-AC_ARG_ENABLE([tls], AS_HELP_STRING([--enable-tls], [enable TLS (RadSec)]),
- [AC_CHECK_LIB([event_openssl], [bufferevent_openssl_socket_new],,
- AC_MSG_ERROR([required library event_openssl not found]))
- AC_DEFINE([RS_ENABLE_TLS])
- AC_DEFINE([RADPROT_TLS])])
-AM_CONDITIONAL([RS_ENABLE_TLS], [test "${enable_tls+set}" = set])
+AC_ARG_ENABLE([tls],
+ AS_HELP_STRING([--disable-tls], [disable TLS (RadSec)]),
+ [want_tls=$enableval])
+AM_CONDITIONAL([RS_ENABLE_TLS], [test $want_tls = yes])
+if test $want_tls = yes; then
+ AC_CHECK_LIB([event_openssl], [bufferevent_openssl_socket_new],,
+ AC_MSG_ERROR([required library event_openssl not found]))
+ AC_DEFINE([RS_ENABLE_TLS])
+ AC_DEFINE([RADPROT_TLS])
+else
+ # Define WITHOUT_OPENSSL for radius/client.h.
+ CPPFLAGS="$CPPFLAGS -DWITHOUT_OPENSSL"
+fi
+## Enable TLS-PSK (preshared keys).
+AH_TEMPLATE([RS_ENABLE_TLS_PSK], [TLS-PSK (TLS preshared keys) enabled])
+AC_ARG_ENABLE([tls-psk], AS_HELP_STRING([--enable-tls-psk], [enable TLS-PSK (TLS preshared keys)]),
+ [AC_CHECK_LIB([ssl], [SSL_set_psk_client_callback],,
+ AC_MSG_ERROR([required library openssl with SSL_set_psk_client_callback() not found]))
+ AC_DEFINE([RS_ENABLE_TLS_PSK])])
+AM_CONDITIONAL([RS_ENABLE_TLS_PSK], [test "${enable_tls_psk+set}" = set])