]>
Commit | Line | Data |
---|---|---|
5b74111a | 1 | ## Copyright (C) 1996-2018 The Squid Software Foundation and contributors |
5d2e6f19 AJ |
2 | ## |
3 | ## Squid software is distributed under GPLv2+ license and includes | |
4 | ## contributions from numerous individuals and organizations. | |
5 | ## Please see the COPYING and CONTRIBUTORS files for details. | |
6 | ## | |
73862432 | 7 | |
c2afddd8 AJ |
8 | dnl check whether regex works by actually compiling one |
9 | dnl sets squid_cv_regex_works to either yes or no | |
10 | ||
11 | AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[ | |
12 | AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[ | |
13 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
14 | #if HAVE_SYS_TYPES_H | |
15 | #include <sys/types.h> | |
16 | #endif | |
17 | #if HAVE_REGEX_H | |
18 | #include <regex.h> | |
19 | #endif | |
20 | ]], [[ | |
21 | regex_t t; regcomp(&t,"",0);]])], | |
22 | [ squid_cv_regex_works=yes ], | |
23 | [ squid_cv_regex_works=no ]) | |
24 | ]) | |
25 | ]) | |
26 | ||
27 | ||
2ef664d8 FC |
28 | AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[ |
29 | AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[ | |
30 | SQUID_STATE_SAVE(iphlpapi) | |
31 | LIBS="$LIBS -liphlpapi" | |
32 | AC_LINK_IFELSE([AC_LANG_PROGRAM([[ | |
33 | #include <windows.h> | |
34 | #include <winsock2.h> | |
35 | #include <iphlpapi.h> | |
36 | ]], [[ | |
37 | MIB_IPNETTABLE i; | |
38 | unsigned long isz=sizeof(i); | |
39 | GetIpNetTable(&i,&isz,FALSE); | |
40 | ]])], | |
41 | [squid_cv_have_libiphlpapi=yes | |
42 | SQUID_STATE_COMMIT(iphlpapi)], | |
43 | [squid_cv_have_libiphlpapi=no | |
44 | SQUID_STATE_ROLLBACK(iphlpapi)]) | |
45 | ]) | |
46 | SQUID_STATE_ROLLBACK(iphlpapi) | |
47 | ]) | |
fc321c30 | 48 | |
8d56fe55 AJ |
49 | dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions |
50 | AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[ | |
51 | AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists") | |
52 | AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists") | |
53 | AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists") | |
54 | SQUID_STATE_SAVE(check_openssl_TLS_METHODS) | |
fe94990b | 55 | LIBS="$LIBS $SSLLIB" |
8d56fe55 AJ |
56 | AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1)) |
57 | AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1)) | |
58 | AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1)) | |
59 | SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS) | |
60 | ]) | |
61 | ||
17e98f24 AJ |
62 | dnl Checks whether the -lcrypto library provides various OpenSSL API functions |
63 | AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[ | |
64 | AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists") | |
65 | AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists") | |
66 | AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists") | |
67 | AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists") | |
68 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists") | |
69 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists") | |
70 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists") | |
71 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists") | |
fe94990b AJ |
72 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists") |
73 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists") | |
74 | AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists") | |
5107d2c4 | 75 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists") |
17e98f24 | 76 | SQUID_STATE_SAVE(check_openssl_libcrypto_api) |
fe94990b | 77 | LIBS="$LIBS $SSLLIB" |
17e98f24 AJ |
78 | AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1)) |
79 | AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1)) | |
80 | AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1)) | |
81 | AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1)) | |
82 | AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1)) | |
83 | AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1)) | |
84 | AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1)) | |
85 | AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1)) | |
fe94990b AJ |
86 | AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1)) |
87 | AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1)) | |
88 | AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1)) | |
5107d2c4 | 89 | AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1)) |
17e98f24 AJ |
90 | SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api) |
91 | ]) | |
92 | ||
93 | dnl Checks whether the -lssl library provides various OpenSSL API functions | |
94 | AC_DEFUN([SQUID_CHECK_LIBSSL_API],[ | |
95 | AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists") | |
96 | AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists") | |
97 | AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists") | |
98 | SQUID_STATE_SAVE(check_openssl_libssl_api) | |
fe94990b | 99 | LIBS="$LIBS $SSLLIB" |
17e98f24 AJ |
100 | AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1)) |
101 | AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1)) | |
102 | AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1)) | |
103 | SQUID_STATE_ROLLBACK(check_openssl_libssl_api) | |
104 | ]) | |
105 | ||
fc321c30 CT |
106 | dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a |
107 | dnl workaround can be used instead of using the SSL_get_certificate | |
108 | AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ | |
109 | AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid") | |
110 | AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate") | |
111 | SQUID_STATE_SAVE(check_SSL_get_certificate) | |
216eee00 | 112 | LIBS="$SSLLIB $LIBS" |
fc321c30 CT |
113 | if test "x$SSLLIBDIR" != "x"; then |
114 | LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" | |
115 | fi | |
116 | ||
117 | AC_MSG_CHECKING(whether the SSL_get_certificate is buggy) | |
118 | AC_RUN_IFELSE([ | |
119 | AC_LANG_PROGRAM( | |
120 | [ | |
121 | #include <openssl/ssl.h> | |
122 | #include <openssl/err.h> | |
123 | ], | |
124 | [ | |
125 | SSLeay_add_ssl_algorithms(); | |
8d56fe55 | 126 | #if HAVE_OPENSSL_TLS_METHOD |
1f3e0389 SH |
127 | SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); |
128 | #else | |
129 | SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); | |
130 | #endif | |
fc321c30 CT |
131 | SSL *ssl = SSL_new(sslContext); |
132 | X509* cert = SSL_get_certificate(ssl); | |
133 | return 0; | |
134 | ]) | |
135 | ], | |
136 | [ | |
137 | AC_MSG_RESULT([no]) | |
138 | ], | |
139 | [ | |
140 | AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) | |
141 | AC_MSG_RESULT([yes]) | |
142 | ], | |
958ae827 AJ |
143 | [ |
144 | AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0) | |
145 | AC_MSG_RESULT([cross-compile, assuming no]) | |
146 | ]) | |
fc321c30 CT |
147 | |
148 | AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works) | |
149 | AC_RUN_IFELSE([ | |
150 | AC_LANG_PROGRAM( | |
151 | [ | |
152 | #include <openssl/ssl.h> | |
153 | #include <openssl/err.h> | |
154 | ], | |
155 | [ | |
156 | SSLeay_add_ssl_algorithms(); | |
8d56fe55 | 157 | #if HAVE_OPENSSL_TLS_METHOD |
1f3e0389 SH |
158 | SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); |
159 | #else | |
160 | SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); | |
161 | #endif | |
fc321c30 CT |
162 | X509 ***pCert = (X509 ***)sslContext->cert; |
163 | X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; | |
164 | if (sslCtxCert != NULL) | |
165 | return 1; | |
166 | return 0; | |
167 | ]) | |
168 | ], | |
169 | [ | |
170 | AC_MSG_RESULT([yes]) | |
171 | AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) | |
172 | ], | |
173 | [ | |
174 | AC_MSG_RESULT([no]) | |
175 | ], | |
958ae827 AJ |
176 | [ |
177 | AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0) | |
178 | AC_MSG_RESULT([cross-compile, assuming no]) | |
179 | ]) | |
fc321c30 CT |
180 | |
181 | SQUID_STATE_ROLLBACK(check_SSL_get_certificate) | |
182 | ]) | |
fee5325b | 183 | |
19179f7c CT |
184 | dnl Checks whether the SSL_CTX_new and similar functions require |
185 | dnl a const 'SSL_METHOD *' argument | |
186 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ | |
187 | AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") | |
188 | SQUID_STATE_SAVE(check_const_SSL_METHOD) | |
189 | AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") | |
190 | ||
191 | AC_COMPILE_IFELSE([ | |
192 | AC_LANG_PROGRAM( | |
193 | [ | |
194 | #include <openssl/ssl.h> | |
195 | #include <openssl/err.h> | |
196 | ], | |
197 | [ | |
198 | const SSL_METHOD *method = NULL; | |
199 | SSL_CTX *sslContext = SSL_CTX_new(method); | |
200 | return (sslContext != NULL); | |
201 | ]) | |
202 | ], | |
203 | [ | |
204 | AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1) | |
205 | AC_MSG_RESULT([yes]) | |
206 | ], | |
207 | [ | |
208 | AC_MSG_RESULT([no]) | |
209 | ], | |
210 | []) | |
211 | ||
212 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) | |
7d841344 AJ |
213 | ]) |
214 | ||
215 | dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument | |
216 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[ | |
217 | AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") | |
218 | SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA) | |
219 | AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") | |
220 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
221 | #include <openssl/ssl.h> | |
222 | ||
223 | int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) { | |
224 | return 0; | |
225 | } | |
226 | ],[ | |
227 | return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL); | |
228 | ]) | |
229 | ],[ | |
230 | AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1) | |
231 | AC_MSG_RESULT([yes]) | |
232 | ],[ | |
233 | AC_MSG_RESULT([no]) | |
234 | ]) | |
235 | SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA) | |
236 | ]) | |
237 | ||
238 | dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument | |
239 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[ | |
240 | AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") | |
241 | SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb) | |
242 | AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") | |
243 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
244 | #include <openssl/ssl.h> | |
245 | ||
246 | SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) { | |
247 | return NULL; | |
248 | } | |
249 | ],[ | |
250 | SSL_CTX_sess_set_get_cb(NULL, get_session_cb); | |
251 | return 0; | |
252 | ]) | |
253 | ],[ | |
254 | AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1) | |
255 | AC_MSG_RESULT([yes]) | |
256 | ],[ | |
257 | AC_MSG_RESULT([no]) | |
258 | ]) | |
259 | SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb) | |
260 | ]) | |
fee5325b | 261 | |
70cfe22f AJ |
262 | dnl Checks whether the X509_get0_signature() has const arguments |
263 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[ | |
264 | AH_TEMPLATE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, "Define if X509_get0_signature() accepts const parameters") | |
265 | SQUID_STATE_SAVE(check_const_X509_get0_signature_args) | |
266 | AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters") | |
267 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
268 | #include <openssl/ssl.h> | |
269 | ],[ | |
270 | #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE | |
271 | const ASN1_BIT_STRING *sig = nullptr; | |
272 | const X509_ALGOR *sig_alg; | |
273 | X509_get0_signature(&sig, &sig_alg, nullptr); | |
274 | #else | |
275 | #error Missing X509_get0_signature() | |
276 | #endif | |
277 | ]) | |
278 | ],[ | |
279 | AC_DEFINE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, 1) | |
280 | AC_MSG_RESULT([yes]) | |
281 | ],[ | |
282 | AC_MSG_RESULT([no]) | |
283 | ]) | |
284 | SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args) | |
285 | ]) | |
286 | ||
fee5325b CT |
287 | dnl Try to handle TXT_DB related problems: |
288 | dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version | |
289 | dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not | |
290 | dnl implemented correctly and causes type conversion errors while compiling squid | |
291 | ||
292 | AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ | |
293 | AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") | |
19179f7c | 294 | AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value") |
fee5325b CT |
295 | AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") |
296 | ||
297 | SQUID_STATE_SAVE(check_TXTDB) | |
298 | ||
299 | LIBS="$LIBS $SSLLIB" | |
19179f7c | 300 | squid_cv_check_openssl_pstring="no" |
fee5325b CT |
301 | AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) |
302 | AC_COMPILE_IFELSE([ | |
303 | AC_LANG_PROGRAM( | |
304 | [ | |
305 | #include <openssl/txt_db.h> | |
306 | ], | |
307 | [ | |
308 | TXT_DB *db = NULL; | |
309 | int i = sk_OPENSSL_PSTRING_num(db->data); | |
310 | return 0; | |
311 | ]) | |
312 | ], | |
313 | [ | |
314 | AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) | |
315 | AC_MSG_RESULT([yes]) | |
19179f7c | 316 | squid_cv_check_openssl_pstring="yes" |
fee5325b CT |
317 | ], |
318 | [ | |
319 | AC_MSG_RESULT([no]) | |
320 | ], | |
321 | []) | |
322 | ||
19179f7c CT |
323 | if test x"$squid_cv_check_openssl_pstring" = "xyes"; then |
324 | AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used) | |
325 | AC_COMPILE_IFELSE([ | |
326 | AC_LANG_PROGRAM( | |
327 | [ | |
328 | #include <openssl/txt_db.h> | |
329 | ], | |
330 | [ | |
331 | TXT_DB *db = NULL; | |
332 | const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0)); | |
333 | return (current_row != NULL); | |
334 | ]) | |
335 | ], | |
336 | [ | |
337 | AC_MSG_RESULT([no]) | |
338 | ], | |
339 | [ | |
340 | AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1) | |
341 | AC_MSG_RESULT([yes]) | |
342 | ], | |
343 | []) | |
344 | fi | |
345 | ||
fee5325b CT |
346 | AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) |
347 | AC_COMPILE_IFELSE([ | |
348 | AC_LANG_PROGRAM( | |
349 | [ | |
350 | #include <openssl/txt_db.h> | |
351 | ||
352 | static unsigned long index_serial_hash(const char **a){} | |
353 | static int index_serial_cmp(const char **a, const char **b){} | |
354 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) | |
355 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | |
356 | ], | |
357 | [ | |
358 | TXT_DB *db = NULL; | |
359 | TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); | |
360 | ]) | |
361 | ], | |
362 | [ | |
363 | AC_MSG_RESULT([no]) | |
364 | ], | |
365 | [ | |
366 | AC_MSG_RESULT([yes]) | |
367 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) | |
368 | ], | |
369 | []) | |
370 | ||
371 | SQUID_STATE_ROLLBACK(check_TXTDB) | |
372 | ]) | |
a95989ed | 373 | |
1110989a CT |
374 | dnl Check if we can rewrite the hello message stored in an SSL object. |
375 | dnl The tests are very basic, just check if the required members exist in | |
376 | dnl SSL structure. | |
a95989ed CT |
377 | AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[ |
378 | AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct") | |
379 | SQUID_STATE_SAVE(check_openSSL_overwrite_hack) | |
380 | AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct) | |
381 | ||
382 | AC_COMPILE_IFELSE([ | |
383 | AC_LANG_PROGRAM( | |
384 | [ | |
385 | #include <openssl/ssl.h> | |
386 | #include <openssl/err.h> | |
387 | #include <assert.h> | |
388 | ], | |
389 | [ | |
390 | SSL *ssl; | |
391 | char *random, *msg; | |
392 | memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE); | |
393 | SSL3_BUFFER *wb=&(ssl->s3->wbuf); | |
394 | assert(wb->len == 0); | |
395 | memcpy(wb->buf, msg, 0); | |
396 | assert(wb->left == 0); | |
397 | memcpy(ssl->init_buf->data, msg, 0); | |
398 | ssl->init_num = 0; | |
399 | ssl->s3->wpend_ret = 0; | |
400 | ssl->s3->wpend_tot = 0; | |
b44de379 AR |
401 | SSL_CIPHER *cipher = 0; |
402 | assert(SSL_CIPHER_get_id(cipher)); | |
a95989ed CT |
403 | ]) |
404 | ], | |
405 | [ | |
88a300ce | 406 | AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1]) |
a95989ed CT |
407 | ], |
408 | [ | |
409 | AC_MSG_RESULT([no]) | |
410 | ], | |
411 | []) | |
412 | ||
413 | SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack) | |
414 | ] | |
415 | ) |