#!/bin/sh
##
##  configure -- mod_ssl configuration script
##
##  ====================================================================
##  Copyright (c) 1998 Ralf S. Engelschall. All rights reserved.
## 
##  Redistribution and use in source and binary forms, with or without
##  modification, are permitted provided that the following conditions
##  are met:
## 
##  1. Redistributions of source code must retain the above copyright
##     notice, this list of conditions and the following disclaimer. 
## 
##  2. Redistributions in binary form must reproduce the above copyright
##     notice, this list of conditions and the following
##     disclaimer in the documentation and/or other materials
##     provided with the distribution.
## 
##  3. All advertising materials mentioning features or use of this
##     software must display the following acknowledgment:
##     "This product includes software developed by 
##      Ralf S. Engelschall <rse@engelschall.com> for use in the
##      mod_ssl project (http://www.engelschall.com/sw/mod_ssl/)."
## 
##  4. The names "mod_ssl" must not be used to endorse or promote
##     products derived from this software without prior written
##     permission. For written permission, please contact
##     rse@engelschall.com.
## 
##  5. Products derived from this software may not be called "mod_ssl"
##     nor may "mod_ssl" appear in their names without prior
##     written permission of Ralf S. Engelschall.
## 
##  6. Redistributions of any form whatsoever must retain the following
##     acknowledgment:
##     "This product includes software developed by 
##      Ralf S. Engelschall <rse@engelschall.com> for use in the
##      mod_ssl project (http://www.engelschall.com/sw/mod_ssl/)."
## 
##  THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
##  EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
##  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
##  PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL RALF S. ENGELSCHALL OR
##  HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
##  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
##  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
##  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
##  STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
##  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
##  OF THE POSSIBILITY OF SUCH DAMAGE.
##  ====================================================================
##
DIFS=' 	
'

#
#   configuration
#
prefix=" +"
prefixe="  "
apache=''
ssleay=''
rsaref=''
crt=''
key=''
patch=''
apaci=''
force=no
configstatus=config.status

#
#   determine versions
#
V_MODSSL=`cat ssl.source/libssl.version | sed -e 's;-.*;;'`
V_APACHE=`cat ssl.source/libssl.version | sed -e 's;.*-;;'`

#
#  look for deadly broken echo commands which interpret escape
#  sequences `\XX' *per default*. For those we first try the -E option
#  and if it then is still broken we give a warning message.
#  If it works set the `Safe Echo Option' (SEO) variable.
#
SEO='' # CHANGE THIS VARIABLE HERE IF YOU HAVE PROBLEMS WITH ECHO!
bytes=`echo $SEO '\1' | wc -c | awk '{ printf("%s", $1); }'`
if [ ".$bytes" != .3 ]; then
    bytes=`echo -E '\1' | wc -c | awk '{ printf("%s", $1); }'`
    if [ ".$bytes" != .3 ]; then
        echo " + Warning: Your 'echo' command is slightly broken." 1>&2
        echo " + It interprets escape sequences per default. We already" 1>&2
        echo " + tried 'echo -E' but had no real success. If errors occur" 1>&2
        echo " + please set the SEO variable in 'configure' manually to" 1>&2
        echo " + the required 'echo' options, i.e. those which force your" 1>&2
        echo " + 'echo' to not interpret escape sequences per default." 1>&2
    else
        SEO='-E'
    fi
fi

#
#   parse argument line
#
prev=''
OIFS="$IFS" IFS="$DIFS"
for option
do
    if [ ".$prev" != . ]; then
        eval "$prev=\$option"
        prev=""
        continue
    fi
    case "$option" in
        -*=*) optarg=`echo "$option" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
           *) optarg='' ;;
    esac
    case "$option" in
        --with-apache=*)      apache="$optarg"       ;;
        --with-crt=*)         crt="$optarg"          ;;
        --with-key=*)         key="$optarg"          ;;
        --with-ssleay=*)      ssleay="$optarg"       ;;
        --with-rsaref=*)      rsaref="$optarg"       ;;
        --with-patch=*)       patch="$optarg"        ;;
        --force)              force=yes              ;;
        * )                   apaci="$apaci $option" ;;
    esac
done
IFS="$OIFS"
if [ ".$prev" != . ]; then
    echo "$0:Error: missing argument to --`echo $prev | sed 's/_/-/g'`" 1>&2
    exit 1
fi

#
#   usage
#
if [ ".$apache" = . ]; then
    echo "$0: Bad argument line"
    echo "$0: Usage: $0 [mod_ssl options] [APACI options]"
    echo "mod_ssl options:"
    echo "  --with-apache=DIR       ...path to Apache 1.3.x source tree    [REQUIRED]"
    echo "  --with-ssleay=DIR       ...path to SSLeay 0.9.x source tree    [OPTIONAL]"
    echo "  --with-rsaref=DIR       ...path to RSAref 2.0 source tree      [OPTIONAL]"
    echo "  --with-patch=FILE       ...path to your vendor 'patch' program [OPTIONAL]"
    echo "  --with-crt=FILE         ...path to SSL X.509 certificate file  [OPTIONAL]"
    echo "  --with-key=FILE         ...path to SSL RSA private key file    [OPTIONAL]"
    echo "  --force                 ...configure with disabled checks      [OPTIONAL]"
    echo "APACI options [OPTIONAL]:"
    echo "  --prefix=DIR            ...installation prefix for Apache"
    echo "  --...                   ...see the INSTALL file of Apache for more"
    exit 1
fi

#
#   create a config status script for restoring
#   the configuration via a simple shell script
#
rm -f $configstatus 2>/dev/null
echo "#!/bin/sh" >$configstatus
echo "##" >>$configstatus
echo "##  $configstatus -- mod_ssl auto-generated configuration restore script" >>$configstatus
echo "##" >>$configstatus
echo "##  Use this shell script to re-run the mod_ssl configure script for" >>$configstatus
echo "##  restoring your configuration. Additional parameters can be supplied." >>$configstatus
echo "##" >>$configstatus
echo "" >>$configstatus
if [ $# -eq 0 ]; then
    echo "./configure" >>$configstatus
else
    echo $SEO "./configure \\" >>$configstatus
    for arg
    do
        echo "$arg" |\
        sed -e 's:\(["$\\]\):\\\1:g' \
            -e 's:^:":' \
            -e 's:$:" \\:' >>$configstatus
    done
fi
echo '"$@"' >>$configstatus
echo '' >>$configstatus
chmod a+x $configstatus

#
#   give a friendly header
#
echo "Configuring mod_ssl/$V_MODSSL for Apache/$V_APACHE" 2>&1

#
#   check for Apache 1.3
#
if [ ! -f "$apache/src/include/httpd.h" ]; then
    echo "Error: Cannot find Apache 1.3 source tree under $apache" 1>&2
    echo "Hint:  Please specify location via --with-apache=PATH" 1>&2
    exit 1
fi
APV=`cat $apache/src/include/httpd.h |\
     grep "#define SERVER_BASEVERSION" |\
     sed -e 's/^[^"]*"//' -e 's/".*$//' -e 's/^Apache\///'`
if [ .$force != .yes ]; then
    if [ ".$V_APACHE" != ".$APV" ]; then
        echo "Error: The mod_ssl/$V_MODSSL can be used for Apache/$V_APACHE only." 1>&2
        echo "Error: Your Apache source tree under $apache is version $APV." 1>&2
        echo "Hint:  Please use an extracted apache_$V_APACHE.tar.gz tarball" 1>&2
        echo "Hint:  with the --with-apache option, only." 1>&2
        exit 1
    fi
fi
echo "$prefix Using Apache $APV source tree under $apache"

#
#   check for SSLeay
#
if [ ".$ssleay" != . ]; then
    if [ ".$ssleay" = .SYSTEM ]; then
        echo "$prefix Using SSLeay inside system locations"
    else
        if [ ! -d "$ssleay" ]; then
            echo "Error: Cannot find SSLeay source or install tree under $ssleay" 1>&2
            echo "Hint:  Please specify location via --with-ssleay=PATH" 1>&2
            exit 1
        fi
        echo "$prefix Using SSLeay source or install tree under $ssleay"
        ssleay="`cd $ssleay; pwd`"
    fi
fi

#
#   check for RSAref (when used)
#
if [ ".$rsaref" != . ]; then
    if [ ".$rsaref" = .SYSTEM ]; then
        echo "$prefix Using RSAref inside system locations"
    else
        if [ ! -d "$rsaref" ]; then
            echo "Error: Cannot find RSAref source or install tree under $rsaref" 1>&2
            echo "Hint:  Please specify location via --with-rsaref=PATH" 1>&2
            exit 1
        fi
        echo "$prefix Using RSAref source or install tree under $rsaref"
        rsaref="`cd $rsaref; pwd`"
    fi
fi

#
#   check for SSL certificate and key files
#
if [ ".$crt" != . ]; then
    if [ ! -f "$crt" ]; then
        echo "Error: Cannot find SSL X.509 certificate file $crt" 1>&2
        exit 1
    fi
fi
if [ ".$key" != . ]; then
    if [ ! -f "$key" ]; then
        echo "Error: Cannot find SSL RSA private key file $key" 1>&2
        exit 1
    fi
fi

#
#   make sure a `patch' program is available
#
if [ ".$patch" != . ]; then
    if [ -f $patch ]; then
        echo "$prefix Using auxiliary 'patch' tool: $patch (EXPECT PERHAPS FAILURES)" 
    else
        echo "Error: Provided 'patch' tool not found: $patch" 1>&2
        exit 1
    fi
else
    if [ ! -f etc/patch/patch ]; then
        (cd etc/patch/; ./configure; make) 2>&1 |\
        tee config.log |\
        etc/prop.sh "$prefix Building auxiliary 'patch' tool"
        if [ ! -f etc/patch/patch ]; then
            echo "Error: Building of 'patch' tool failed:" 1>&2
            echo "-------------------------------------------------" 1>&2
            tail config.log
            echo "-------------------------------------------------" 1>&2
            echo "Hint: Either try to build 'patch' under etc/patch/" 1>&2
            echo "Hint: manually and re-run this 'configure' script" 1>&2
            echo "Hint: or provide us the path to your vendor 'patch'" 1>&2
            echo "Hint: program via the --with-patch option (but expect" 1>&2
            echo "Hint: perhaps a failure when the patches are applied!)" 1>&2
            exit 1
        else
            rm -f config.log
            patch='etc/patch/patch'
        fi
    else
        echo "$prefix Building auxiliary 'patch' tool (skipping - already done)"
        patch='etc/patch/patch'
    fi
fi

#
#   Applying mod_ssl to the Apache source tree
#
echo "$prefix Applying mod_ssl extension and patches to Apache source tree"
for file in README LICENSE INSTALL; do
    echo "$prefixe creating: [FILE] $file.SSL"
    cp -p $file $apache/$file.SSL
done
echo "$prefixe creating: [FILE] src/CHANGES.SSL"
cp -p CHANGES $apache/src/CHANGES.SSL
if [ ".`egrep '^ssl=0' $apache/configure`" = . ]; then
    cat ssl.patch/apache.patch |\
    $patch --forward --directory=$apache 2>&1 |\
    tee config.log |\
    egrep '^.Index:' | sed -e "s/.*Index: /$prefixe patching: [FILE] /"
    failed=0
    if [ ".`egrep '^ssl=0' $apache/configure`" = . ]; then
        failed=1
    fi
    if [ ".`cd $apache; find . -name '*.rej' -print`" != . ]; then
        failed=1
    fi
    if [ ".$failed" = .1 ]; then
        echo "Error: Application of SSL patch failed:" 1>&2
        echo "-------------------------------------------------" 1>&2
        tail config.log
        echo "-------------------------------------------------" 1>&2
        exit 1
    else
        rm -f config.log
    fi
else
    cat ssl.patch/apache.patch |\
    egrep '^Index:' | sed -e "s/.*Index: /$prefixe skipping: [FILE] /"
fi
if [ ! -d "$apache/src/modules/ssl" ]; then
    echo "$prefixe creating: [DIR]  src/modules/ssl"
    mkdir $apache/src/modules/ssl
fi
for file in `cd ssl.source; echo *`; do
    test ! -f ssl.source/$file && continue
    echo "$prefixe creating: [FILE] src/modules/ssl/$file"
    cp -p ssl.source/$file $apache/src/modules/ssl/
done
echo "$prefixe creating: [FILE] src/support/mkcert.sh"
cp -p ssl.misc/mkcert.sh $apache/src/support/mkcert.sh
echo "$prefixe creating: [FILE] src/support/ca-fix.c"
cp -p ssl.misc/ca-fix.c $apache/src/support/ca-fix.c
if [ ! -d "$apache/conf/ssl.crt" ]; then
    echo "$prefixe creating: [DIR]  conf/ssl.crt"
    mkdir $apache/conf/ssl.crt
fi
echo "$prefixe creating: [FILE] conf/ssl.crt/README.CRT"
cp -p ssl.conf/README.CRT $apache/conf/ssl.crt/README.CRT
echo "$prefixe creating: [FILE] conf/ssl.crt/Makefile"
cp -p ssl.conf/Makefile $apache/conf/ssl.crt/Makefile
echo "$prefixe creating: [FILE] conf/ssl.crt/ca-bundle.crt"
cp -p ssl.conf/ca-bundle.crt $apache/conf/ssl.crt/ca-bundle.crt
echo "$prefixe creating: [FILE] conf/ssl.crt/snakeoil-ca.crt"
cp -p ssl.conf/snakeoil-ca.crt $apache/conf/ssl.crt/snakeoil-ca.crt
echo "$prefixe creating: [FILE] conf/ssl.crt/snakeoil.crt"
cp -p ssl.conf/snakeoil.crt $apache/conf/ssl.crt/snakeoil.crt
echo "$prefixe creating: [FILE] conf/ssl.crt/server.crt"
if [ ".$crt" != . ]; then
    if [ ".$key" != . ]; then
        cp -p $crt $apache/conf/ssl.crt/server.crt
    else
        sed -e '/-----BEGIN CERTIFICATE/,/-----END CERTIFICATE/p' -e '/.*/d' \
            <$crt >$apache/conf/ssl.crt/server.crt
    fi
else
    cp -p ssl.conf/server.crt $apache/conf/ssl.crt/server.crt
fi
if [ ! -d "$apache/conf/ssl.csr" ]; then
    echo "$prefixe creating: [DIR]  conf/ssl.csr"
    mkdir $apache/conf/ssl.csr
fi
echo "$prefixe creating: [FILE] conf/ssl.csr/README.CSR"
cp -p ssl.conf/README.CSR $apache/conf/ssl.csr/README.CSR
echo "$prefixe creating: [FILE] conf/ssl.csr/server.csr"
cp -p ssl.conf/server.csr $apache/conf/ssl.csr/server.csr
if [ ! -d "$apache/conf/ssl.key" ]; then
    echo "$prefixe creating: [DIR]  conf/ssl.key"
    mkdir $apache/conf/ssl.key
fi
echo "$prefixe creating: [FILE] conf/ssl.key/README.KEY"
cp -p ssl.conf/README.KEY $apache/conf/ssl.key/README.KEY
echo "$prefixe creating: [FILE] conf/ssl.key/snakeoil-ca.key"
cp -p ssl.conf/snakeoil-ca.key $apache/conf/ssl.key/snakeoil-ca.key
echo "$prefixe creating: [FILE] conf/ssl.key/snakeoil.key"
cp -p ssl.conf/snakeoil.key $apache/conf/ssl.key/snakeoil.key
echo "$prefixe creating: [FILE] conf/ssl.key/server.key"
if [ ".$crt" != . ]; then
    if [ ".$key" != . ]; then
        cp -p $key $apache/conf/ssl.key/server.key
    else
        sed -e '/-----BEGIN RSA PRIVATE KEY/,/-----END RSA PRIVATE KEY/p' -e '/.*/d' \
            <$crt >$apache/conf/ssl.key/server.key
    fi
else
    cp -p ssl.conf/server.key $apache/conf/ssl.key/server.key
fi
echo "$prefixe creating: [FILE] htdocs/manual/mod/mod_ssl.html"
cp -p ssl.docs/mod_ssl.html $apache/htdocs/manual/mod/mod_ssl.html
echo "$prefixe creating: [FILE] htdocs/manual/images/mod_ssl.jpg"
cp -p ssl.docs/mod_ssl.jpg $apache/htdocs/manual/images/mod_ssl.jpg
echo "$prefixe creating: [FILE] htdocs/manual/images/mod_ssl_sb.gif"
cp -p ssl.docs/mod_ssl_sb.gif $apache/htdocs/manual/images/mod_ssl_sb.gif
echo "$prefixe creating: [FILE] htdocs/manual/images/apache_pb.gif"
cp -p ssl.docs/apache_pb.gif $apache/htdocs/manual/images/apache_pb.gif
echo "$prefixe creating: [FILE] htdocs/manual/images/ssleay.gif"
cp -p ssl.docs/ssleay.gif $apache/htdocs/manual/images/ssleay.gif

echo "Done: SSL source extension and patches successfully applied."

#
#   Optionally configure Apache
#
if [ ".$ssleay" != . ]; then
    echo ""
    cd $apache
    if [ ".$rsaref" != . ]; then
        SSL_BASE=$ssleay RSA_BASE=$rsaref ./configure $apaci --enable-module=ssl
    else
        SSL_BASE=$ssleay ./configure $apaci --enable-module=ssl
    fi
    echo ""
    echo "Now please switch to $apache and run:"
    echo " \$ make"
    if [ ".$crt" = . ]; then
        echo " \$ make certificate"
    fi
    echo " \$ make install"
else
    echo ""
    echo "Now please switch to $apache and run:"
    echo " \$ SSL_BASE=/path/to/ssleay ./configure ... --enable-module=ssl"
    echo " \$ make"
    if [ ".$crt" = . ]; then
        echo " \$ make certificate"
    fi
    echo " \$ make install"
fi

