security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

First changes for future use of NTBTLS.

Browse Source 
* configure.ac (NEED_NTBTLS_ABI, NEED_NTBTLS_VERSION): New.
(HTTP_USE_NTBTLS): New.  Prefer over GNUTLS.
* m4/ntbtls.m4: New.
* m4/Makefile.am (EXTRA_DIST): Add new file.
* common/http.c: Add conditionals to eventually use NTBTLS.
--

This is only the configure stuff.  If you have NTBTLS installed GNUTLS
will not be used but there won't be any https support either :-(.
This patch is used to have a real world test bench for the forthcoming
library.
This commit is contained in:
Werner Koch 2014-10-02 17:33:57 +02:00
parent 6bc0cd6202
commit f2361e6d58
8 changed files with 302 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
common/Makefile.am
View File

@ -226,8 +226,9 @@ t_zb32_LDADD = $(t_common_ldadd)
# http tests
t_http_SOURCES = t-http.c
t_http_CFLAGS = $(t_common_cflags) $(LIBGNUTLS_CFLAGS)
t_http_LDADD = libcommontls.a $(t_common_ldadd) $(LIBGNUTLS_LIBS) $(DNSLIBS)
t_http_CFLAGS = $(t_common_cflags) $(NTBTLS_CFLAGS) $(LIBGNUTLS_CFLAGS)
t_http_LDADD = libcommontls.a $(t_common_ldadd) \
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(DNSLIBS)
# All programs should depend on the created libs.
$(PROGRAMS) : libcommon.a libcommonpth.a libcommontls.a libcommontlsnpth.a

122
common/http.c
View File

@ -39,7 +39,7 @@
- fixme: list other requirements.
- With HTTP_USE_GNUTLS or HTTP_USE_POLARSSL support for https is
- With HTTP_USE_NTBTLS or HTTP_USE_GNUTLS support for https is
provided (this also requires estream).
- With HTTP_NO_WSASTARTUP the socket initialization is not done
@ -82,17 +82,16 @@
# include <npth.h>
#endif
#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_POLARSSL)
# error Both, HTTP_USE_GNUTLS and HTTP_USE_POLARSSL, are defined.
#if defined (HTTP_USE_GNUTLS) && defined (HTTP_USE_NTBTLS)
# error Both, HTTP_USE_GNUTLS and HTTP_USE_NTBTLS, are defined.
#endif
#ifdef HTTP_USE_GNUTLS
#ifdef HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h>
# include <gnutls/x509.h>
#endif /*HTTP_USE_GNUTLS*/
#ifdef HTTP_USE_POLARSSL
# error Support for PolarSSL has not yet been added
#endif
#include "util.h"
@ -156,8 +155,15 @@ typedef unsigned long longcounter_t;
# define counter_strtoul(a) strtoul ((a), NULL, 10)
#endif
#ifndef HTTP_USE_GNUTLS
typedef void * gnutls_session_t;
#if HTTP_USE_NTBTLS
typedef ntbtls_t tls_session_t;
# define USE_TLS 1
#elif HTTP_USE_GNUTLS
typedef gnutls_session_t tls_session_t;
# define USE_TLS 1
#else
typedef void *tls_session_t;
# undef USE_TLS
#endif
static gpg_err_code_t do_parse_uri (parsed_uri_t uri, int only_local_part,
@ -226,14 +232,16 @@ struct http_session_s
int refcount; /* Number of references to this object. */
#ifdef HTTP_USE_GNUTLS
gnutls_certificate_credentials_t certcred;
gnutls_session_t tls_session;
#endif /*HTTP_USE_GNUTLS*/
#ifdef USE_TLS
tls_session_t tls_session;
struct {
int done; /* Verifciation has been done. */
int rc; /* GnuTLS verification return code. */
int rc; /* TLS verification return code. */
unsigned int status; /* Verification status. */
} verify;
char *servername; /* Malloced server name. */
#endif /*HTTP_USE_GNUTLS*/
#endif /*USE_TLS*/
/* A callback function to log details of TLS certifciates. */
void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
const void **, size_t *);
@ -522,7 +530,8 @@ session_unref (int lnr, http_session_t sess)
if (sess->refcount)
return;
#ifdef HTTP_USE_GNUTLS
#ifdef USE_TLS
# ifdef HTTP_USE_GNUTLS
if (sess->tls_session)
{
my_socket_t sock = gnutls_transport_get_ptr (sess->tls_session);
@ -531,8 +540,9 @@ session_unref (int lnr, http_session_t sess)
}
if (sess->certcred)
gnutls_certificate_free_credentials (sess->certcred);
# endif /*HTTP_USE_GNUTLS*/
xfree (sess->servername);
#endif /*HTTP_USE_GNUTLS*/
#endif /*USE_TLS*/
xfree (sess);
}
@ -560,7 +570,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
return gpg_error_from_syserror ();
sess->refcount = 1;
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
{
(void)tls_priority;
err = ntbtls_new (&sess->tls_session, NTBTLS_CLIENT);
if (err)
{
log_error ("ntbtls_new failed: %s\n", gpg_strerror (err));
goto leave;
}
}
#elif HTTP_USE_GNUTLS
{
const char *errpos;
int rc;
@ -616,17 +637,18 @@ http_session_new (http_session_t *r_session, const char *tls_priority)
goto leave;
}
}
#else /*!HTTP_USE_GNUTLS*/
(void)tls_priority;
{
(void)tls_priority;
}
#endif /*!HTTP_USE_GNUTLS*/
/* log_debug ("http.c:session_new: sess %p created\n", sess); */
err = 0;
#ifdef HTTP_USE_GNUTLS
#if USE_TLS
leave:
#endif /*HTTP_USE_GNUTLS*/
#endif /*USE_TLS*/
if (err)
http_session_unref (sess);
else
@ -1067,7 +1089,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->port = 11371;
uri->is_http = 1;
}
#ifdef HTTP_USE_GNUTLS
#ifdef USE_TLS
else if (!strcmp (uri->scheme, "https") || !strcmp (uri->scheme,"hkps")
|| (force_tls && (!strcmp (uri->scheme, "http")
|| !strcmp (uri->scheme,"hkp"))))
@ -1076,7 +1098,7 @@ do_parse_uri (parsed_uri_t uri, int only_local_part,
uri->is_http = 1;
uri->use_tls = 1;
}
#endif
#endif /*USE_TLS*/
else if (!no_scheme_check)
return GPG_ERR_INV_URI; /* Unsupported scheme */
@ -1393,22 +1415,24 @@ send_request (http_t hd, const char *httphost, const char *auth,
log_error ("TLS requested but no session object provided\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
#ifdef HTTP_USE_GNUTLS
#ifdef USE_TLS
if (hd->uri->use_tls && !hd->session->tls_session)
{
log_error ("TLS requested but no GNUTLS context available\n");
return gpg_err_make (default_errsource, GPG_ERR_INTERNAL);
}
#endif /*HTTP_USE_GNUTLS*/
#endif /*USE_TLS*/
server = *hd->uri->host ? hd->uri->host : "localhost";
port = hd->uri->port ? hd->uri->port : 80;
/* Try to use SNI. */
#ifdef HTTP_USE_GNUTLS
#ifdef USE_TLS
if (hd->uri->use_tls)
{
# if HTTP_USE_GNUTLS
int rc;
# endif
xfree (hd->session->servername);
hd->session->servername = xtrystrdup (httphost? httphost : server);
@ -1418,13 +1442,22 @@ send_request (http_t hd, const char *httphost, const char *auth,
return err;
}
# if HTTP_USE_NTBTLS
err = ntbtls_set_hostname (hd->session->tls_session, server);
if (err)
{
log_info ("ntbtls_set_hostname failed: %s\n", gpg_strerror (err));
return err;
}
# elif HTTP_USE_GNUTLS
rc = gnutls_server_name_set (hd->session->tls_session,
GNUTLS_NAME_DNS,
server, strlen (server));
if (rc < 0)
log_info ("gnutls_server_name_set failed: %s\n", gnutls_strerror (rc));
# endif /*HTTP_USE_GNUTLS*/
}
#endif /*HTTP_USE_GNUTLS*/
#endif /*USE_TLS*/
if ( (proxy && *proxy)
|| ( (hd->flags & HTTP_FLAG_TRY_PROXY)
@ -1490,7 +1523,37 @@ send_request (http_t hd, const char *httphost, const char *auth,
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
if (hd->uri->use_tls)
{
my_socket_ref (hd->sock);
while ((err = ntbtls_handshake (hd->session->tls_session)))
{
switch (err)
{
default:
log_info ("TLS handshake failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
hd->session->verify.done = 0;
if (tls_callback)
err = tls_callback (hd, hd->session, 0);
else
err = http_verify_server_credentials (hd->session);
if (err)
{
log_info ("TLS connection authentication failed: %s <%s>\n",
gpg_strerror (err), gpg_strsource (err));
xfree (proxy_authstr);
return err;
}
}
#elif HTTP_USE_GNUTLS
if (hd->uri->use_tls)
{
int rc;
@ -2423,7 +2486,7 @@ cookie_write (void *cookie, const void *buffer_arg, size_t size)
static void
send_gnutls_bye (void *opaque)
{
gnutls_session_t tls_session = opaque;
tls_session_t tls_session = opaque;
int ret;
again:
@ -2473,7 +2536,10 @@ cookie_close (void *cookie)
gpg_error_t
http_verify_server_credentials (http_session_t sess)
{
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
(void)sess;
return 0; /* FIXME!! */
#elif HTTP_USE_GNUTLS
static const char const errprefix[] = "TLS verification of peer failed";
int rc;
unsigned int status;

19
common/t-http.c
View File

@ -42,7 +42,9 @@
#include "http.h"
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h> /* For init, logging, and deinit. */
#endif /*HTTP_USE_GNUTLS*/
@ -97,6 +99,7 @@ static int no_verify;
#if HTTP_USE_GNUTLS
static gpg_error_t
verify_callback (http_t hd, http_session_t session, int reserved)
{
@ -104,14 +107,15 @@ verify_callback (http_t hd, http_session_t session, int reserved)
(void)reserved;
return no_verify? 0 : http_verify_server_credentials (session);
}
#endif
#if HTTP_USE_GNUTLS
static void
my_gnutls_log (int level, const char *text)
{
fprintf (stderr, "gnutls:L%d: %s", level, text);
}
#endif
/* Prepend FNAME with the srcdir environment variable's value and
return an allocated filename. */
@ -233,7 +237,14 @@ main (int argc, char **argv)
if (!cafile)
cafile = prepend_srcdir ("tls-ca.pem");
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
(void)err;
ntbtls_set_debug (tls_dbg, NULL, NULL);
#elif HTTP_USE_GNUTLS
rc = gnutls_global_init ();
if (rc)
log_error ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));

44
configure.ac
View File

@ -61,9 +61,13 @@ NEED_LIBASSUAN_VERSION=2.1.0
NEED_KSBA_API=1
NEED_KSBA_VERSION=1.2.0
NEED_NTBTLS_API=1
NEED_NTBTLS_VERSION=0.1.0
NEED_NPTH_API=1
NEED_NPTH_VERSION=0.91
NEED_GNUTLS_VERSION=3.0
@ -88,6 +92,7 @@ have_gpg_error=no
have_libgcrypt=no
have_libassuan=no
have_ksba=no
have_ntbtls=no
have_npth=no
have_libusb=no
have_adns=no
@ -101,6 +106,7 @@ card_support=yes
use_ccid_driver=yes
use_standard_socket=yes
dirmngr_auto_start=yes
use_tls_library=no
GNUPG_BUILD_PROGRAM(gpg, yes)
GNUPG_BUILD_PROGRAM(gpgsm, yes)
@ -126,6 +132,8 @@ AC_DEFINE_UNQUOTED(NEED_LIBGCRYPT_VERSION, "$NEED_LIBGCRYPT_VERSION",
[Required version of Libgcrypt])
AC_DEFINE_UNQUOTED(NEED_KSBA_VERSION, "$NEED_KSBA_VERSION",
[Required version of Libksba])
AC_DEFINE_UNQUOTED(NEED_NTBTLS_VERSION, "$NEED_NTBTLS_VERSION",
[Required version of NTBTLS])
@ -841,27 +849,37 @@ else
***]])
fi
#
# Check whether GNUTLS is available
# NTBTLS is our TLS library. If it is not available fallback to
# GNUTLS.
#
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
[have_gnutls=yes],
[have_gnutls=no])
if test "$have_gnutls" = "yes"; then
AC_SUBST([LIBGNUTLS_CFLAGS])
AC_SUBST([LIBGNUTLS_LIBS])
AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
AM_PATH_NTBTLS("$NEED_NTBTLS_API:$NEED_NTBTLS_VERSION",
[have_ntbtls=yes],[have_ntbtls=no])
if test "$have_ntbtls" = yes ; then
use_tls_library=ntbtls
AC_DEFINE(HTTP_USE_NTBTLS, 1, [Enable NTBTLS support in http.c])
else
tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
AC_MSG_WARN([[
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= $NEED_GNUTLS_VERSION],
[have_gnutls=yes],
[have_gnutls=no])
if test "$have_gnutls" = "yes"; then
AC_SUBST([LIBGNUTLS_CFLAGS])
AC_SUBST([LIBGNUTLS_LIBS])
use_tls_library=gnutls
AC_DEFINE(HTTP_USE_GNUTLS, 1, [Enable GNUTLS support in http.c])
else
tmp=$(echo "$LIBGNUTLS_PKG_ERRORS" | tr '\n' '\v' | sed 's/\v/\n*** /g')
AC_MSG_WARN([[
***
*** Building without GNUTLS - no TLS access to keyservers.
*** Building without NTBTLS and GNUTLS - no TLS access to keyservers.
***
*** $tmp]])
fi
fi
AC_MSG_NOTICE([checking for networking options])
#
@ -1788,7 +1806,7 @@ echo "
Dirmngr auto start: $dirmngr_auto_start
Readline support: $gnupg_cv_have_readline
DNS SRV support: $use_dns_srv
TLS support: $have_gnutls
TLS support: $use_tls_library
"
if test x"$use_regex" != xyes ; then
echo "

2
dirmngr/Makefile.am
View File

@ -63,7 +63,7 @@ endif
dirmngr_LDADD = $(libcommontlsnpth) $(libcommonpth) \
../gl/libgnu.a $(DNSLIBS) $(LIBASSUAN_LIBS) \
$(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
$(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
$(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV)
if !USE_LDAPWRAPPER
dirmngr_LDADD += $(LDAPLIBS)
endif

25
dirmngr/dirmngr.c
View File

@ -40,7 +40,12 @@
# include <signal.h>
#endif
#include <npth.h>
#ifdef HTTP_USE_GNUTLS
#include "dirmngr-err.h"
#if HTTP_USE_NTBTLS
# include <ntbtls.h>
#elif HTTP_USE_GNUTLS
# include <gnutls/gnutls.h>
#endif /*HTTP_USE_GNUTLS*/
@ -210,6 +215,7 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_p_u (oDebug, "debug", "@"),
ARGPARSE_s_n (oDebugAll, "debug-all", "@"),
ARGPARSE_s_i (oGnutlsDebug, "gnutls-debug", "@"),
ARGPARSE_s_i (oGnutlsDebug, "tls-debug", "@"),
ARGPARSE_s_i (oDebugWait, "debug-wait", "@"),
ARGPARSE_s_n (oNoGreeting, "no-greeting", "@"),
ARGPARSE_s_s (oHomedir, "homedir", "@"),
@ -244,7 +250,7 @@ static char *current_logfile;
/* Helper to implement --debug-level. */
static const char *debug_level;
/* Helper to set the GNUTLS log level. */
/* Helper to set the NTBTLS or GNUTLS log level. */
static int opt_gnutls_debug = -1;
/* Flag indicating that a shutdown has been requested. */
@ -410,7 +416,12 @@ set_debug (void)
if (opt.debug & DBG_CRYPTO_VALUE )
gcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1);
#ifdef HTTP_USE_GNUTLS
#if HTTP_USE_NTBTLS
if (opt_gnutls_debug >= 0)
{
ntbtls_set_debug (opt_gnutls_debug, NULL, NULL);
}
#elif HTTP_USE_GNUTLS
if (opt_gnutls_debug >= 0)
{
gnutls_global_set_log_function (my_gnutls_log);
@ -669,8 +680,12 @@ main (int argc, char **argv)
ksba_set_malloc_hooks (gcry_malloc, gcry_realloc, gcry_free );
ksba_set_hash_buffer_function (my_ksba_hash_buffer, NULL);
/* Init GNUTLS. */
#ifdef HTTP_USE_GNUTLS
/* Init TLS library. */
#if HTTP_USE_NTBTLS
if (!ntbtls_check_version (NEED_NTBTLS_VERSION) )
log_fatal( _("%s is too old (need %s, have %s)\n"), "ntbtls",
NEED_NTBTLS_VERSION, ntbtls_check_version (NULL) );
#elif HTTP_USE_GNUTLS
rc = gnutls_global_init ();
if (rc)
log_fatal ("gnutls_global_init failed: %s\n", gnutls_strerror (rc));

2
m4/Makefile.am
View File

@ -4,7 +4,7 @@ EXTRA_DIST += ldap.m4 libcurl.m4 libusb.m4 tar-ustar.m4 readline.m4
EXTRA_DIST += gnupg-pth.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4
EXTRA_DIST += gpg-error.m4 libgcrypt.m4 libassuan.m4 ksba.m4 ntbtls.m4
EXTRA_DIST += autobuild.m4

137
m4/ntbtls.m4 Normal file
View File

@ -0,0 +1,137 @@
dnl Autoconf macros for NTBTLS
dnl Copyright (C) 2002, 2004, 2011 Free Software Foundation, Inc.
dnl
dnl This file is free software; as a special exception the author gives
dnl unlimited permission to copy and/or distribute it, with or without
dnl modifications, as long as this notice is preserved.
dnl
dnl This file is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
dnl AM_PATH_NTBTLS([MINIMUM-VERSION,
dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
dnl
dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS.
dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
dnl with the API version to also check the API compatibility. Example:
dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using
dnl this features allows to prevent build against newer versions of libgcrypt
dnl with a changed API.
dnl
AC_DEFUN([AM_PATH_NTBTLS],
[ AC_REQUIRE([AC_CANONICAL_HOST])
AC_ARG_WITH(ntbtls-prefix,
AC_HELP_STRING([--with-ntbtls-prefix=PFX],
[prefix where NTBTLS is installed (optional)]),
ntbtls_config_prefix="$withval", ntbtls_config_prefix="")
if test x"${NTBTLS_CONFIG}" = x ; then
if test x"${ntbtls_config_prefix}" != x ; then
NTBTLS_CONFIG="${ntbtls_config_prefix}/bin/ntbtls-config"
else
case "${SYSROOT}" in
/*)
if test -x "${SYSROOT}/bin/ntbtls-config" ; then
NTBTLS_CONFIG="${SYSROOT}/bin/ntbtls-config"
fi
;;
'')
;;
*)
AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
;;
esac
fi
fi
AC_PATH_PROG(NTBTLS_CONFIG, ntbtls-config, no)
tmp=ifelse([$1], ,1:1.0.0,$1)
if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then
req_ntbtls_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'`
min_ntbtls_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'`
else
req_ntbtls_api=0
min_ntbtls_version="$tmp"
fi
AC_MSG_CHECKING(for NTBTLS - version >= $min_ntbtls_version)
ok=no
if test "$NTBTLS_CONFIG" != "no" ; then
req_major=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
req_minor=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
req_micro=`echo $min_ntbtls_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'`
ntbtls_config_version=`$NTBTLS_CONFIG --version`
major=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
minor=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
micro=`echo $ntbtls_config_version | \
sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'`
if test "$major" -gt "$req_major"; then
ok=yes
else
if test "$major" -eq "$req_major"; then
if test "$minor" -gt "$req_minor"; then
ok=yes
else
if test "$minor" -eq "$req_minor"; then
if test "$micro" -ge "$req_micro"; then
ok=yes
fi
fi
fi
fi
fi
fi
if test $ok = yes; then
AC_MSG_RESULT([yes ($ntbtls_config_version)])
else
AC_MSG_RESULT(no)
fi
if test $ok = yes; then
# If we have a recent ntbtls, we should also check that the
# API is compatible
if test "$req_ntbtls_api" -gt 0 ; then
tmp=`$NTBTLS_CONFIG --api-version 2>/dev/null || echo 0`
if test "$tmp" -gt 0 ; then
AC_MSG_CHECKING([NTBTLS API version])
if test "$req_ntbtls_api" -eq "$tmp" ; then
AC_MSG_RESULT([okay])
else
ok=no
AC_MSG_RESULT([does not match. want=$req_ntbtls_api got=$tmp])
fi
fi
fi
fi
if test $ok = yes; then
NTBTLS_CFLAGS=`$NTBTLS_CONFIG --cflags`
NTBTLS_LIBS=`$NTBTLS_CONFIG --libs`
ifelse([$2], , :, [$2])
ntbtls_config_host=`$NTBTLS_CONFIG --host 2>/dev/null || echo none`
if test x"$ntbtls_config_host" != xnone ; then
if test x"$ntbtls_config_host" != x"$host" ; then
AC_MSG_WARN([[
***
*** The config script $NTBTLS_CONFIG was
*** built for $ntbtls_config_host and thus may not match the
*** used host $host.
*** You may want to use the configure option --with-ntbtls-prefix
*** to specify a matching config script or use \$SYSROOT.
***]])
gpg_config_script_warn="$gpg_config_script_warn ntbtls"
fi
fi
else
NTBTLS_CFLAGS=""
NTBTLS_LIBS=""
ifelse([$3], , :, [$3])
fi
AC_SUBST(NTBTLS_CFLAGS)
AC_SUBST(NTBTLS_LIBS)
])