +Function AdvReplaceInFile +Exch $0 ;FILE_TO_MODIFIED file to replace in +Exch +Exch $1 ;the NR_OCC of OLD_STR occurrences to be replaced. +Exch +Exch 2 +Exch $2 ;FST_OCC: the first occurrence to be replaced and onwards +Exch 2 +Exch 3 +Exch $3 ;REPLACEMENT_STR string to replace with +Exch 3 +Exch 4 +Exch $4 ;OLD_STR to be replaced +Exch 4 +Push $5 ;incrementing counter +Push $6 ;a chunk of read line +Push $7 ;the read line altered or not +Push $8 ;left string +Push $9 ;right string or forster read line +Push $R0 ;temp file handle +Push $R1 ;FILE_TO_MODIFIED file handle +Push $R2 ;a line read +Push $R3 ;the length of OLD_STR +Push $R4 ;counts reaching of FST_OCC +Push $R5 ;counts reaching of NR_OCC +Push $R6 ;temp file name + + + GetTempFileName $R6 + + FileOpen $R1 $0 r ;FILE_TO_MODIFIED file to search in + FileOpen $R0 $R6 w ;temp file + StrLen $R3 $4 ;the length of OLD_STR + StrCpy $R4 0 ;counter initialization + StrCpy $R5 -1 ;counter initialization + +loop_read: + ClearErrors + FileRead $R1 $R2 ;reading line + IfErrors exit ;when end of file has been reached + + StrCpy $5 -1 ;cursor, start of read line chunk + StrLen $7 $R2 ;read line length + IntOp $5 $5 - $7 ;cursor initialization + StrCpy $7 $R2 ;$7 contains read line + +loop_filter: + IntOp $5 $5 + 1 ;cursor shifting + StrCmp $5 0 file_write ;end of line has been reached + StrCpy $6 $7 $R3 $5 ;a chunk of read line of length OLD_STR + StrCmp $6 $4 0 loop_filter ;continues to search OLD_STR if no match + +StrCpy $8 $7 $5 ;left part +IntOp $6 $5 + $R3 +IntCmp $6 0 yes no ;left part + OLD_STR == full line read ? +yes: +StrCpy $9 "" +Goto done +no: +StrCpy $9 $7 "" $6 ;right part +done: +StrCpy $9 $8$3$9 ;replacing OLD_STR by REPLACEMENT_STR in forster read line + +IntOp $R4 $R4 + 1 ;counter incrementation +;MessageBox MB_OK|MB_ICONINFORMATION \ +;"count R4 = $R4, fst_occ = $2" +StrCmp $2 all follow_up ;exchange ok, then goes to search the next OLD_STR +IntCmp $R4 $2 follow_up ;no exchange until FST_OCC has been reached, +Goto loop_filter ;and then searching for the next OLD_STR + +follow_up: +IntOp $R4 $R4 - 1 ;now counter is to be stuck to FST_OCC + +IntOp $R5 $R5 + 1 ;counter incrementation +;MessageBox MB_OK|MB_ICONINFORMATION \ +;"count R5 = $R5, nbr_occ = $1" +StrCmp $1 all exchange_ok ;goes to exchange OLD_STR with REPLACEMENT_STR +IntCmp $R5 $1 finalize ;proceeding exchange until NR_OCC has been reached + +exchange_ok: +IntOp $5 $5 + $R3 ;updating cursor +StrCpy $7 $9 ;updating read line with forster read line +Goto loop_filter ;goes searching the same read line + +finalize: +IntOp $R5 $R5 - 1 ;now counter is to be stuck to NR_OCC + +file_write: + FileWrite $R0 $7 ;writes altered or unaltered line +Goto loop_read ;reads the next line + +exit: + FileClose $R0 + FileClose $R1 + + ;SetDetailsPrint none + Delete $0 + Rename $R6 $0 ;superseding FILE_TO_MODIFIED file with + ;temp file built with REPLACEMENT_STR + ;Delete $R6 + ;SetDetailsPrint lastused + +Pop $R6 +Pop $R5 +Pop $R4 +Pop $R3 +Pop $R2 +Pop $R1 +Pop $R0 +Pop $9 +Pop $8 +Pop $7 +Pop $6 +Pop $5 +;These values are stored in the stack in the reverse order they were pushed +Pop $0 +Pop $1 +Pop $2 +Pop $3 +Pop $4 +FunctionEnd diff --git a/tools/ca-certs.pem b/tools/ca-certs.pem index 8c04ff18..73fadfae 100644 --- a/tools/ca-certs.pem +++ b/tools/ca-certs.pem @@ -1,4 +1,109 @@ -----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT +U0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2 +MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh +dGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm +acCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN +SeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME +GDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW +uCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp +15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN +b0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM +MS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx +MQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00 +MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD +QSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z +4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv +Ye+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ +kmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs +GY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln +nkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh +3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD +0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy +geBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8 +ANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB +c6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI +pw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +dEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +DAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs +o0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ +qM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw +xfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM +rr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4 +AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR +0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY +o7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5 +dDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE +oji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD +Ey1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw +HhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY +MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp +YyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa +ef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz +SDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf +iOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X +ME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3 +IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS +VYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE +SJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu ++Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt +8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L +HaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt +zwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P +AQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ +YKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52 +gDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA +Fv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB +JYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX +DhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui +TdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5 +dHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65 +LvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp +0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY +QqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w +LAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w +CwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0 +MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF +Q0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI +zj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X +tXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4 +AjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2 +KCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD +aAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu +CCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo +9H1/IISpQuQo +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw +CQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN +MjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG +A1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC +WvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+ +6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B +Af8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa +qCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q +4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAw gb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQL Ex9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykg @@ -626,37 +731,6 @@ xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB -8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy -dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 -YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 -dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh -IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD -LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG -EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g -KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD -ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu -bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg -ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R -85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm -4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV -HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd -QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t -lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB -o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E -BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 -opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo -dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW -ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN -AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y -/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k -SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy -Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS -Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl -nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW @@ -742,42 +816,6 @@ W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D hNQ+IIX3Sj0rnP0qCglN6oH4EZw= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV -BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC -aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV -BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 -Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz -MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ -BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp -em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN -ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY -B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH -D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF -Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo -q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D -k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH -fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut -dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM -ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 -zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn -rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX -U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 -Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 -XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF -Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR -HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY -GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c -77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 -+GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK -vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 -FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl -yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P -AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD -y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d -NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG @@ -962,51 +1000,6 @@ LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI 4uJEvlz36hz1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix -RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 -dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p -YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw -NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK -EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl -cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl -c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz -dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ -fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns -bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD -75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP -FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV -HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp -5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu -b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA -A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p -6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 -TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 -dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys -Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI -l7WdmplNsDz4SgCbZN2fOUvRJ9e4 ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx -FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg -Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG -A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr -b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ -jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn -PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh -ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 -nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h -q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED -MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC -mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 -7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB -oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs -EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO -fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi -AmvZWg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G @@ -1147,29 +1140,6 @@ DgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ +RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi -MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu -MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp -dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV -UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO -ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz -c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP -OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl -mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF -BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 -qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw -gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu -bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp -dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 -6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ -h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH -/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv -wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN -pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 @@ -1440,6 +1410,50 @@ t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw +PTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy +dGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9 +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0 +YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2 +1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT +vqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed +aFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0 +1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5 +r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5 +cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ +wHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ +6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA +2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH +Wyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR +eiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB +/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u +d0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr +PbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi +1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd +rRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di +taY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7 +lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj +yTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn +Kx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy +yCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n +wXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6 +OV+KmalBWQewLK8= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw +CQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu +bHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ +BgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s +eSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK ++IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2 +QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4 +hevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm +ut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG +BtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw @@ -2126,6 +2140,52 @@ oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY Ic2wBlX7Jz9TkHCpBB5XJ7k= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT +AkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD +VQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx +NjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT +HFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5 +IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl +dB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK +ULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu +9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O +be0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFfzCCA2egAwIBAgIJAOF8N0D9G/5nMA0GCSqGSIb3DQEBDAUAMF0xCzAJBgNV +BAYTAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMScw +JQYDVQQDEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTMwHhcNMTYwNjE2 +MDYxNzE2WhcNMzgwMTE4MDYxNzE2WjBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UEAxMeU2VjdXJpdHkg +Q29tbXVuaWNhdGlvbiBSb290Q0EzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEA48lySfcw3gl8qUCBWNO0Ot26YQ+TUG5pPDXC7ltzkBtnTCHsXzW7OT4r +CmDvu20rhvtxosis5FaU+cmvsXLUIKx00rgVrVH+hXShuRD+BYD5UpOzQD11EKzA +lrenfna84xtSGc4RHwsENPXY9Wk8d/Nk9A2qhd7gCVAEF5aEt8iKvE1y/By7z/MG +TfmfZPd+pmaGNXHIEYBMwXFAWB6+oHP2/D5Q4eAvJj1+XCO1eXDe+uDRpdYMQXF7 +9+qMHIjH7Iv10S9VlkZ8WjtYO/u62C21Jdp6Ts9EriGmnpjKIG58u4iFW/vAEGK7 +8vknR+/RiTlDxN/e4UG/VHMgly1s2vPUB6PmudhvrvyMGS7TZ2crldtYXLVqAvO4 +g160a75BflcJdURQVc1aEWEhCmHCqYj9E7wtiS/NYeCVvsq1e+F7NGcLH7YMx3we +GVPKp7FKFSBWFHA9K4IsD50VHUeAR/94mQ4xr28+j+2GaR57GIgUssL8gjMunEst ++3A7caoreyYn8xrC3PsXuKHqy6C0rtOUfnrQq8PsOC0RLoi/1D+tEjtCrI8Cbn3M +0V9hvqG8OmpI6iZVIhZdXw3/JzOfGAN0iltSIEdrRU0id4xVJ/CvHozJgyJUt5rQ +T9nO/NkuHJYosQLTA70lUhw0Zk8jq/R3gpYd0VcwCBEF/VfR2ccCAwEAAaNCMEAw +HQYDVR0OBBYEFGQUfPxYchamCik0FW8qy7z8r6irMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQDcAiMI4u8hOscNtybS +YpOnpSNyByCCYN8Y11StaSWSntkUz5m5UoHPrmyKO1o5yGwBQ8IibQLwYs1OY0PA +FNr0Y/Dq9HHuTofjcan0yVflLl8cebsjqodEV+m9NU1Bu0soo5iyG9kLFwfl9+qd +9XbXv8S2gVj/yP9kaWJ5rW4OH3/uHWnlt3Jxs/6lATWUVCvAUm2PVcTJ0rjLyjQI +UYWg9by0F1jqClx6vWPGOi//lkkZhOpn2ASxYfQAW0q3nHE3GYV5v4GwxxMOdnE+ +OoAGrgYWp421wsTL/0ClXI2lyTrtcoHKXJg80jQDdwj98ClZXSEIx2C/pHF7uNke +gr4Jr2VvKKu/S7XuPghHJ6APbw+LP6yVGPO5DtxnVW5inkYO0QR4ynKudtml+LLf +iAlhi+8kTtFZP1rUPcmTPCtk9YENFpb3ksP+MW/oKjJ0DvRMmEoYDjBU1cXrvMUV +nuiZIesnKwkK2/HmcBhWuwzkvvnoEKQTkrgc4NtnHVMDpCKn3F2SEDzq//wbEBrD +2NCcnWXL0CsnMQMeNuE9dnUM/0Umud1RvCPHX9jYhxBAEg09ODfnRDwYwFMJZI// +1ZqmfHAuc1Uh6N//g7kdPjIe1qZ9LPFm6Vwdp6POXiUyK+OVrCoHzrQoeIY8Laad +TdJ0MN1kURXbg4NR16/9M51NZg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV @@ -2300,38 +2360,6 @@ tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1 /q4AaOeMSQ+2b1tbFfLn -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO -TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh -dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y -MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg -TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS -b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS -M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC -UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d -Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p -rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l -pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb -j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC -KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS -/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X -cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH -1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP -px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 -MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI -eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u -2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS -v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC -wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy -CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e -vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 -Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa -Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL -eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 -FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc -7uzXLg== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs @@ -2455,6 +2483,52 @@ qJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP E2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU +MQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI +T1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz +MTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF +SUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh +bCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z +xRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ +spDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5 +58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR +at7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll +5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq +nMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK +V0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/ +pj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO +z2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn +jSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+ +WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF +7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE +AwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli +awLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u ++2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88 +X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN +SoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo +P2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI ++pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz +znfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9 +eVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2 +YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy +r/6zcCwupvI= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw +CQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ +VFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy +MVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ +TkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS +b290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B +IgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+ ++kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK +sVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA +94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B +43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w @@ -3383,107 +3457,6 @@ wKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV dWNbFJWcHwHP2NVypw87 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk -MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH -bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX -DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD -QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ -FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F -uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX -kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs -ewv4n4Q= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu -hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/l -xKvRHYqjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0 -CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANx -sbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM -f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vX -mX7wCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7 -zUjwTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0P -fyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtc -vfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4 -Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUsp -zBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOO -Rc92wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYW -k70paDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+ -DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgF -lQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBADiW -Cu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1 -d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6Z -XPYfcX3v73svfuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZR -gyFmxhE+885H7pwoHyXa/6xmld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3 -d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9bgsiG1eGZbYwE8na6SfZu6W0eX6Dv -J4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq4BjFbkerQUIpm/Zg -DdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWErtXvM -+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyy -F62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9 -SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdws -E3PYJ/HQcu51OyLemGhmW/HGY0dVHLqlCFF1pkgl ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBH -MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM -QzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIy -MDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNl -cnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv -CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3Kg -GjSY6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9Bu -XvAuMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOd -re7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXu -PuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1 -mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K -8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqj -x5RWIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsR -nTKaG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0 -kzCqgc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9Ok -twIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBALZp -8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT -vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiT -z9D2PGcDFWEJ+YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiA -pJiS4wGWAqoC7o87xdFtCjMwc3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvb -pxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3DaWsYDQvTtN6LwG1BUSw7YhN4ZKJmB -R64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5rn/WkhLx3+WuXrD5R -RaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56GtmwfuNmsk -0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC -5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF -izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLn -yOd/xCxgXS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQsw -CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU -MBIGA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw -MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp -Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout -736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2A -DDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk -fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEA -njWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw WjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw MiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x @@ -3541,3 +3514,80 @@ HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== -----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN +MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT +HERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN +NDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs +IEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+ +ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0 +2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp +wgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM +pG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD +nU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po +sMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx +Zre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd +Lvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX +KyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe +XoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL +tgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv +TiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN +AQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H +PNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF +O4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ +REtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik +AdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv +/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+ +p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw +MUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF +qUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK +ovfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp +Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 +MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ +bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS +7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp +0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS +B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ +LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 +DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO +MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD +DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX +DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw +b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP +L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY +t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins +S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3 +PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO +L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3 +R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w +dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS ++YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS +d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG +AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f +gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j +BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z +NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM +QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf +R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ +DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW +P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy +lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq +bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w +AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q +r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji +Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU +98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- diff --git a/tools/openssl.cnf b/tools/openssl.cnf index e5eda91c..261c1023 100644 --- a/tools/openssl.cnf +++ b/tools/openssl.cnf @@ -1,5 +1,5 @@ # OpenSSL configuration file to create a server certificate -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 # Use this in order to automatically load providers. openssl_conf = openssl_init @@ -11,7 +11,7 @@ config_diagnostics = 1 #.include "../config/fipsmodule.cnf" [openssl_init] -providers = provider_sect +#providers = provider_sect alg_section = evp_properties # List of providers to load diff --git a/tools/stunnel.bash b/tools/stunnel.bash index 7951f526..ce6f1f31 100644 --- a/tools/stunnel.bash +++ b/tools/stunnel.bash @@ -1,5 +1,5 @@ # bash completion for stunnel -*- shell-script -*- -# by Michal Trojnara 1998-2022 +# by Michal Trojnara 1998-2023 _comp_cmd_stunnel() { diff --git a/tools/stunnel.conf b/tools/stunnel.conf index c98618b0..070a8b0f 100644 --- a/tools/stunnel.conf +++ b/tools/stunnel.conf @@ -1,4 +1,4 @@ -; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2022 +; Sample stunnel configuration file for Win64 by Michal Trojnara 2002-2023 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options diff --git a/tools/stunnel.conf-sample.in b/tools/stunnel.conf-sample.in index ca6e0dea..7a7dae9a 100644 --- a/tools/stunnel.conf-sample.in +++ b/tools/stunnel.conf-sample.in @@ -1,4 +1,4 @@ -; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2022 +; Sample stunnel configuration file for Unix by Michal Trojnara 1998-2023 ; Some options used here may be inadequate for your particular configuration ; This sample file does *not* represent stunnel.conf defaults ; Please consult the manual for detailed description of available options diff --git a/tools/stunnel.license b/tools/stunnel.license index 1c1d5a79..a2f46458 100644 --- a/tools/stunnel.license +++ b/tools/stunnel.license @@ -1,4 +1,4 @@ -Copyright (C) 1998-2022 Michal Trojnara +Copyright (C) 1998-2023 Michal Trojnara This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff --git a/tools/stunnel.nsi b/tools/stunnel.nsi index 1ffb0f1b..a2da0987 100644 --- a/tools/stunnel.nsi +++ b/tools/stunnel.nsi @@ -1,4 +1,4 @@ -# NSIS stunnel installer by Michal Trojnara 1998-2022 +# NSIS stunnel installer by Michal Trojnara 1998-2023 !define /ifndef VERSION testing !define /ifndef ARCH win32 @@ -30,6 +30,9 @@ BrandingText "Author: Michal Trojnara" !define MUI_FINISHPAGE_RUN "$INSTDIR\bin\stunnel.exe" !define MUI_FINISHPAGE_RUN_TEXT "Start stunnel after installation" !define MUI_FINISHPAGE_RUN_NOTCHECKED +!define MUI_FINISHPAGE_NOAUTOCLOSE +!define MUI_UNFINISHPAGE_NOAUTOCLOSE + !include "MUI2.nsh" # define SF_SELECTED !include "Sections.nsh" @@ -54,11 +57,12 @@ BrandingText "Author: Michal Trojnara" !define /ifndef ZLIB_DIR ${BIN_DIR}\zlib !define /ifndef REDIST_DIR ${BIN_DIR}\redist +!if ${SUFFIX} == "3" +!include "${STUNNEL_TOOLS_DIR}/ReplaceInFile3.nsh" +!endif + # additional plugins !addplugindir "${STUNNEL_TOOLS_DIR}/plugins/" -!if ${ENABLE_FIPS} -!include "${STUNNEL_TOOLS_DIR}/plugins/TextReplace.nsh" -!endif !define MUI_ICON ${STUNNEL_SRC_DIR}\stunnel.ico @@ -453,8 +457,45 @@ SectionGroup "Tools" groupTOOLS Section "openssl.exe" sectionOPENSSL SetOutPath "$INSTDIR\bin" File "${OPENSSL_BIN_DIR}\openssl.exe" + SetOutPath "$INSTDIR\config" File "${STUNNEL_TOOLS_DIR}\openssl.cnf" +!if ${SUFFIX} == "3" + Push "#providers = provider_sect" # text to be replaced + Push "providers = provider_sect" # replace with + Push 1 # start replacing at the 1st occurrence + Push 1 # replace 1 occurrences onwards, in all + Push "$INSTDIR\config\openssl.cnf" # file to replace in + Call AdvReplaceInFile +!endif + +!if ${ENABLE_FIPS} + # create fipsmodule.cnf + ExecWait '"$INSTDIR\bin\openssl.exe" fipsinstall -module "$INSTDIR\ossl-modules\fips.dll" \ + -out "$INSTDIR\config\fipsmodule.cnf" -provider_name fips' + + # modify fipsmodule.cnf and openssl.cnf to enable FIPS mode + Push "activate = 1" # text to be replaced + Push "#activate = 1" # replace with + Push 1 # start replacing at the 1st occurrence + Push 1 # replace 1 occurrences onwards, in all + Push "$INSTDIR\config\fipsmodule.cnf" # file to replace in + Call AdvReplaceInFile + + Push "#.include" # text to be replaced + Push ".include" # replace with + Push 1 # start replacing at the 1st occurrence + Push 1 # replace 1 occurrences onwards, in all + Push "$INSTDIR\config\openssl.cnf" # file to replace in + Call AdvReplaceInFile + + Push "#fips = fips_sect" # text to be replaced + Push "fips = fips_sect" # replace with + Push 1 # start replacing at the 1st occurrence + Push 1 # replace 1 occurrences onwards, in all + Push "$INSTDIR\config\openssl.cnf" # file to replace in + Call AdvReplaceInFile +!endif # create stunnel.pem IfSilent no_new_pem @@ -479,26 +520,6 @@ SectionEnd SectionGroupEnd -!if ${ENABLE_FIPS} -SectionGroup "Providers" groupPROVIDERS - -Section /o "FIPS" sectionFIPS - # create fipsmodule.cnf - ExecWait '"$INSTDIR\bin\openssl.exe" fipsinstall -module "$INSTDIR\ossl-modules\fips.dll" \ - -out "$INSTDIR\config\fipsmodule.cnf" -provider_name fips' - - # modify fipsmodule.cnf and openssl.cnf to enable FIPS mode - ${textreplace::ReplaceInFile} "$INSTDIR\config\fipsmodule.cnf" "$INSTDIR\config\fipsmodule.cnf" \ - "activate = 1" "#activate = 1" "/S=1 /C=0 /AO=1" $0 - ${textreplace::ReplaceInFile} "$INSTDIR\config\openssl.cnf" "$INSTDIR\config\openssl.cnf" \ - "#.include" ".include" "/S=1 /C=0 /AO=1" $0 - ${textreplace::ReplaceInFile} "$INSTDIR\config\openssl.cnf" "$INSTDIR\config\openssl.cnf" \ - "#fips = fips_sect" "fips = fips_sect" "/S=1 /C=0 /AO=1" $0 -SectionEnd - -SectionGroupEnd -!endif - SectionGroup "Shortcuts" groupSHORTCUTS Section "Start Menu" sectionMENU @@ -660,10 +681,6 @@ LangString DESC_sectionMENU ${LANG_ENGLISH} \ "Installs the Start Menu shortcuts for managing stunnel." LangString DESC_sectionDESKTOP ${LANG_ENGLISH} \ "Installs the Desktop shortcut for stunnel." -!if ${ENABLE_FIPS} -LangString DESC_sectionFIPS ${LANG_ENGLISH} \ - "Generates a FIPS module configuration file and loads FIPS provider to enable." -!endif /* LangString DESC_sectionDEBUG ${LANG_ENGLISH} \ "Installs the .PDB (program database) files for the executables and libraries." @@ -672,10 +689,6 @@ LangString DESC_groupTOOLS ${LANG_ENGLISH} \ "Installs optional (but useful) tools." LangString DESC_groupSHORTCUTS ${LANG_ENGLISH} \ "Installs menu and desktop shortcuts." -!if ${ENABLE_FIPS} -LangString DESC_groupPROVIDERS ${LANG_ENGLISH} \ - "Installs OpenSSL providers." -!endif !insertmacro MUI_FUNCTION_DESCRIPTION_BEGIN !insertmacro MUI_DESCRIPTION_TEXT ${sectionCORE} $(DESC_sectionCORE) @@ -683,17 +696,11 @@ LangString DESC_groupPROVIDERS ${LANG_ENGLISH} \ !insertmacro MUI_DESCRIPTION_TEXT ${sectionTSTUNNEL} $(DESC_sectionTSTUNNEL) !insertmacro MUI_DESCRIPTION_TEXT ${sectionMENU} $(DESC_sectionMENU) !insertmacro MUI_DESCRIPTION_TEXT ${sectionDESKTOP} $(DESC_sectionDESKTOP) -!if ${ENABLE_FIPS} - !insertmacro MUI_DESCRIPTION_TEXT ${sectionFIPS} $(DESC_sectionFIPS) -!endif /* !insertmacro MUI_DESCRIPTION_TEXT ${sectionDEBUG} $(DESC_sectionDEBUG) */ !insertmacro MUI_DESCRIPTION_TEXT ${groupTOOLS} $(DESC_groupTOOLS) !insertmacro MUI_DESCRIPTION_TEXT ${groupSHORTCUTS} $(DESC_groupSHORTCUTS) -!if ${ENABLE_FIPS} - !insertmacro MUI_DESCRIPTION_TEXT ${groupPROVIDERS} $(DESC_groupPROVIDERS) -!endif !insertmacro MUI_FUNCTION_DESCRIPTION_END # end of stunnel.nsi diff --git a/tools/stunnel.service.in b/tools/stunnel.service.in index fa989968..4a443962 100644 --- a/tools/stunnel.service.in +++ b/tools/stunnel.service.in @@ -3,6 +3,7 @@ Description=TLS tunnel for network daemons After=syslog.target network-online.target [Service] +LimitNOFILE=20480 ExecStart=@bindir@/stunnel ExecReload=/bin/kill -HUP $MAINPID Type=forking diff --git a/tools/stunnel.spec b/tools/stunnel.spec.in similarity index 92% rename from tools/stunnel.spec rename to tools/stunnel.spec.in index ff1ff77b..56db208e 100644 --- a/tools/stunnel.spec +++ b/tools/stunnel.spec.in @@ -1,5 +1,5 @@ Name: stunnel -Version: 5.65 +Version: @PACKAGE_VERSION@ Release: 1%{?dist} Summary: An TLS-encrypting socket wrapper Group: Applications/Internet @@ -43,6 +43,8 @@ done %if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 mkdir -p %{buildroot}%{_unitdir} cp tools/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +mkdir -p %{buildroot}%{_datadir}/bash-completion/completions +cp tools/%{name}.bash %{buildroot}%{_datadir}/bash-completion/completions/%{name}.bash %endif %post @@ -77,13 +79,16 @@ cp tools/%{name}.service %{buildroot}%{_unitdir}/%{name}.service %lang(pl) %{_mandir}/pl/man8/stunnel.8* %dir %{_sysconfdir}/%{name} %config %{_sysconfdir}/%{name}/*-sample -%exclude %{_sysconfdir}/%{name}/*.pem %if 0%{?fedora} >= 15 || 0%{?rhel} >= 7 %{_unitdir}/%{name}*.service %endif %config(noreplace) %{_datarootdir}/bash-completion/* %changelog +* Fri Feb 24 2023 Małgorzata Olszówka +- Fixed bash completion support +- Removed excluding pem files + * Wed Mar 02 2022 Małgorzata Olszówka - bash completion support