If --enable-pkinit is explicitly given, and OpenSSL is too old, error out instead of
authorKen Raeburn <raeburn@mit.edu>
Sun, 24 May 2009 19:58:47 +0000 (19:58 +0000)
committerKen Raeburn <raeburn@mit.edu>
Sun, 24 May 2009 19:58:47 +0000 (19:58 +0000)
ignoring the option and disabling pkinit.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22370 dc483132-0cff-0310-8789-dd5450dbe970

src/configure.in

index b0d362489b089a8bf745b306147faf862545dc5e..94775f136bb5588e42c0ad279810e00901f0c02e 100644 (file)
@@ -884,8 +884,8 @@ AC_SUBST(PASS)
 dnl for pkinit
 AC_ARG_ENABLE([pkinit],
 [  --disable-pkinit        disable PKINIT plugin support],,
-enable_pkinit=yes)
-if test "$enable_pkinit" = yes; then
+enable_pkinit=try)
+if test "$enable_pkinit" = yes || test "$enable_pkinit" = try; then
   AC_CACHE_CHECK(for a recent enough OpenSSL, k5_cv_openssl_version_okay,
 [AC_COMPILE_IFELSE([#include <openssl/opensslv.h>
 #if OPENSSL_VERSION_NUMBER < 0x00908000L
@@ -897,8 +897,10 @@ int i = 1;
   AC_CHECK_LIB(crypto, PKCS7_get_signer_info)
   LIBS="$old_LIBS"
 fi
-if test "$k5_cv_openssl_version_okay" = yes && test "$enable_pkinit" = yes; then
+if test "$k5_cv_openssl_version_okay" = yes && (test "$enable_pkinit" = yes || test "$enable_pkinit" = try); then
   K5_GEN_MAKEFILE(plugins/preauth/pkinit)
+elif test "$k5_cv_openssl_version_okay" = no && test "$enable_pkinit" = yes; then
+  AC_MSG_ERROR([Version of OpenSSL is too old; cannot enable PKINIT.])
 else
   AC_DEFINE([DISABLE_PKINIT], 1, [Define to disable PKINIT plugin support])
   AC_MSG_NOTICE([Disabling PKINIT support.])