1 ## Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl check whether regex works by actually compiling one
9 dnl sets squid_cv_regex_works to either yes or no
11 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
12 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
13 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
15 #include <sys/types.h>
21 regex_t t; regcomp(&t,"",0);]])],
22 [ squid_cv_regex_works=yes ],
23 [ squid_cv_regex_works=no ])
28 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
29 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
30 SQUID_STATE_SAVE(iphlpapi)
31 LIBS="$LIBS -liphlpapi"
32 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
38 unsigned long isz=sizeof(i);
39 GetIpNetTable(&i,&isz,FALSE);
41 [squid_cv_have_libiphlpapi=yes
42 SQUID_STATE_COMMIT(iphlpapi)],
43 [squid_cv_have_libiphlpapi=no
44 SQUID_STATE_ROLLBACK(iphlpapi)])
46 SQUID_STATE_ROLLBACK(iphlpapi)
49 dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
50 AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
51 AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
52 AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
53 AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
54 SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
56 AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
57 AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
58 AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
59 SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
62 dnl Checks whether the -lcrypto library provides various OpenSSL API functions
63 AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
64 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
65 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
66 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
67 AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
68 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
69 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
70 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
71 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists")
72 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
73 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
74 AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
75 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
76 SQUID_STATE_SAVE(check_openssl_libcrypto_api)
78 AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
79 AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
80 AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
81 AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
82 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
83 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
84 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
85 AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1))
86 AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
87 AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
88 AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
89 AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1))
90 SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
93 dnl Checks whether the -lssl library provides various OpenSSL API functions
94 AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
95 AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
96 AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
97 AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
98 SQUID_STATE_SAVE(check_openssl_libssl_api)
100 AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
101 AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
102 AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
103 SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
106 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
107 dnl workaround can be used instead of using the SSL_get_certificate
108 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
109 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
110 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
111 SQUID_STATE_SAVE(check_SSL_get_certificate)
113 if test "x$SSLLIBDIR" != "x"; then
114 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
117 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
121 #include <openssl/ssl.h>
122 #include <openssl/err.h>
125 SSLeay_add_ssl_algorithms();
126 #if HAVE_OPENSSL_TLS_METHOD
127 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
129 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
131 SSL *ssl = SSL_new(sslContext);
132 X509* cert = SSL_get_certificate(ssl);
140 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
144 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
145 AC_MSG_RESULT([cross-compile, assuming no])
148 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
152 #include <openssl/ssl.h>
153 #include <openssl/err.h>
156 SSLeay_add_ssl_algorithms();
157 #if HAVE_OPENSSL_TLS_METHOD
158 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
160 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
162 X509 ***pCert = (X509 ***)sslContext->cert;
163 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
164 if (sslCtxCert != NULL)
171 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
177 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
178 AC_MSG_RESULT([cross-compile, assuming no])
181 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
184 dnl Checks whether the SSL_CTX_new and similar functions require
185 dnl a const 'SSL_METHOD *' argument
186 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
187 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
188 SQUID_STATE_SAVE(check_const_SSL_METHOD)
189 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
194 #include <openssl/ssl.h>
195 #include <openssl/err.h>
198 const SSL_METHOD *method = NULL;
199 SSL_CTX *sslContext = SSL_CTX_new(method);
200 return (sslContext != NULL);
204 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
212 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
215 dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
216 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
217 AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
218 SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
219 AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
221 #include <openssl/ssl.h>
223 int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
227 return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
230 AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
235 SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
238 dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
239 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
240 AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
241 SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
242 AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
244 #include <openssl/ssl.h>
246 SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
250 SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
254 AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
259 SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
262 dnl Try to handle TXT_DB related problems:
263 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
264 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
265 dnl implemented correctly and causes type conversion errors while compiling squid
267 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
268 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
269 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
270 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
272 SQUID_STATE_SAVE(check_TXTDB)
275 squid_cv_check_openssl_pstring="no"
276 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
280 #include <openssl/txt_db.h>
284 int i = sk_OPENSSL_PSTRING_num(db->data);
289 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
291 squid_cv_check_openssl_pstring="yes"
298 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
299 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
303 #include <openssl/txt_db.h>
307 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
308 return (current_row != NULL);
315 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
321 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
325 #include <openssl/txt_db.h>
327 static unsigned long index_serial_hash(const char **a){}
328 static int index_serial_cmp(const char **a, const char **b){}
329 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
330 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
334 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
342 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
346 SQUID_STATE_ROLLBACK(check_TXTDB)
349 dnl Check if we can rewrite the hello message stored in an SSL object.
350 dnl The tests are very basic, just check if the required members exist in
352 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
353 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
354 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
355 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
360 #include <openssl/ssl.h>
361 #include <openssl/err.h>
367 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
368 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
369 assert(wb->len == 0);
370 memcpy(wb->buf, msg, 0);
371 assert(wb->left == 0);
372 memcpy(ssl->init_buf->data, msg, 0);
374 ssl->s3->wpend_ret = 0;
375 ssl->s3->wpend_tot = 0;
376 SSL_CIPHER *cipher = 0;
377 assert(SSL_CIPHER_get_id(cipher));
381 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
388 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)