# HG changeset patch # User Richard Laager # Date 1212977418 0 # Node ID 3903840531866266bd2a3149d79ef539bc915480 # Parent d4f12325e59963268e299c650b6f002777b0de0c Add a configure option, --with-ssl-certificates to allow packagers to specify a system-wide SSL CA certificates directory. On Debian, this would be /etc/ssl/certs. Also, when set, we don't install our SSL CA certs. Refs #6036 diff -r d4f12325e599 -r 390384053186 configure.ac --- a/configure.ac Mon Jun 09 00:14:40 2008 +0000 +++ b/configure.ac Mon Jun 09 02:10:18 2008 +0000 @@ -1561,6 +1561,18 @@ dnl # Thanks go to Evolution for the checks. dnl ####################################################################### +AC_ARG_WITH(ssl-certificates, [AC_HELP_STRING([--with-ssl-certificates=], [directory containing system-wide SSL CA certificates])]) + +SSL_CERTIFICATES_DIR="" +if ! test -z "$with_ssl_certificates" ; then + if ! test -d "$with_ssl_certificates" ; then + AC_MSG_ERROR([$with_ssl_certificates does not exist, if this is the correct location please make sure that it exists.]) + fi + SSL_CERTIFICATES_DIR="$with_ssl_certificates" +fi +AC_SUBST(SSL_CERTIFICATES_DIR) +AM_CONDITIONAL(INSTALL_SSL_CERTIFICATES, test "x$SSL_CERTIFICATES_DIR" = "x") + dnl These two are inverses of each other <-- stolen from evolution! AC_ARG_ENABLE(gnutls, @@ -2409,6 +2421,9 @@ fi echo Build with NetworkManager..... : $enable_nm echo SSL Library/Libraries......... : $msg_ssl +if test "x$SSL_CERTIFICATES_DIR" != "x" ; then + eval eval echo SSL CA certificates directory. : $SSL_CERTIFICATES_DIR +fi echo Build with Cyrus SASL support. : $enable_cyrus_sasl echo Use kerberos 4 with zephyr.... : $kerberos echo Use external libzephyr........ : $zephyr diff -r d4f12325e599 -r 390384053186 libpurple/Makefile.am --- a/libpurple/Makefile.am Mon Jun 09 00:14:40 2008 +0000 +++ b/libpurple/Makefile.am Mon Jun 09 02:10:18 2008 +0000 @@ -261,3 +261,9 @@ $(DBUS_CFLAGS) \ $(LIBXML_CFLAGS) \ $(NETWORKMANAGER_CFLAGS) + +# INSTALL_SSL_CERTIFICATES is true when SSL_CERTIFICATES_DIR is empty. +# We want to use SSL_CERTIFICATES_DIR when it's not empty. +if ! INSTALL_SSL_CERTIFICATES +AM_CPPFLAGS += -DSSL_CERTIFICATES_DIR=\"$(SSL_CERTIFICATES_DIR)\" +endif diff -r d4f12325e599 -r 390384053186 libpurple/certificate.c --- a/libpurple/certificate.c Mon Jun 09 00:14:40 2008 +0000 +++ b/libpurple/certificate.c Mon Jun 09 02:10:18 2008 +0000 @@ -745,8 +745,12 @@ x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR, "ca-certs", NULL)); #else +# ifdef SSL_CERTIFICATES_DIR + x509_ca_paths = g_list_append(NULL, SSL_CERTIFICATES_DIR); +# else x509_ca_paths = g_list_append(NULL, g_build_filename(DATADIR, "purple", "ca-certs", NULL)); +# endif #endif } diff -r d4f12325e599 -r 390384053186 share/ca-certs/Makefile.am --- a/share/ca-certs/Makefile.am Mon Jun 09 00:14:40 2008 +0000 +++ b/share/ca-certs/Makefile.am Mon Jun 09 02:10:18 2008 +0000 @@ -1,5 +1,4 @@ -cacertsdir = $(datadir)/purple/ca-certs -cacerts_DATA = \ +CERTIFICATES = \ Equifax_Secure_CA.pem \ GTE_CyberTrust_Global_Root.pem \ Microsoft_Secure_Server_Authority.pem \ @@ -7,7 +6,12 @@ Verisign_RSA_Secure_Server_CA.pem \ Verisign_Class3_Primary_CA.pem +if INSTALL_SSL_CERTIFICATES +cacertsdir = $(datadir)/purple/ca-certs +cacerts_DATA = $(CERTIFICATES) +endif + EXTRA_DIST = \ Makefile.mingw \ - $(cacerts_DATA) + $(CERTIFICATES)