SSLLIB="$LIBOPENSSL_PATH $LIBOPENSSL_LIBS $SSLLIB"
AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available])
+ # check for API functions
+ SQUID_STATE_SAVE(check_SSL_CTX_get0_certificate)
+ LIBS="$LIBS $SSLLIB"
+ AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
+ AC_DEFINE(HAVE_SSL_CTX_GET0_CERTIFICATE, 1, [SSL_CTX_get0_certificate is available])
+ ], [
+ missing_SSL_CTX_get0_certificate=yes
+ ])
+ SQUID_STATE_ROLLBACK(check_SSL_CTX_get0_certificate)
+
# check for other specific broken implementations
- SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
+ if test "x$missing_SSL_CTX_get0_certificate" = "xyes"; then
+ SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
+ fi
SQUID_CHECK_OPENSSL_CONST_SSL_METHOD
SQUID_CHECK_OPENSSL_TXTDB
SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK
bool
Ssl::verifySslCertificate(Security::ContextPointer &ctx, CertificateProperties const &properties)
{
+#if HAVE_SSL_CTX_GET0_CERTIFICATE
+ X509 * cert = SSL_CTX_get0_certificate(ctx.get());
+#elif SQUID_USE_SSLGETCERTIFICATE_HACK
// SSL_get_certificate is buggy in openssl versions 1.0.1d and 1.0.1e
// Try to retrieve certificate directly from Security::ContextPointer object
-#if SQUID_USE_SSLGETCERTIFICATE_HACK
X509 ***pCert = (X509 ***)ctx->cert;
X509 * cert = pCert && *pCert ? **pCert : NULL;
#elif SQUID_SSLGETCERTIFICATE_BUGGY