]>
Commit | Line | Data |
---|---|---|
77b1029d | 1 | ## Copyright (C) 1996-2020 The Squid Software Foundation and contributors |
5d2e6f19 AJ |
2 | ## |
3 | ## Squid software is distributed under GPLv2+ license and includes | |
4 | ## contributions from numerous individuals and organizations. | |
5 | ## Please see the COPYING and CONTRIBUTORS files for details. | |
6 | ## | |
73862432 | 7 | |
c2afddd8 AJ |
8 | dnl check whether regex works by actually compiling one |
9 | dnl sets squid_cv_regex_works to either yes or no | |
10 | ||
11 | AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[ | |
12 | AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[ | |
13 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | |
14 | #if HAVE_SYS_TYPES_H | |
15 | #include <sys/types.h> | |
16 | #endif | |
17 | #if HAVE_REGEX_H | |
18 | #include <regex.h> | |
19 | #endif | |
20 | ]], [[ | |
21 | regex_t t; regcomp(&t,"",0);]])], | |
22 | [ squid_cv_regex_works=yes ], | |
23 | [ squid_cv_regex_works=no ]) | |
24 | ]) | |
25 | ]) | |
26 | ||
27 | ||
2ef664d8 FC |
28 | AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[ |
29 | AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[ | |
30 | SQUID_STATE_SAVE(iphlpapi) | |
31 | LIBS="$LIBS -liphlpapi" | |
32 | AC_LINK_IFELSE([AC_LANG_PROGRAM([[ | |
33 | #include <windows.h> | |
34 | #include <winsock2.h> | |
35 | #include <iphlpapi.h> | |
36 | ]], [[ | |
37 | MIB_IPNETTABLE i; | |
38 | unsigned long isz=sizeof(i); | |
39 | GetIpNetTable(&i,&isz,FALSE); | |
40 | ]])], | |
41 | [squid_cv_have_libiphlpapi=yes | |
42 | SQUID_STATE_COMMIT(iphlpapi)], | |
43 | [squid_cv_have_libiphlpapi=no | |
44 | SQUID_STATE_ROLLBACK(iphlpapi)]) | |
45 | ]) | |
46 | SQUID_STATE_ROLLBACK(iphlpapi) | |
47 | ]) | |
fc321c30 | 48 | |
8d56fe55 AJ |
49 | dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions |
50 | AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[ | |
51 | AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists") | |
52 | AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists") | |
53 | AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists") | |
54 | SQUID_STATE_SAVE(check_openssl_TLS_METHODS) | |
fe94990b | 55 | LIBS="$LIBS $SSLLIB" |
8d56fe55 AJ |
56 | AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1)) |
57 | AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1)) | |
58 | AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1)) | |
59 | SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS) | |
60 | ]) | |
61 | ||
17e98f24 AJ |
62 | dnl Checks whether the -lcrypto library provides various OpenSSL API functions |
63 | AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[ | |
24b30fdc | 64 | AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists") |
17e98f24 AJ |
65 | AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists") |
66 | AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists") | |
24b30fdc | 67 | AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists") |
17e98f24 AJ |
68 | AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists") |
69 | AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists") | |
24b30fdc | 70 | AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists") |
17e98f24 AJ |
71 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists") |
72 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists") | |
73 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists") | |
800967af | 74 | AH_TEMPLATE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL, "Define to 1 if the X509_VERIFY_PARAM_set_auth_level() OpenSSL API function exists") |
fe94990b | 75 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists") |
800967af | 76 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, "Define to 1 if the X509_chain_up_ref() OpenSSL API function exists") |
fe94990b AJ |
77 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists") |
78 | AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists") | |
5107d2c4 | 79 | AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists") |
800967af | 80 | AH_TEMPLATE(HAVE_SSL_GET0_PARAM, "Define to 1 of the SSL_get0_param() OpenSSL API function exists") |
17e98f24 | 81 | SQUID_STATE_SAVE(check_openssl_libcrypto_api) |
fe94990b | 82 | LIBS="$LIBS $SSLLIB" |
24b30fdc | 83 | AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1)) |
17e98f24 AJ |
84 | AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1)) |
85 | AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1)) | |
24b30fdc | 86 | AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1)) |
17e98f24 AJ |
87 | AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1)) |
88 | AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1)) | |
24b30fdc | 89 | AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1)) |
17e98f24 AJ |
90 | AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1)) |
91 | AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1)) | |
92 | AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1)) | |
800967af | 93 | AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_set_auth_level, AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL)) |
fe94990b | 94 | AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1)) |
800967af | 95 | AC_CHECK_LIB(crypto, X509_chain_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, 1)) |
fe94990b AJ |
96 | AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1)) |
97 | AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1)) | |
24b30fdc | 98 | AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)) |
800967af | 99 | AC_CHECK_LIB(crypto, SSL_get0_param, AC_DEFINE(HAVE_SSL_GET0_PARAM, 1)) |
17e98f24 AJ |
100 | SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api) |
101 | ]) | |
102 | ||
103 | dnl Checks whether the -lssl library provides various OpenSSL API functions | |
104 | AC_DEFUN([SQUID_CHECK_LIBSSL_API],[ | |
24b30fdc | 105 | AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists") |
17e98f24 AJ |
106 | AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists") |
107 | AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists") | |
108 | AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists") | |
109 | SQUID_STATE_SAVE(check_openssl_libssl_api) | |
fe94990b | 110 | LIBS="$LIBS $SSLLIB" |
24b30fdc | 111 | AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1)) |
17e98f24 AJ |
112 | AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1)) |
113 | AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1)) | |
114 | AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1)) | |
115 | SQUID_STATE_ROLLBACK(check_openssl_libssl_api) | |
116 | ]) | |
117 | ||
fc321c30 CT |
118 | dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a |
119 | dnl workaround can be used instead of using the SSL_get_certificate | |
120 | AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ | |
121 | AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid") | |
122 | AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate") | |
123 | SQUID_STATE_SAVE(check_SSL_get_certificate) | |
216eee00 | 124 | LIBS="$SSLLIB $LIBS" |
fc321c30 CT |
125 | if test "x$SSLLIBDIR" != "x"; then |
126 | LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" | |
127 | fi | |
128 | ||
129 | AC_MSG_CHECKING(whether the SSL_get_certificate is buggy) | |
130 | AC_RUN_IFELSE([ | |
131 | AC_LANG_PROGRAM( | |
132 | [ | |
133 | #include <openssl/ssl.h> | |
134 | #include <openssl/err.h> | |
135 | ], | |
136 | [ | |
24b30fdc | 137 | #if defined(SSLeay_add_ssl_algorithms) |
fc321c30 | 138 | SSLeay_add_ssl_algorithms(); |
24b30fdc | 139 | #endif |
8d56fe55 | 140 | #if HAVE_OPENSSL_TLS_METHOD |
1f3e0389 SH |
141 | SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); |
142 | #else | |
143 | SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); | |
144 | #endif | |
fc321c30 CT |
145 | SSL *ssl = SSL_new(sslContext); |
146 | X509* cert = SSL_get_certificate(ssl); | |
147 | return 0; | |
148 | ]) | |
149 | ], | |
150 | [ | |
151 | AC_MSG_RESULT([no]) | |
152 | ], | |
153 | [ | |
154 | AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) | |
155 | AC_MSG_RESULT([yes]) | |
156 | ], | |
958ae827 AJ |
157 | [ |
158 | AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0) | |
159 | AC_MSG_RESULT([cross-compile, assuming no]) | |
160 | ]) | |
fc321c30 CT |
161 | |
162 | AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works) | |
163 | AC_RUN_IFELSE([ | |
164 | AC_LANG_PROGRAM( | |
165 | [ | |
166 | #include <openssl/ssl.h> | |
167 | #include <openssl/err.h> | |
168 | ], | |
169 | [ | |
24b30fdc | 170 | #if defined(SSLeay_add_ssl_algorithms) |
fc321c30 | 171 | SSLeay_add_ssl_algorithms(); |
24b30fdc | 172 | #endif |
8d56fe55 | 173 | #if HAVE_OPENSSL_TLS_METHOD |
1f3e0389 SH |
174 | SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); |
175 | #else | |
176 | SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); | |
177 | #endif | |
fc321c30 CT |
178 | X509 ***pCert = (X509 ***)sslContext->cert; |
179 | X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; | |
180 | if (sslCtxCert != NULL) | |
181 | return 1; | |
182 | return 0; | |
183 | ]) | |
184 | ], | |
185 | [ | |
186 | AC_MSG_RESULT([yes]) | |
187 | AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) | |
188 | ], | |
189 | [ | |
190 | AC_MSG_RESULT([no]) | |
191 | ], | |
958ae827 AJ |
192 | [ |
193 | AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0) | |
194 | AC_MSG_RESULT([cross-compile, assuming no]) | |
195 | ]) | |
fc321c30 CT |
196 | |
197 | SQUID_STATE_ROLLBACK(check_SSL_get_certificate) | |
198 | ]) | |
fee5325b | 199 | |
19179f7c CT |
200 | dnl Checks whether the SSL_CTX_new and similar functions require |
201 | dnl a const 'SSL_METHOD *' argument | |
202 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ | |
203 | AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") | |
204 | SQUID_STATE_SAVE(check_const_SSL_METHOD) | |
205 | AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") | |
206 | ||
207 | AC_COMPILE_IFELSE([ | |
208 | AC_LANG_PROGRAM( | |
209 | [ | |
210 | #include <openssl/ssl.h> | |
211 | #include <openssl/err.h> | |
212 | ], | |
213 | [ | |
214 | const SSL_METHOD *method = NULL; | |
215 | SSL_CTX *sslContext = SSL_CTX_new(method); | |
216 | return (sslContext != NULL); | |
217 | ]) | |
218 | ], | |
219 | [ | |
220 | AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1) | |
221 | AC_MSG_RESULT([yes]) | |
222 | ], | |
223 | [ | |
224 | AC_MSG_RESULT([no]) | |
225 | ], | |
226 | []) | |
227 | ||
228 | SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) | |
7d841344 AJ |
229 | ]) |
230 | ||
231 | dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument | |
232 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[ | |
233 | AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") | |
234 | SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA) | |
235 | AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") | |
236 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
237 | #include <openssl/ssl.h> | |
238 | ||
239 | int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) { | |
240 | return 0; | |
241 | } | |
242 | ],[ | |
243 | return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL); | |
244 | ]) | |
245 | ],[ | |
246 | AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1) | |
247 | AC_MSG_RESULT([yes]) | |
248 | ],[ | |
249 | AC_MSG_RESULT([no]) | |
250 | ]) | |
251 | SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA) | |
252 | ]) | |
253 | ||
254 | dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument | |
255 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[ | |
256 | AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") | |
257 | SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb) | |
258 | AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") | |
259 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
260 | #include <openssl/ssl.h> | |
261 | ||
262 | SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) { | |
263 | return NULL; | |
264 | } | |
265 | ],[ | |
266 | SSL_CTX_sess_set_get_cb(NULL, get_session_cb); | |
267 | return 0; | |
268 | ]) | |
269 | ],[ | |
270 | AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1) | |
271 | AC_MSG_RESULT([yes]) | |
272 | ],[ | |
273 | AC_MSG_RESULT([no]) | |
274 | ]) | |
275 | SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb) | |
276 | ]) | |
fee5325b | 277 | |
70cfe22f AJ |
278 | dnl Checks whether the X509_get0_signature() has const arguments |
279 | AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[ | |
24b30fdc | 280 | AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!) |
70cfe22f AJ |
281 | SQUID_STATE_SAVE(check_const_X509_get0_signature_args) |
282 | AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters") | |
283 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ | |
284 | #include <openssl/ssl.h> | |
285 | ],[ | |
286 | #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE | |
287 | const ASN1_BIT_STRING *sig = nullptr; | |
288 | const X509_ALGOR *sig_alg; | |
289 | X509_get0_signature(&sig, &sig_alg, nullptr); | |
290 | #else | |
291 | #error Missing X509_get0_signature() | |
292 | #endif | |
293 | ]) | |
294 | ],[ | |
24b30fdc | 295 | AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const) |
70cfe22f AJ |
296 | AC_MSG_RESULT([yes]) |
297 | ],[ | |
24b30fdc | 298 | AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,) |
70cfe22f AJ |
299 | AC_MSG_RESULT([no]) |
300 | ]) | |
301 | SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args) | |
302 | ]) | |
303 | ||
fee5325b CT |
304 | dnl Try to handle TXT_DB related problems: |
305 | dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version | |
306 | dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not | |
307 | dnl implemented correctly and causes type conversion errors while compiling squid | |
308 | ||
309 | AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ | |
310 | AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") | |
19179f7c | 311 | AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value") |
fee5325b CT |
312 | AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") |
313 | ||
314 | SQUID_STATE_SAVE(check_TXTDB) | |
315 | ||
316 | LIBS="$LIBS $SSLLIB" | |
19179f7c | 317 | squid_cv_check_openssl_pstring="no" |
fee5325b CT |
318 | AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) |
319 | AC_COMPILE_IFELSE([ | |
320 | AC_LANG_PROGRAM( | |
321 | [ | |
322 | #include <openssl/txt_db.h> | |
323 | ], | |
324 | [ | |
325 | TXT_DB *db = NULL; | |
326 | int i = sk_OPENSSL_PSTRING_num(db->data); | |
327 | return 0; | |
328 | ]) | |
329 | ], | |
330 | [ | |
331 | AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) | |
332 | AC_MSG_RESULT([yes]) | |
19179f7c | 333 | squid_cv_check_openssl_pstring="yes" |
fee5325b CT |
334 | ], |
335 | [ | |
336 | AC_MSG_RESULT([no]) | |
337 | ], | |
338 | []) | |
339 | ||
19179f7c CT |
340 | if test x"$squid_cv_check_openssl_pstring" = "xyes"; then |
341 | AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used) | |
342 | AC_COMPILE_IFELSE([ | |
343 | AC_LANG_PROGRAM( | |
344 | [ | |
345 | #include <openssl/txt_db.h> | |
346 | ], | |
347 | [ | |
348 | TXT_DB *db = NULL; | |
349 | const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0)); | |
350 | return (current_row != NULL); | |
351 | ]) | |
352 | ], | |
353 | [ | |
354 | AC_MSG_RESULT([no]) | |
355 | ], | |
356 | [ | |
357 | AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1) | |
358 | AC_MSG_RESULT([yes]) | |
359 | ], | |
360 | []) | |
361 | fi | |
362 | ||
fee5325b CT |
363 | AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) |
364 | AC_COMPILE_IFELSE([ | |
365 | AC_LANG_PROGRAM( | |
366 | [ | |
367 | #include <openssl/txt_db.h> | |
368 | ||
369 | static unsigned long index_serial_hash(const char **a){} | |
370 | static int index_serial_cmp(const char **a, const char **b){} | |
371 | static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) | |
372 | static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) | |
373 | ], | |
374 | [ | |
375 | TXT_DB *db = NULL; | |
376 | TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); | |
377 | ]) | |
378 | ], | |
379 | [ | |
380 | AC_MSG_RESULT([no]) | |
381 | ], | |
382 | [ | |
383 | AC_MSG_RESULT([yes]) | |
384 | AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) | |
385 | ], | |
386 | []) | |
387 | ||
388 | SQUID_STATE_ROLLBACK(check_TXTDB) | |
389 | ]) | |
a95989ed | 390 | |
1110989a CT |
391 | dnl Check if we can rewrite the hello message stored in an SSL object. |
392 | dnl The tests are very basic, just check if the required members exist in | |
393 | dnl SSL structure. | |
a95989ed CT |
394 | AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[ |
395 | AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct") | |
396 | SQUID_STATE_SAVE(check_openSSL_overwrite_hack) | |
397 | AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct) | |
398 | ||
399 | AC_COMPILE_IFELSE([ | |
400 | AC_LANG_PROGRAM( | |
401 | [ | |
402 | #include <openssl/ssl.h> | |
403 | #include <openssl/err.h> | |
404 | #include <assert.h> | |
405 | ], | |
406 | [ | |
407 | SSL *ssl; | |
408 | char *random, *msg; | |
409 | memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE); | |
410 | SSL3_BUFFER *wb=&(ssl->s3->wbuf); | |
411 | assert(wb->len == 0); | |
412 | memcpy(wb->buf, msg, 0); | |
413 | assert(wb->left == 0); | |
414 | memcpy(ssl->init_buf->data, msg, 0); | |
415 | ssl->init_num = 0; | |
416 | ssl->s3->wpend_ret = 0; | |
417 | ssl->s3->wpend_tot = 0; | |
b44de379 AR |
418 | SSL_CIPHER *cipher = 0; |
419 | assert(SSL_CIPHER_get_id(cipher)); | |
a95989ed CT |
420 | ]) |
421 | ], | |
422 | [ | |
88a300ce | 423 | AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1]) |
a95989ed CT |
424 | ], |
425 | [ | |
426 | AC_MSG_RESULT([no]) | |
427 | ], | |
428 | []) | |
429 | ||
430 | SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack) | |
431 | ] | |
432 | ) |