-########################################################################### ssl
-dnl @synopsis CHECK_SSL
-dnl
-dnl based on the follwing macro from the autoconf archive
-dnl
-dnl @category InstalledPackages
-dnl @author Mark Ethan Trostler <trostler@juniper.net>
-dnl @version 2003-01-28
-dnl @license AllPermissive
-
-AC_DEFUN([CHECK_SSL],
-[
- for ssldir in $1 /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr; do
- AC_MSG_CHECKING(for openssl in $ssldir)
- if test -f "$ssldir/include/openssl/ssl.h"; then
- found_ssl="yes"
- AC_MSG_RESULT(yes)
- SSL_CFLAGS="-I$ssldir/include"
- SSL_CPPFLAGS="-I$ssldir/include"
- break
+########################################################################### crypto
+AC_ARG_ENABLE(cryptolib, [AS_HELP_STRING(--enable-cryptolib=lib, [
+ Force using crypto library "lib". This package requires either
+ openssl or libgcrypt being installed. Possible values for "lib"
+ are thus "openssl" and "gcrypt". If this option is not given,
+ openssl is tried first. If openssl was not found, gcrypt is
+ tried next.])])
+
+case "$enable_cryptolib" in
+ "openssl") check_openssl="yes"; check_gcrypt="no";;
+ "gcrypt") check_openssl="no"; check_gcrypt="yes";;
+ "") check_openssl="yes"; check_gcrypt="yes";;
+ *) AC_MSG_ERROR([invalid value "$enable_cryptolib" for --enable-cryptolib]);;
+esac
+###################################################################### openssl
+if test "$check_openssl" = "yes"; then
+ OLD_CPPFLAGS="$CPPFLAGS"
+ OLD_LD_FLAGS="$LDFLAGS"
+ OLD_LIBS="$LIBS"
+ have_openssl="yes"
+ AC_ARG_WITH(openssl_headers, [AC_HELP_STRING(--with-openssl-headers=dir,
+ [look for openssl headers also in dir])])
+ if test -n "$with_openssl_headers"; then
+ openssl_cppflags="-I$with_openssl_headers"
+ CPPFLAGS="$CPPFLAGS $openssl_cppflags"
+ fi
+ AC_ARG_WITH(openssl_libs, [AC_HELP_STRING(--with-openssl-libs=dir,
+ [look for openssl libraries also in dir])])
+ if test -n "$with_openssl_libs"; then
+ openssl_libs="-L$with_openssl_libs"
+ LDFLAGS="$LDFLAGS $openssl_libs"
+ fi
+ AC_CHECK_HEADER(openssl/ssl.h, [], [have_openssl="no"])
+ AC_CHECK_LIB([crypto], [RAND_bytes], [], [have_openssl="no"])
+ if test "$have_openssl" = "no" -a -z "$with_openssl_headers$with_openssl_libs"; then
+ # try harder: openssl is sometimes installed in /usr/local/ssl
+ openssl_cppflags="-I/usr/local/ssl/include"
+ CPPFLAGS="$CPPFLAGS $openssl_cppflags"
+ openssl_libs="-L/usr/local/ssl/lib"
+ LDFLAGS="$LDFLAGS $openssl_libs"
+ # clear cache
+ unset ac_cv_header_openssl_ssl_h 2> /dev/null
+ unset ac_cv_lib_crypto_RAND_bytes 2> /dev/null
+ AC_CHECK_HEADER(openssl/ssl.h, [have_openssl="yes"], [])
+ if test "$have_openssl" = "yes"; then
+ AC_CHECK_LIB([crypto], [RAND_bytes], [], [have_openssl="no"])