[thirdparty/squid.git] / acinclude / lib-checks.m4

## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
##
## Squid software is distributed under GPLv2+ license and includes
## contributions from numerous individuals and organizations.
## Please see the COPYING and CONTRIBUTORS files for details.
##

dnl check whether regex works by actually compiling one
dnl sets squid_cv_regex_works to either yes or no

AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
  AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
    AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#if HAVE_REGEX_H
#include <regex.h> 
#endif
]], [[
regex_t t; regcomp(&t,"",0);]])],
    [ squid_cv_regex_works=yes ],
    [ squid_cv_regex_works=no ])
  ])
])


AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
    SQUID_STATE_SAVE(iphlpapi)
    LIBS="$LIBS -liphlpapi"
    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <windows.h>
#include <winsock2.h>
#include <iphlpapi.h>
]], [[
  MIB_IPNETTABLE i;
  unsigned long isz=sizeof(i);
  GetIpNetTable(&i,&isz,FALSE);
    ]])],
    [squid_cv_have_libiphlpapi=yes
     SQUID_STATE_COMMIT(iphlpapi)],
    [squid_cv_have_libiphlpapi=no
     SQUID_STATE_ROLLBACK(iphlpapi)])
  ])
  SQUID_STATE_ROLLBACK(iphlpapi)
])

dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
  AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
  SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
  LIBS="$LIBS $SSLLIB"
  AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
  AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
  AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
  SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
])

dnl Checks whether the -lcrypto library provides various OpenSSL API functions
AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
  AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL, "Define to 1 if the X509_VERIFY_PARAM_set_auth_level() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, "Define to 1 if the X509_chain_up_ref() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_SSL_GET0_PARAM, "Define to 1 of the SSL_get0_param() OpenSSL API function exists")
  SQUID_STATE_SAVE(check_openssl_libcrypto_api)
  LIBS="$LIBS $SSLLIB"
  AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1))
  AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
  AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
  AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1))
  AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
  AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
  AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1))
  AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
  AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
  AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
  AC_CHECK_LIB(crypto,  X509_VERIFY_PARAM_set_auth_level, AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL))
  AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
  AC_CHECK_LIB(crypto, X509_chain_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, 1))
  AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
  AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
  AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,))
  AC_CHECK_LIB(crypto, SSL_get0_param, AC_DEFINE(HAVE_SSL_GET0_PARAM, 1))
  SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
])

dnl Checks whether the -lssl library provides various OpenSSL API functions
AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
  AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
  AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
  SQUID_STATE_SAVE(check_openssl_libssl_api)
  LIBS="$LIBS $SSLLIB"
  AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1))
  AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
  AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
  AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
  SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
])

dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
dnl workaround can be used instead of using the SSL_get_certificate
AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
  AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
  AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
  SQUID_STATE_SAVE(check_SSL_get_certificate)
  LIBS="$SSLLIB $LIBS"
  if test "x$SSLLIBDIR" != "x"; then
     LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
  fi

  AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
  AC_RUN_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/ssl.h>
     #include <openssl/err.h>
    ],
    [
#if defined(SSLeay_add_ssl_algorithms)
    SSLeay_add_ssl_algorithms();
#endif
#if HAVE_OPENSSL_TLS_METHOD
    SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
#else
    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
#endif
    SSL *ssl = SSL_new(sslContext);
    X509* cert = SSL_get_certificate(ssl);
    return 0;
    ])
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [
   AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
   AC_MSG_RESULT([yes])
  ],
  [
   AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
   AC_MSG_RESULT([cross-compile, assuming no])
  ])

  AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
  AC_RUN_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/ssl.h>
     #include <openssl/err.h>
    ],
    [
#if defined(SSLeay_add_ssl_algorithms)
    SSLeay_add_ssl_algorithms();
#endif
#if HAVE_OPENSSL_TLS_METHOD
    SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
#else
    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
#endif
    X509 ***pCert = (X509 ***)sslContext->cert;
    X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
    if (sslCtxCert != NULL)
        return 1;
    return 0;
    ])
  ],
  [
   AC_MSG_RESULT([yes])
   AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [
   AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
   AC_MSG_RESULT([cross-compile, assuming no])
  ])

SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
])

dnl Checks whether the  SSL_CTX_new and similar functions require 
dnl a const 'SSL_METHOD *' argument
AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
  AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
  SQUID_STATE_SAVE(check_const_SSL_METHOD)
  AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")

  AC_COMPILE_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/ssl.h>
     #include <openssl/err.h>
    ],
    [
       const SSL_METHOD *method = NULL;
       SSL_CTX *sslContext = SSL_CTX_new(method);
       return (sslContext != NULL);
    ])
  ],
  [
   AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
   AC_MSG_RESULT([yes])
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [])

SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
])

dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
  AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
  SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
  AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>

int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
    return 0;
}
    ],[
return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
    ])
  ],[
   AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
   AC_MSG_RESULT([yes])
  ],[
   AC_MSG_RESULT([no])
  ])
  SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
])

dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
  AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
  SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
  AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>

SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
    return NULL;
}
    ],[
SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
return 0;
    ])
  ],[
   AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
   AC_MSG_RESULT([yes])
  ],[
   AC_MSG_RESULT([no])
  ])
  SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
])

dnl Checks whether the X509_get0_signature() has const arguments
AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
  AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!)
  SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
  AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <openssl/ssl.h>
    ],[
#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
        const ASN1_BIT_STRING *sig = nullptr;
        const X509_ALGOR *sig_alg;
        X509_get0_signature(&sig, &sig_alg, nullptr);
#else
#error Missing X509_get0_signature()
#endif
    ])
  ],[
   AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const)
   AC_MSG_RESULT([yes])
  ],[
   AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)
   AC_MSG_RESULT([no])
  ])
  SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
])

dnl Try to handle TXT_DB related  problems:
dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
dnl    implemented correctly and causes type conversion errors while compiling squid

AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
  AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
  AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
  AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")

  SQUID_STATE_SAVE(check_TXTDB)

  LIBS="$LIBS $SSLLIB"
  squid_cv_check_openssl_pstring="no"
  AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
  AC_COMPILE_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/txt_db.h>
    ],
    [
    TXT_DB *db = NULL;
    int i = sk_OPENSSL_PSTRING_num(db->data);
    return 0;
    ])
  ],
  [
   AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
   AC_MSG_RESULT([yes])
   squid_cv_check_openssl_pstring="yes"
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [])

  if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
     AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
     AC_COMPILE_IFELSE([
     AC_LANG_PROGRAM(
       [
        #include <openssl/txt_db.h>
       ],
       [
       TXT_DB *db = NULL;
       const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
       return (current_row != NULL);
       ])
     ],
     [
      AC_MSG_RESULT([no])
     ],
     [
      AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
      AC_MSG_RESULT([yes])
     ],
     [])
  fi

  AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
  AC_COMPILE_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/txt_db.h>

     static unsigned long index_serial_hash(const char **a){}
     static int index_serial_cmp(const char **a, const char **b){}
     static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
     static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
    ],
    [
    TXT_DB *db = NULL;
    TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
    ])
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [
   AC_MSG_RESULT([yes])
   AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
  ],
[])

SQUID_STATE_ROLLBACK(check_TXTDB)
])

dnl Check if we can rewrite the hello message stored in an SSL object.
dnl The tests are very basic, just check if the required members exist in
dnl SSL structure.
AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
  AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
  SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
  AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)

  AC_COMPILE_IFELSE([
  AC_LANG_PROGRAM(
    [
     #include <openssl/ssl.h>
     #include <openssl/err.h>
     #include <assert.h>
    ],
    [
    SSL *ssl;
    char *random, *msg;
    memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
    SSL3_BUFFER *wb=&(ssl->s3->wbuf);
    assert(wb->len == 0);
    memcpy(wb->buf, msg, 0);
    assert(wb->left == 0);
    memcpy(ssl->init_buf->data, msg, 0);
    ssl->init_num = 0;
    ssl->s3->wpend_ret = 0;
    ssl->s3->wpend_tot = 0;
    SSL_CIPHER *cipher = 0;
    assert(SSL_CIPHER_get_id(cipher));
    ])
  ],
  [
   AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
  ],
  [
   AC_MSG_RESULT([no])
  ],
  [])

SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
]
)
Commit	Line	Data
77b1029d	1	## Copyright (C) 1996-2020 The Squid Software Foundation and contributors
5d2e6f19 AJ	2	##
	3	## Squid software is distributed under GPLv2+ license and includes
	4	## contributions from numerous individuals and organizations.
	5	## Please see the COPYING and CONTRIBUTORS files for details.
	6	##
73862432	7
c2afddd8 AJ	8	dnl check whether regex works by actually compiling one
	9	dnl sets squid_cv_regex_works to either yes or no
	10
	11	AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
	12	AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
	13	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	14	#if HAVE_SYS_TYPES_H
	15	#include <sys/types.h>
	16	#endif
	17	#if HAVE_REGEX_H
	18	#include <regex.h>
	19	#endif
	20	]], [[
	21	regex_t t; regcomp(&t,"",0);]])],
	22	[ squid_cv_regex_works=yes ],
	23	[ squid_cv_regex_works=no ])
	24	])
	25	])
	26
	27
2ef664d8 FC	28	AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
	29	AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
	30	SQUID_STATE_SAVE(iphlpapi)
	31	LIBS="$LIBS -liphlpapi"
	32	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
	33	#include <windows.h>
	34	#include <winsock2.h>
	35	#include <iphlpapi.h>
	36	]], [[
	37	MIB_IPNETTABLE i;
	38	unsigned long isz=sizeof(i);
	39	GetIpNetTable(&i,&isz,FALSE);
	40	]])],
	41	[squid_cv_have_libiphlpapi=yes
	42	SQUID_STATE_COMMIT(iphlpapi)],
	43	[squid_cv_have_libiphlpapi=no
	44	SQUID_STATE_ROLLBACK(iphlpapi)])
	45	])
	46	SQUID_STATE_ROLLBACK(iphlpapi)
	47	])
fc321c30	48
8d56fe55 AJ	49	dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
	50	AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
	51	AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
	52	AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
	53	AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
	54	SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
fe94990b	55	LIBS="$LIBS $SSLLIB"
8d56fe55 AJ	56	AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
	57	AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
	58	AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
	59	SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
	60	])
	61
17e98f24 AJ	62	dnl Checks whether the -lcrypto library provides various OpenSSL API functions
17e98f24 AJ	63	AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
24b30fdc	64	AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists")
17e98f24 AJ	65	AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
17e98f24 AJ	66	AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
24b30fdc	67	AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists")
17e98f24 AJ	68	AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
17e98f24 AJ	69	AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
24b30fdc	70	AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists")
17e98f24 AJ	71	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
	72	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
	73	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
800967af	74	AH_TEMPLATE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL, "Define to 1 if the X509_VERIFY_PARAM_set_auth_level() OpenSSL API function exists")
fe94990b	75	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
800967af	76	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, "Define to 1 if the X509_chain_up_ref() OpenSSL API function exists")
fe94990b AJ	77	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
fe94990b AJ	78	AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
5107d2c4	79	AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
800967af	80	AH_TEMPLATE(HAVE_SSL_GET0_PARAM, "Define to 1 of the SSL_get0_param() OpenSSL API function exists")
17e98f24	81	SQUID_STATE_SAVE(check_openssl_libcrypto_api)
fe94990b	82	LIBS="$LIBS $SSLLIB"
24b30fdc	83	AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1))
17e98f24 AJ	84	AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
17e98f24 AJ	85	AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
24b30fdc	86	AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1))
17e98f24 AJ	87	AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
17e98f24 AJ	88	AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
24b30fdc	89	AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1))
17e98f24 AJ	90	AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
	91	AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
	92	AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
800967af	93	AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_set_auth_level, AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL))
fe94990b	94	AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
800967af	95	AC_CHECK_LIB(crypto, X509_chain_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, 1))
fe94990b AJ	96	AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
fe94990b AJ	97	AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
24b30fdc	98	AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,))
800967af	99	AC_CHECK_LIB(crypto, SSL_get0_param, AC_DEFINE(HAVE_SSL_GET0_PARAM, 1))
17e98f24 AJ	100	SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
	101	])
	102
	103	dnl Checks whether the -lssl library provides various OpenSSL API functions
	104	AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
24b30fdc	105	AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists")
17e98f24 AJ	106	AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
	107	AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
	108	AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
	109	SQUID_STATE_SAVE(check_openssl_libssl_api)
fe94990b	110	LIBS="$LIBS $SSLLIB"
24b30fdc	111	AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1))
17e98f24 AJ	112	AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
	113	AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
	114	AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
	115	SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
	116	])
	117
fc321c30 CT	118	dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
	119	dnl workaround can be used instead of using the SSL_get_certificate
	120	AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
	121	AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
	122	AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
	123	SQUID_STATE_SAVE(check_SSL_get_certificate)
216eee00	124	LIBS="$SSLLIB $LIBS"
fc321c30 CT	125	if test "x$SSLLIBDIR" != "x"; then
	126	LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
	127	fi
	128
	129	AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
	130	AC_RUN_IFELSE([
	131	AC_LANG_PROGRAM(
	132	[
	133	#include <openssl/ssl.h>
	134	#include <openssl/err.h>
	135	],
	136	[
24b30fdc	137	#if defined(SSLeay_add_ssl_algorithms)
fc321c30	138	SSLeay_add_ssl_algorithms();
24b30fdc	139	#endif
8d56fe55	140	#if HAVE_OPENSSL_TLS_METHOD
1f3e0389 SH	141	SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
	142	#else
	143	SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
	144	#endif
fc321c30 CT	145	SSL *ssl = SSL_new(sslContext);
	146	X509* cert = SSL_get_certificate(ssl);
	147	return 0;
	148	])
	149	],
	150	[
	151	AC_MSG_RESULT([no])
	152	],
	153	[
	154	AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
	155	AC_MSG_RESULT([yes])
	156	],
958ae827 AJ	157	[
	158	AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
	159	AC_MSG_RESULT([cross-compile, assuming no])
	160	])
fc321c30 CT	161
	162	AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
	163	AC_RUN_IFELSE([
	164	AC_LANG_PROGRAM(
	165	[
	166	#include <openssl/ssl.h>
	167	#include <openssl/err.h>
	168	],
	169	[
24b30fdc	170	#if defined(SSLeay_add_ssl_algorithms)
fc321c30	171	SSLeay_add_ssl_algorithms();
24b30fdc	172	#endif
8d56fe55	173	#if HAVE_OPENSSL_TLS_METHOD
1f3e0389 SH	174	SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
	175	#else
	176	SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
	177	#endif
fc321c30 CT	178	X509 *pCert = (X509 *)sslContext->cert;
	179	X509 sslCtxCert = pCert && pCert ? *pCert : (X509 )0x1;
	180	if (sslCtxCert != NULL)
	181	return 1;
	182	return 0;
	183	])
	184	],
	185	[
	186	AC_MSG_RESULT([yes])
	187	AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
	188	],
	189	[
	190	AC_MSG_RESULT([no])
	191	],
958ae827 AJ	192	[
	193	AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
	194	AC_MSG_RESULT([cross-compile, assuming no])
	195	])
fc321c30 CT	196
	197	SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
	198	])
fee5325b	199
19179f7c CT	200	dnl Checks whether the SSL_CTX_new and similar functions require
	201	dnl a const 'SSL_METHOD *' argument
	202	AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
	203	AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
	204	SQUID_STATE_SAVE(check_const_SSL_METHOD)
	205	AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
	206
	207	AC_COMPILE_IFELSE([
	208	AC_LANG_PROGRAM(
	209	[
	210	#include <openssl/ssl.h>
	211	#include <openssl/err.h>
	212	],
	213	[
	214	const SSL_METHOD *method = NULL;
	215	SSL_CTX *sslContext = SSL_CTX_new(method);
	216	return (sslContext != NULL);
	217	])
	218	],
	219	[
	220	AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
	221	AC_MSG_RESULT([yes])
	222	],
	223	[
	224	AC_MSG_RESULT([no])
	225	],
	226	[])
	227
	228	SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
7d841344 AJ	229	])
	230
	231	dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
	232	AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
	233	AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
	234	SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
	235	AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
	236	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
	237	#include <openssl/ssl.h>
	238
	239	int const_dup_func(CRYPTO_EX_DATA , const CRYPTO_EX_DATA , void , int, long, void ) {
	240	return 0;
	241	}
	242	],[
	243	return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
	244	])
	245	],[
	246	AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
	247	AC_MSG_RESULT([yes])
	248	],[
	249	AC_MSG_RESULT([no])
	250	])
	251	SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
	252	])
	253
	254	dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
	255	AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
	256	AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
	257	SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
	258	AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
	259	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
	260	#include <openssl/ssl.h>
	261
	262	SSL_SESSION get_session_cb(SSL , const unsigned char ID, int, int ) {
	263	return NULL;
	264	}
	265	],[
	266	SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
	267	return 0;
	268	])
	269	],[
	270	AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
	271	AC_MSG_RESULT([yes])
	272	],[
	273	AC_MSG_RESULT([no])
	274	])
	275	SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
	276	])
fee5325b	277
70cfe22f AJ	278	dnl Checks whether the X509_get0_signature() has const arguments
70cfe22f AJ	279	AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
24b30fdc	280	AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!)
70cfe22f AJ	281	SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
	282	AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
	283	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
	284	#include <openssl/ssl.h>
	285	],[
	286	#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
	287	const ASN1_BIT_STRING *sig = nullptr;
	288	const X509_ALGOR *sig_alg;
	289	X509_get0_signature(&sig, &sig_alg, nullptr);
	290	#else
	291	#error Missing X509_get0_signature()
	292	#endif
	293	])
	294	],[
24b30fdc	295	AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const)
70cfe22f AJ	296	AC_MSG_RESULT([yes])
70cfe22f AJ	297	],[
24b30fdc	298	AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)
70cfe22f AJ	299	AC_MSG_RESULT([no])
	300	])
	301	SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
	302	])
	303
fee5325b CT	304	dnl Try to handle TXT_DB related problems:
	305	dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
	306	dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
	307	dnl implemented correctly and causes type conversion errors while compiling squid
	308
	309	AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
	310	AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
19179f7c	311	AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
fee5325b CT	312	AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
	313
	314	SQUID_STATE_SAVE(check_TXTDB)
	315
	316	LIBS="$LIBS $SSLLIB"
19179f7c	317	squid_cv_check_openssl_pstring="no"
fee5325b CT	318	AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
	319	AC_COMPILE_IFELSE([
	320	AC_LANG_PROGRAM(
	321	[
	322	#include <openssl/txt_db.h>
	323	],
	324	[
	325	TXT_DB *db = NULL;
	326	int i = sk_OPENSSL_PSTRING_num(db->data);
	327	return 0;
	328	])
	329	],
	330	[
	331	AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
	332	AC_MSG_RESULT([yes])
19179f7c	333	squid_cv_check_openssl_pstring="yes"
fee5325b CT	334	],
	335	[
	336	AC_MSG_RESULT([no])
	337	],
	338	[])
	339
19179f7c CT	340	if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
	341	AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
	342	AC_COMPILE_IFELSE([
	343	AC_LANG_PROGRAM(
	344	[
	345	#include <openssl/txt_db.h>
	346	],
	347	[
	348	TXT_DB *db = NULL;
	349	const char current_row = ((const char )sk_OPENSSL_PSTRING_value(db->data, 0));
	350	return (current_row != NULL);
	351	])
	352	],
	353	[
	354	AC_MSG_RESULT([no])
	355	],
	356	[
	357	AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
	358	AC_MSG_RESULT([yes])
	359	],
	360	[])
	361	fi
	362
fee5325b CT	363	AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
	364	AC_COMPILE_IFELSE([
	365	AC_LANG_PROGRAM(
	366	[
	367	#include <openssl/txt_db.h>
	368
	369	static unsigned long index_serial_hash(const char **a){}
	370	static int index_serial_cmp(const char a, const char b){}
	371	static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
	372	static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
	373	],
	374	[
	375	TXT_DB *db = NULL;
	376	TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
	377	])
	378	],
	379	[
	380	AC_MSG_RESULT([no])
	381	],
	382	[
	383	AC_MSG_RESULT([yes])
	384	AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
	385	],
	386	[])
	387
	388	SQUID_STATE_ROLLBACK(check_TXTDB)
	389	])
a95989ed	390
1110989a CT	391	dnl Check if we can rewrite the hello message stored in an SSL object.
	392	dnl The tests are very basic, just check if the required members exist in
	393	dnl SSL structure.
a95989ed CT	394	AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
	395	AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
	396	SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
	397	AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
	398
	399	AC_COMPILE_IFELSE([
	400	AC_LANG_PROGRAM(
	401	[
	402	#include <openssl/ssl.h>
	403	#include <openssl/err.h>
	404	#include <assert.h>
	405	],
	406	[
	407	SSL *ssl;
	408	char random, msg;
	409	memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
	410	SSL3_BUFFER *wb=&(ssl->s3->wbuf);
	411	assert(wb->len == 0);
	412	memcpy(wb->buf, msg, 0);
	413	assert(wb->left == 0);
	414	memcpy(ssl->init_buf->data, msg, 0);
	415	ssl->init_num = 0;
	416	ssl->s3->wpend_ret = 0;
	417	ssl->s3->wpend_tot = 0;
b44de379 AR	418	SSL_CIPHER *cipher = 0;
b44de379 AR	419	assert(SSL_CIPHER_get_id(cipher));
a95989ed CT	420	])
	421	],
	422	[
88a300ce	423	AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
a95989ed CT	424	],
	425	[
	426	AC_MSG_RESULT([no])
	427	],
	428	[])
	429
	430	SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
	431	]
	432	)