acinclude/lib-checks.m4

   1 ## Copyright (C) 1996-2021 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl check whether regex works by actually compiling one
   9 dnl sets squid_cv_regex_works to either yes or no
  10
  11 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
  12   AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
  13     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  14 #if HAVE_SYS_TYPES_H
  15 #include <sys/types.h>
  16 #endif
  17 #if HAVE_REGEX_H
  18 #include <regex.h>
  19 #endif
  20 ]], [[
  21 regex_t t; regcomp(&t,"",0);]])],
  22     [ squid_cv_regex_works=yes ],
  23     [ squid_cv_regex_works=no ])
  24   ])
  25 ])
  26
  27
  28 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  29   AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
  30     SQUID_STATE_SAVE(iphlpapi)
  31     LIBS="$LIBS -liphlpapi"
  32     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  33 #include <windows.h>
  34 #include <winsock2.h>
  35 #include <iphlpapi.h>
  36 ]], [[
  37   MIB_IPNETTABLE i;
  38   unsigned long isz=sizeof(i);
  39   GetIpNetTable(&i,&isz,FALSE);
  40     ]])],
  41     [squid_cv_have_libiphlpapi=yes
  42      SQUID_STATE_COMMIT(iphlpapi)],
  43     [squid_cv_have_libiphlpapi=no
  44      SQUID_STATE_ROLLBACK(iphlpapi)])
  45   ])
  46   SQUID_STATE_ROLLBACK(iphlpapi)
  47 ])
  48
  49 dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
  50 AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
  51   AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
  52   AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
  53   AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
  54   SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
  55   LIBS="$LIBS $SSLLIB"
  56   AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
  57   AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
  58   AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
  59   SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
  60 ])
  61
  62 dnl Checks whether the -lcrypto library provides various OpenSSL API functions
  63 AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
  64   AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists")
  65   AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
  66   AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
  67   AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists")
  68   AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
  69   AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
  70   AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists")
  71   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
  72   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
  73   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
  74   AH_TEMPLATE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL, "Define to 1 if the X509_VERIFY_PARAM_set_auth_level() OpenSSL API function exists")
  75   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
  76   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, "Define to 1 if the X509_chain_up_ref() OpenSSL API function exists")
  77   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
  78   AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
  79   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
  80   AH_TEMPLATE(HAVE_SSL_GET0_PARAM, "Define to 1 of the SSL_get0_param() OpenSSL API function exists")
  81   SQUID_STATE_SAVE(check_openssl_libcrypto_api)
  82   LIBS="$LIBS $SSLLIB"
  83   AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1))
  84   AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
  85   AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
  86   AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1))
  87   AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
  88   AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
  89   AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1))
  90   AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
  91   AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
  92   AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
  93   AC_CHECK_LIB(crypto,  X509_VERIFY_PARAM_set_auth_level, AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL))
  94   AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
  95   AC_CHECK_LIB(crypto, X509_chain_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, 1))
  96   AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
  97   AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
  98   AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,))
  99   AC_CHECK_LIB(crypto, SSL_get0_param, AC_DEFINE(HAVE_SSL_GET0_PARAM, 1))
 100   SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
 101 ])
 102
 103 dnl Checks whether the -lssl library provides various OpenSSL API functions
 104 AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
 105   AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists")
 106   AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
 107   AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
 108   AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
 109   SQUID_STATE_SAVE(check_openssl_libssl_api)
 110   LIBS="$LIBS $SSLLIB"
 111   AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1))
 112   AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
 113   AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
 114   AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
 115   SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
 116 ])
 117
 118 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
 119 dnl workaround can be used instead of using the SSL_get_certificate
 120 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
 121   AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
 122   AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
 123   SQUID_STATE_SAVE(check_SSL_get_certificate)
 124   LIBS="$SSLLIB $LIBS"
 125   if test "x$SSLLIBDIR" != "x"; then
 126      LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
 127   fi
 128
 129   AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
 130   AC_RUN_IFELSE([
 131   AC_LANG_PROGRAM(
 132     [
 133      #include <openssl/ssl.h>
 134      #include <openssl/err.h>
 135     ],
 136     [
 137 #if defined(SSLeay_add_ssl_algorithms)
 138     SSLeay_add_ssl_algorithms();
 139 #endif
 140 #if HAVE_OPENSSL_TLS_METHOD
 141     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 142 #else
 143     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
 144 #endif
 145     SSL *ssl = SSL_new(sslContext);
 146     X509* cert = SSL_get_certificate(ssl);
 147     return 0;
 148     ])
 149   ],
 150   [
 151    AC_MSG_RESULT([no])
 152   ],
 153   [
 154    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
 155    AC_MSG_RESULT([yes])
 156   ],
 157   [
 158    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
 159    AC_MSG_RESULT([cross-compile, assuming no])
 160   ])
 161
 162   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
 163   AC_RUN_IFELSE([
 164   AC_LANG_PROGRAM(
 165     [
 166      #include <openssl/ssl.h>
 167      #include <openssl/err.h>
 168     ],
 169     [
 170 #if defined(SSLeay_add_ssl_algorithms)
 171     SSLeay_add_ssl_algorithms();
 172 #endif
 173 #if HAVE_OPENSSL_TLS_METHOD
 174     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 175 #else
 176     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
 177 #endif
 178     X509 ***pCert = (X509 ***)sslContext->cert;
 179     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
 180     if (sslCtxCert != NULL)
 181         return 1;
 182     return 0;
 183     ])
 184   ],
 185   [
 186    AC_MSG_RESULT([yes])
 187    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
 188   ],
 189   [
 190    AC_MSG_RESULT([no])
 191   ],
 192   [
 193    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
 194    AC_MSG_RESULT([cross-compile, assuming no])
 195   ])
 196
 197 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 198 ])
 199
 200 dnl Checks whether the  SSL_CTX_new and similar functions require
 201 dnl a const 'SSL_METHOD *' argument
 202 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
 203   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 204   SQUID_STATE_SAVE(check_const_SSL_METHOD)
 205   AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 206
 207   AC_COMPILE_IFELSE([
 208   AC_LANG_PROGRAM(
 209     [
 210      #include <openssl/ssl.h>
 211      #include <openssl/err.h>
 212     ],
 213     [
 214        const SSL_METHOD *method = NULL;
 215        SSL_CTX *sslContext = SSL_CTX_new(method);
 216        return (sslContext != NULL);
 217     ])
 218   ],
 219   [
 220    AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
 221    AC_MSG_RESULT([yes])
 222   ],
 223   [
 224    AC_MSG_RESULT([no])
 225   ],
 226   [])
 227
 228 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
 229 ])
 230
 231 dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
 232 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
 233   AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
 234   SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
 235   AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
 236   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
 237 #include <openssl/ssl.h>
 238
 239 int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
 240     return 0;
 241 }
 242     ],[
 243 return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
 244     ])
 245   ],[
 246    AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
 247    AC_MSG_RESULT([yes])
 248   ],[
 249    AC_MSG_RESULT([no])
 250   ])
 251   SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
 252 ])
 253
 254 dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
 255 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
 256   AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
 257   SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
 258   AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
 259   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
 260 #include <openssl/ssl.h>
 261
 262 SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
 263     return NULL;
 264 }
 265     ],[
 266 SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
 267 return 0;
 268     ])
 269   ],[
 270    AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
 271    AC_MSG_RESULT([yes])
 272   ],[
 273    AC_MSG_RESULT([no])
 274   ])
 275   SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
 276 ])
 277
 278 dnl Checks whether the X509_get0_signature() has const arguments
 279 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
 280   AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!)
 281   SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
 282   AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
 283   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
 284 #include <openssl/ssl.h>
 285     ],[
 286 #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
 287         const ASN1_BIT_STRING *sig = nullptr;
 288         const X509_ALGOR *sig_alg;
 289         X509_get0_signature(&sig, &sig_alg, nullptr);
 290 #else
 291 #error Missing X509_get0_signature()
 292 #endif
 293     ])
 294   ],[
 295    AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const)
 296    AC_MSG_RESULT([yes])
 297   ],[
 298    AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)
 299    AC_MSG_RESULT([no])
 300   ])
 301   SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
 302 ])
 303
 304 dnl Try to handle TXT_DB related  problems:
 305 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
 306 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
 307 dnl    implemented correctly and causes type conversion errors while compiling squid
 308
 309 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 310   AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
 311   AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
 312   AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
 313
 314   SQUID_STATE_SAVE(check_TXTDB)
 315
 316   LIBS="$LIBS $SSLLIB"
 317   squid_cv_check_openssl_pstring="no"
 318   AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
 319   AC_COMPILE_IFELSE([
 320   AC_LANG_PROGRAM(
 321     [
 322      #include <openssl/txt_db.h>
 323     ],
 324     [
 325     TXT_DB *db = NULL;
 326     int i = sk_OPENSSL_PSTRING_num(db->data);
 327     return 0;
 328     ])
 329   ],
 330   [
 331    AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
 332    AC_MSG_RESULT([yes])
 333    squid_cv_check_openssl_pstring="yes"
 334   ],
 335   [
 336    AC_MSG_RESULT([no])
 337   ],
 338   [])
 339
 340   if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
 341      AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
 342      AC_COMPILE_IFELSE([
 343      AC_LANG_PROGRAM(
 344        [
 345         #include <openssl/txt_db.h>
 346        ],
 347        [
 348        TXT_DB *db = NULL;
 349        const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
 350        return (current_row != NULL);
 351        ])
 352      ],
 353      [
 354       AC_MSG_RESULT([no])
 355      ],
 356      [
 357       AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
 358       AC_MSG_RESULT([yes])
 359      ],
 360      [])
 361   fi
 362
 363   AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
 364   AC_COMPILE_IFELSE([
 365   AC_LANG_PROGRAM(
 366     [
 367      #include <openssl/txt_db.h>
 368
 369      static unsigned long index_serial_hash(const char **a){}
 370      static int index_serial_cmp(const char **a, const char **b){}
 371      static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
 372      static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
 373     ],
 374     [
 375     TXT_DB *db = NULL;
 376     TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
 377     ])
 378   ],
 379   [
 380    AC_MSG_RESULT([no])
 381   ],
 382   [
 383    AC_MSG_RESULT([yes])
 384    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
 385   ],
 386 [])
 387
 388 SQUID_STATE_ROLLBACK(check_TXTDB)
 389 ])
 390
 391 dnl Check if we can rewrite the hello message stored in an SSL object.
 392 dnl The tests are very basic, just check if the required members exist in
 393 dnl SSL structure.
 394 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
 395   AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
 396   SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
 397   AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
 398
 399   AC_COMPILE_IFELSE([
 400   AC_LANG_PROGRAM(
 401     [
 402      #include <openssl/ssl.h>
 403      #include <openssl/err.h>
 404      #include <assert.h>
 405     ],
 406     [
 407     SSL *ssl;
 408     char *random, *msg;
 409     memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
 410     SSL3_BUFFER *wb=&(ssl->s3->wbuf);
 411     assert(wb->len == 0);
 412     memcpy(wb->buf, msg, 0);
 413     assert(wb->left == 0);
 414     memcpy(ssl->init_buf->data, msg, 0);
 415     ssl->init_num = 0;
 416     ssl->s3->wpend_ret = 0;
 417     ssl->s3->wpend_tot = 0;
 418     SSL_CIPHER *cipher = 0;
 419     assert(SSL_CIPHER_get_id(cipher));
 420     ])
 421   ],
 422   [
 423    AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
 424   ],
 425   [
 426    AC_MSG_RESULT([no])
 427   ],
 428   [])
 429
 430 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
 431 ]
 432 )