Added options to enable/disable local files, HTTP, and FTP support. F…

configure.ac

@@ -1858,6 +1858,54 @@ if test "z$build_on_windows" = "zyes" ; then
     fi
 fi
 
+dnl ==========================================================================
+dnl See do we need files support
+dnl ==========================================================================
+AC_MSG_CHECKING(for files support)
+AC_ARG_ENABLE([files], [AS_HELP_STRING([--enable-files],[enable files support (yes)])])
+if test "z$enable_files" = "zno" ; then
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_FILES=1"
+    XMLSEC_NO_FILES="1"
+    AC_MSG_RESULT([no (tests will be broken!)])
+else
+    XMLSEC_NO_FILES="0"
+    AC_MSG_RESULT([yes])
+fi
+AM_CONDITIONAL(XMLSEC_NO_FILES, test "z$XMLSEC_NO_FILES" = "z1")
+AC_SUBST(XMLSEC_NO_FILES)
+
+dnl ==========================================================================
+dnl See do we need FTP support
+dnl ==========================================================================
+AC_MSG_CHECKING(for FTP support)
+AC_ARG_ENABLE([ftp], [AS_HELP_STRING([--enable-ftp],[enable FTP support (no, deprecated)])])
+if test "z$enable_ftp" = "zyes" ; then
+    XMLSEC_NO_FTP="0"
+    AC_MSG_RESULT([yes (deprecated)])
+else
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_FTP=1"
+    XMLSEC_NO_FTP="1"
+    AC_MSG_RESULT([disabled])
+fi
+AM_CONDITIONAL(XMLSEC_NO_FTP, test "z$XMLSEC_NO_FTP" = "z1")
+AC_SUBST(XMLSEC_NO_FTP)
+
+dnl ==========================================================================
+dnl See do we need HTTP support
+dnl ==========================================================================
+AC_MSG_CHECKING(for HTTP support)
+AC_ARG_ENABLE([http], [AS_HELP_STRING([--enable-http],[enable HTTP support (yes)])])
+if test "z$enable_http" = "zno" ; then
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_HTTP=1"
+    XMLSEC_NO_HTTP="1"
+    AC_MSG_RESULT([no])
+else
+    XMLSEC_NO_HTTP="0"
+    AC_MSG_RESULT([yes])
+fi
+AM_CONDITIONAL(XMLSEC_NO_HTTP, test "z$XMLSEC_NO_HTTP" = "z1")
+AC_SUBST(XMLSEC_NO_HTTP)
+
 dnl ==========================================================================
 dnl See do we need MD5 support
 dnl ==========================================================================
@@ -2027,7 +2075,21 @@ AC_ARG_ENABLE([dsa], [AS_HELP_STRING([--enable-dsa],[enable DSA support (yes)])]
 if test "z$enable_dsa" = "zno" ; then
     XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_DSA=1"
     XMLSEC_NO_DSA="1"
+    AC_MSG_RESULT([disabled])dnl ==========================================================================
+dnl See do we need MD5 support
+dnl ==========================================================================
+AC_MSG_CHECKING(for MD5 support)
+AC_ARG_ENABLE([md5], [AS_HELP_STRING([--enable-md5],[enable MD5 support (no, deprecated)])])
+if test "z$enable_md5" = "zyes" ; then
+    XMLSEC_NO_MD5="0"
+    AC_MSG_RESULT([yes (deprecated)])
+else
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_MD5=1"
+    XMLSEC_NO_MD5="1"
     AC_MSG_RESULT([disabled])
+fi
+AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1")
+AC_SUBST(XMLSEC_NO_MD5)
 else
     XMLSEC_NO_DSA="0"
     AC_MSG_RESULT([yes])

docs/index.html

@@ -43,7 +43,7 @@
 <!--Links - start--><!--Links - end-->
 </table>
 </td>
-<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<td valign="top"><table width="80%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
 <div align="center">
 <h1>XML Security Library</h1>
 </div>
@@ -78,11 +78,13 @@ <h1>XML Security Library</h1>
 				<ul>
                     <li>(<b>ABI breaking change</b>) Added support for the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.</li>
 					<li>(<b>ABI breaking change</b>) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to
-						restore the old behaviour (note that this behaviour is deprecated and will be removed in the future.</li>
+						restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).</li>
 					<li>(<b>API breaking change</b>) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode,
 						set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
 					</li>
 					<li>(<b>API breaking change</b>) The KeyName element content is now trimmed before key search is performed.</li>
+					<li>(<b>API breaking change</b>) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added
+                        "--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally.</li>
                     <li>(<b>API/ABI breaking change</b>) Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.</li>
 					<li>(<b>ABI breaking change</b>) Removed deprecated functions.</li>
                     <li>Added support for loading keys through <a href="https://www.openssl.org/docs/man3.0/man7/ossl_store.html">ossl-store</a> interface (e.g.

docs/news.html

@@ -43,7 +43,7 @@
 <!--Links - start--><!--Links - end-->
 </table>
 </td>
-<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<td valign="top"><table width="80%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
 <div align="center">
 <h1>XML Security Library News</h1>
 </div>
@@ -59,11 +59,13 @@ <h1>XML Security Library News</h1>
 				<ul>
                     <li>(<b>ABI breaking change</b>) Added support for the <a href="https://www.w3.org/TR/xmldsig-core1/#sec-KeyInfoReference">KeyInfoReference Element</a>.</li>
 					<li>(<b>ABI breaking change</b>) Switched xmlSecSize to use size_t by default. Use "--enable-size-t=no" configure option ("size_t=no" on Windows) to
-						restore the old behaviour (note that this behaviour is deprecated and will be removed in the future.</li>
+						restore the old behaviour (note that support for xmlSecSize being different from size_t will be removed in the future).</li>
 					<li>(<b>API breaking change</b>) Changed the key search to strict mode: only keys referenced by KeyInfo are used. To restore the old "lax" mode,
 						set XMLSEC_KEYINFO_FLAGS_LAX_KEY_SEARCH flag on xmlSecKeyInfoCtx or use '--lax-key-search' option for XMLSec command line utility.
 					</li>
 					<li>(<b>API breaking change</b>) The KeyName element content is now trimmed before key search is performed.</li>
+					<li>(<b>API breaking change</b>) Disabled FTP support by default. Use "--enable-ftp" configure option to restore it. Also added
+                        "--enable-http" and "--enable-files" configure options to control support for loading files over HTTP or locally.</li>
                     <li>(<b>API/ABI breaking change</b>) Disabled MD5 digest method by default. Use "--enable-md5" configure options ("legacy-crypto" option on Windows) to re-enable MD5.</li>
 					<li>(<b>ABI breaking change</b>) Removed deprecated functions.</li>
                     <li>Added support for loading keys through <a href="https://www.openssl.org/docs/man3.0/man7/ossl_store.html">ossl-store</a> interface (e.g.

src/io.c

@@ -24,14 +24,23 @@
 #include <libxml/tree.h>
 #include <libxml/xmlIO.h>
 
-#ifdef LIBXML_HTTP_ENABLED
-#include <libxml/nanohttp.h>
+/* check if we want HTTP and FTP support */
+#ifndef LIBXML_HTTP_ENABLED
+#define XMLSEC_NO_HTTP  1
 #endif /* LIBXML_HTTP_ENABLED */
 
-#ifdef LIBXML_FTP_ENABLED
-#include <libxml/nanoftp.h>
+#ifndef LIBXML_FTP_ENABLED
+#define XMLSEC_NO_FTP  1
 #endif /* LIBXML_FTP_ENABLED */
 
+#ifndef XMLSEC_NO_HTTP
+#include <libxml/nanohttp.h>
+#endif /* XMLSEC_NO_HTTP */
+
+#ifndef XMLSEC_NO_FTP
+#include <libxml/nanoftp.h>
+#endif /* XMLSEC_NO_FTP */
+
 #include <xmlsec/xmlsec.h>
 #include <xmlsec/keys.h>
 #include <xmlsec/transforms.h>
@@ -162,13 +171,14 @@ xmlSecIOInit(void) {
         return(-1);
     }
 
-#ifdef LIBXML_FTP_ENABLED
+#ifndef XMLSEC_NO_FTP
     xmlNanoFTPInit();
-#endif /* LIBXML_FTP_ENABLED */
+#endif /* XMLSEC_NO_FTP */
 
-#ifdef LIBXML_HTTP_ENABLED
+#ifndef XMLSEC_NO_HTTP
     xmlNanoHTTPInit();
-#endif /* LIBXML_HTTP_ENABLED */
+#endif /* #ifndef XMLSEC_NO_HTTP
+ */
 
     ret = xmlSecIORegisterDefaultCallbacks();
     if(ret < 0) {
@@ -188,13 +198,13 @@ xmlSecIOInit(void) {
 void
 xmlSecIOShutdown(void) {
 
-#ifdef LIBXML_HTTP_ENABLED
+#ifndef XMLSEC_NO_HTTP
     xmlNanoHTTPCleanup();
-#endif /* LIBXML_HTTP_ENABLED */
+#endif /* XMLSEC_NO_HTTP */
 
-#ifdef LIBXML_FTP_ENABLED
+#ifndef XMLSEC_NO_FTP
     xmlNanoFTPCleanup();
-#endif /* LIBXML_FTP_ENABLED */
+#endif /* XMLSEC_NO_FTP */
 
     xmlSecPtrListFinalize(&xmlSecAllIOCallbacks);
 }
@@ -257,31 +267,33 @@ int
 xmlSecIORegisterDefaultCallbacks(void) {
     int ret;
 
+#ifndef XMLSEC_NO_FILES
     /* Callbacks added later are picked up first */
     ret = xmlSecIORegisterCallbacks(xmlFileMatch, xmlFileOpen,
                               xmlFileRead, xmlFileClose);
     if(ret < 0) {
         xmlSecInternalError("xmlSecIORegisterCallbacks(file)", NULL);
         return(-1);
     }
+#endif /* XMLSEC_NO_FILES */
 
-#ifdef LIBXML_HTTP_ENABLED
+#ifndef XMLSEC_NO_HTTP
     ret = xmlSecIORegisterCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
                               xmlIOHTTPRead, xmlIOHTTPClose);
     if(ret < 0) {
         xmlSecInternalError("xmlSecIORegisterCallbacks(http)", NULL);
         return(-1);
     }
-#endif /* LIBXML_HTTP_ENABLED */
+#endif /* XMLSEC_NO_HTTP */
 
-#ifdef LIBXML_FTP_ENABLED
+#ifndef XMLSEC_NO_FTP
     ret = xmlSecIORegisterCallbacks(xmlIOFTPMatch, xmlIOFTPOpen,
                               xmlIOFTPRead, xmlIOFTPClose);
     if(ret < 0) {
         xmlSecInternalError("xmlSecIORegisterCallbacks(ftp)", NULL);
         return(-1);
     }
-#endif /* LIBXML_FTP_ENABLED */
+#endif /* XMLSEC_NO_FTP */
 
     /* done */
     return(0);
@@ -504,4 +516,3 @@ xmlSecTransformInputURIPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
     }
     return(0);
 }
-