Make TPM ENGINE support optional

Android's OpenSSL doesn't have ENGINE support; don't require it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/configure.ac b/configure.ac
index 4fcf82c..772f2ef 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -40,4 +40,9 @@ AC_CHECK_HEADER([if_tun.h],
             [AC_CHECK_HEADER([net/tun/if_tun.h],
                 [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])])
 
+AC_CHECK_LIB(ssl, ENGINE_by_id,
+            AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support]),
+            AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support]),
+            ${OPENSSL_LIBS})
+
 AC_OUTPUT(Makefile openconnect.pc)

diff --git a/openconnect.html b/openconnect.html
index d0b99ab..873d584 100644 (file)
--- a/openconnect.html
+++ b/openconnect.html
@@ -184,6 +184,7 @@ For full changelog entries including the latest development, see
   <LI><B>OpenConnect HEAD</B><BR>
      <UL>
        <LI>Switch back to using TLSv1, but without extensions.</LI>
+       <LI>Make TPM support optional, dependent on OpenSSL ENGINE support.</LI>
      </UL><BR>
   </LI>
   <LI><B><A HREF="ftp://ftp.infradead.org/pub/openconnect/openconnect-3.10.tar.gz">OpenConnect v3.10</a></B> &mdash; 2011-06-30<BR>
@@ -488,6 +489,6 @@ An <TT>openconnect</TT> <A HREF="http://www.freebsd.org/cgi/cvsweb.cgi/ports/sec
 <hr>
 <address>David Woodhouse &lt;<A HREF="mailto:dwmw2@infradead.org">dwmw2@infradead.org</A>&gt;</address>
 <!-- hhmts start -->
-Last modified: Fri Jul 15 10:19:52 PDT 2011
+Last modified: Fri Jul 15 10:20:37 PDT 2011
 <!-- hhmts end -->
 </body> </html>

diff --git a/ssl.c b/ssl.c
index 1e76a83..bed1efd 100644 (file)
--- a/ssl.c
+++ b/ssl.c
@@ -219,6 +219,7 @@ static int load_pkcs12_certificate(struct openconnect_info *vpninfo, PKCS12 *p12
        return ret;
 }
 
+#ifdef HAVE_ENGINE
 static int load_tpm_certificate(struct openconnect_info *vpninfo)
 {
        ENGINE *e;
@@ -264,6 +265,14 @@ static int load_tpm_certificate(struct openconnect_info *vpninfo)
        }
        return 0;
 }
+#else
+static int load_tpm_certificate(struct openconnect_info *vpninfo)
+{
+       vpn_progress (vpninfo, PRG_ERR,
+                     "This version of OpenConnect was built without TPM support\n");
+       return -EINVAL;
+}
+#endif
 
 static int reload_pem_cert(struct openconnect_info *vpninfo)
 {