+AC_SUBST(STATIC_PCRS_ONLY)
+
+FEATURE_HTTPS_INSPECTION_ONLY=#
+dnl ========================================================
+dnl check for mbedTLS which is required for https inspection
+dnl ========================================================
+FEATURE_HTTPS_INSPECTION_ONLY_MBEDTLS=#
+OPT_MBEDTLS=no
+AC_ARG_WITH(mbedtls,dnl
+AC_HELP_STRING([--with-mbedtls], [Enable mbedTLS detection for https inspection.])
+AC_HELP_STRING([--without-mbedtls], [Disable mbedTLS detection]),
+ OPT_MBEDTLS=$withval)
+
+if test X"$OPT_MBEDTLS" != Xno; then
+
+ AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
+ [
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION, 1, [if SSL/TLS is enabled])
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION_MBEDTLS, 1, [if mbedTLS is enabled])
+ AC_SUBST(FEATURE_HTTPS_INSPECTION_MBEDTLS, [1])
+ FEATURE_HTTPS_INSPECTION_MBEDTLS="yes"
+ ], [], -lmbedx509 -lmbedcrypto)
+
+ if test "x$FEATURE_HTTPS_INSPECTION_MBEDTLS" = "xyes"; then
+ AC_MSG_NOTICE([Detected mbedTLS. Enabling https inspection.])
+
+ LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
+ old_CFLAGS_nospecial="-Imbedtls/include $old_CFLAGS_nospecial"
+
+ FEATURE_HTTPS_INSPECTION_ONLY=
+ FEATURE_HTTPS_INSPECTION_ONLY_MBEDTLS=
+ fi
+fi
+AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY_MBEDTLS)
+
+dnl =================================================================
+dnl check for OpenSSL/LibreSSL which is required for https inspection
+dnl =================================================================
+FEATURE_HTTPS_INSPECTION_ONLY_OPENSSL=#
+OPT_OPENSSL=no
+AC_ARG_WITH(openssl,dnl
+AC_HELP_STRING([--with-openssl], [Enable OpenSSL/LibreSSL detection for https inspection.])
+AC_HELP_STRING([--without-openssl], [Disable OpenSSL/LibreSSL detection]),
+ OPT_OPENSSL=$withval)
+
+if test X"$OPT_OPENSSL" != Xno; then
+ if test "$PORTNAME" != "win32"; then
+ AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
+ FOUND_SSL_LIB="no"
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [FOUND_SSL_LIB="yes"])
+ AC_CHECK_LIB(ssl, SSL_library_init, [FOUND_SSL_LIB="yes"])
+ AS_IF([test "x$FOUND_SSL_LIB" = xno], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
+ else
+ AC_SEARCH_LIBS(CRYPTO_new_ex_data, eay32 crypto, [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
+ FOUND_SSL_LIB="no"
+ AC_SEARCH_LIBS(OPENSSL_init_ssl, ssleay32 ssl, [FOUND_SSL_LIB="yes"])
+ AC_SEARCH_LIBS(SSL_library_init, ssleay32 ssl, [FOUND_SSL_LIB="yes"])
+ AS_IF([test "x$FOUND_SSL_LIB" = xno], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
+ fi
+
+ if test "x$FOUND_SSL_LIB" = xyes; then
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION, 1, [if SSL/TLS is enabled])
+ AC_DEFINE(FEATURE_HTTPS_INSPECTION_OPENSSL, 1, [if OpenSSL is enabled])
+ AC_SUBST(FEATURE_HTTPS_INSPECTION_OPENSSL, [1])
+ FEATURE_HTTPS_INSPECTION="yes"
+ FEATURE_HTTPS_INSPECTION_OPENSSL="yes"
+ fi
+
+ if test "x$FEATURE_HTTPS_INSPECTION_OPENSSL" = "xyes"; then
+ AC_MSG_NOTICE([Detected OpenSSL. Enabling https inspection.])
+ AC_MSG_WARN([If you intend to redistribute Privoxy, please make sure the "special exception" from section 3 of the GPLv2 applies.])
+
+ LIBS="$LIBS -lssl -lcrypto"
+ old_CFLAGS_nospecial="$old_CFLAGS_nospecial"
+
+ FEATURE_HTTPS_INSPECTION_ONLY=
+ FEATURE_HTTPS_INSPECTION_ONLY_OPENSSL=
+ fi
+fi
+AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY_OPENSSL)
+
+AC_SUBST(FEATURE_HTTPS_INSPECTION_ONLY)
+
+dnl ========================================================
+dnl Check for Brotli which can be used for decompression
+dnl ========================================================
+WITH_BROTLI=no
+AC_ARG_WITH(brotli,
+AC_HELP_STRING([--with-brotli], [Enable Brotli detection])
+AC_HELP_STRING([--without-brotli], [Disable Brotli detection]),
+ WITH_BROTLI=$withval)
+
+if test X"$WITH_BROTLI" != Xno; then
+
+ LIBS="$LIBS -lbrotlidec"
+
+ AC_CHECK_LIB(brotlidec, BrotliDecoderDecompress)
+
+ AC_CHECK_HEADERS(brotli/decode.h,
+ FEATURE_BROTLI=1
+ AC_DEFINE(FEATURE_BROTLI, 1, [If Brotli is used for decompression])
+ AC_SUBST(FEATURE_BROTLI, [1])
+ )
+fi
+
+
+dnl =================================================================
+dnl Final cleanup and output
+dnl =================================================================
+
+dnl Remove the SPECIAL_CFLAGS stuff from CFLAGS, and add it separately
+dnl in the Makefile
+CFLAGS=$old_CFLAGS_nospecial
+AC_SUBST(SPECIAL_CFLAGS)