From 56f5702a7abc8aba9804a1d45f3a5662a2121a19 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Wed, 31 Jul 2019 01:52:42 -0400
Subject: build: Make CA root certificates path configurable

Use of installed CA root certificates can also be disabled entirely, but
that just breaks everything.
---
(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 47e9eef..0d82862 100644
--- a/configure.ac
+++ b/configure.ac
@@ -90,6 +90,41 @@ for flag in -Os -s -fno-unwind-tables -fno-asynchronous-unwind-tables \
 	AX_CHECK_COMPILE_FLAG([${flag}], [AX_APPEND_FLAG([${flag}])])
 done
 
+CA_CERTS='/etc/ssl/certs'
+AC_ARG_WITH([ca-certificates],
+	[AS_HELP_STRING([--with-ca-certificates=PATH],
+		[path to CA root certificates])],
+	[
+		case "${withval}" in
+			'yes'|'')
+				HAVE_CA_CERTS=1
+				;;
+			'no')
+				HAVE_CA_CERTS=0
+				;;
+			*)
+				HAVE_CA_CERTS=1
+				CA_CERTS="${withval}"
+				;;
+		esac
+	],
+	[
+		AC_MSG_CHECKING([for CA root certificates])
+		if test -d "${CA_CERTS}"; then
+			AC_MSG_RESULT([${CA_CERTS}])
+			HAVE_CA_CERTS=1
+		else
+			AC_MSG_RESULT([no])
+			HAVE_CA_CERTS=0
+		fi
+	]
+)
+AC_DEFINE_UNQUOTED([HAVE_CA_CERTS], [${HAVE_CA_CERTS}],
+	[Define to 1 to verify certificates against installed CA root
+		certificates.])
+AC_DEFINE_UNQUOTED([CA_CERTS], ["${CA_CERTS}"],
+	[Define to the path to CA root certificates.])
+
 PKG_PROG_PKG_CONFIG()
 PKG_CHECK_MODULES([WOLFSSL], [wolfssl])
 WOLFSSL_CFLAGS="$(printf ' %s' "${WOLFSSL_CFLAGS}" | \
--
cgit v0.9.1