1 ## Copyright (C) 1996-2021 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl check whether regex works by actually compiling one
9 dnl sets squid_cv_regex_works to either yes or no
11 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
12 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
13 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
15 #include <sys/types.h>
21 regex_t t; regcomp(&t,"",0);]])],
22 [ squid_cv_regex_works=yes ],
23 [ squid_cv_regex_works=no ])
28 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
29 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
30 SQUID_STATE_SAVE(iphlpapi)
31 LIBS="$LIBS -liphlpapi"
32 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
38 unsigned long isz=sizeof(i);
39 GetIpNetTable(&i,&isz,FALSE);
41 [squid_cv_have_libiphlpapi=yes
42 SQUID_STATE_COMMIT(iphlpapi)],
43 [squid_cv_have_libiphlpapi=no
44 SQUID_STATE_ROLLBACK(iphlpapi)])
46 SQUID_STATE_ROLLBACK(iphlpapi)
49 dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
50 AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
51 AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
52 AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
53 AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
54 SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
56 AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
57 AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
58 AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
59 SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
62 dnl Checks whether the -lcrypto library provides various OpenSSL API functions
63 AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
64 AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists")
65 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
66 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
67 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists")
68 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
69 AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
70 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists")
71 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
72 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
73 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
74 AH_TEMPLATE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL, "Define to 1 if the X509_VERIFY_PARAM_set_auth_level() OpenSSL API function exists")
75 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
76 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, "Define to 1 if the X509_chain_up_ref() OpenSSL API function exists")
77 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
78 AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
79 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
80 AH_TEMPLATE(HAVE_SSL_GET0_PARAM, "Define to 1 of the SSL_get0_param() OpenSSL API function exists")
81 SQUID_STATE_SAVE(check_openssl_libcrypto_api)
83 AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1))
84 AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
85 AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
86 AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1))
87 AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
88 AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
89 AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1))
90 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
91 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
92 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
93 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_set_auth_level, AC_DEFINE(HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL))
94 AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
95 AC_CHECK_LIB(crypto, X509_chain_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CHAIN_UP_REF, 1))
96 AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
97 AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
98 AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,))
99 AC_CHECK_LIB(crypto, SSL_get0_param, AC_DEFINE(HAVE_SSL_GET0_PARAM, 1))
100 SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
103 dnl Checks whether the -lssl library provides various OpenSSL API functions
104 AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
105 AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists")
106 AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
107 AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
108 AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
109 SQUID_STATE_SAVE(check_openssl_libssl_api)
111 AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1))
112 AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
113 AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
114 AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
115 SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
118 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
119 dnl workaround can be used instead of using the SSL_get_certificate
120 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
121 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
122 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
123 SQUID_STATE_SAVE(check_SSL_get_certificate)
125 if test "x$SSLLIBDIR" != "x"; then
126 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
129 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
133 #include <openssl/ssl.h>
134 #include <openssl/err.h>
137 #if defined(SSLeay_add_ssl_algorithms)
138 SSLeay_add_ssl_algorithms();
140 #if HAVE_OPENSSL_TLS_METHOD
141 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
143 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
145 SSL *ssl = SSL_new(sslContext);
146 X509* cert = SSL_get_certificate(ssl);
154 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
158 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
159 AC_MSG_RESULT([cross-compile, assuming no])
162 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
166 #include <openssl/ssl.h>
167 #include <openssl/err.h>
170 #if defined(SSLeay_add_ssl_algorithms)
171 SSLeay_add_ssl_algorithms();
173 #if HAVE_OPENSSL_TLS_METHOD
174 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
176 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
178 X509 ***pCert = (X509 ***)sslContext->cert;
179 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
180 if (sslCtxCert != NULL)
187 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
193 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
194 AC_MSG_RESULT([cross-compile, assuming no])
197 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
200 dnl Checks whether the SSL_CTX_new and similar functions require
201 dnl a const 'SSL_METHOD *' argument
202 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
203 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
204 SQUID_STATE_SAVE(check_const_SSL_METHOD)
205 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
210 #include <openssl/ssl.h>
211 #include <openssl/err.h>
214 const SSL_METHOD *method = NULL;
215 SSL_CTX *sslContext = SSL_CTX_new(method);
216 return (sslContext != NULL);
220 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
228 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
231 dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
232 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
233 AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
234 SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
235 AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
236 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
237 #include <openssl/ssl.h>
239 int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
243 return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
246 AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
251 SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
254 dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
255 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
256 AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
257 SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
258 AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
259 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
260 #include <openssl/ssl.h>
262 SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
266 SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
270 AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
275 SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
278 dnl Checks whether the X509_get0_signature() has const arguments
279 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
280 AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!)
281 SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
282 AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
283 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
284 #include <openssl/ssl.h>
286 #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
287 const ASN1_BIT_STRING *sig = nullptr;
288 const X509_ALGOR *sig_alg;
289 X509_get0_signature(&sig, &sig_alg, nullptr);
291 #error Missing X509_get0_signature()
295 AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const)
298 AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)
301 SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
304 dnl Try to handle TXT_DB related problems:
305 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
306 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
307 dnl implemented correctly and causes type conversion errors while compiling squid
309 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
310 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
311 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
312 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
314 SQUID_STATE_SAVE(check_TXTDB)
317 squid_cv_check_openssl_pstring="no"
318 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
322 #include <openssl/txt_db.h>
326 int i = sk_OPENSSL_PSTRING_num(db->data);
331 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
333 squid_cv_check_openssl_pstring="yes"
340 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
341 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
345 #include <openssl/txt_db.h>
349 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
350 return (current_row != NULL);
357 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
363 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
367 #include <openssl/txt_db.h>
369 static unsigned long index_serial_hash(const char **a){}
370 static int index_serial_cmp(const char **a, const char **b){}
371 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
372 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
376 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
384 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
388 SQUID_STATE_ROLLBACK(check_TXTDB)
391 dnl Check if we can rewrite the hello message stored in an SSL object.
392 dnl The tests are very basic, just check if the required members exist in
394 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
395 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
396 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
397 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
402 #include <openssl/ssl.h>
403 #include <openssl/err.h>
409 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
410 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
411 assert(wb->len == 0);
412 memcpy(wb->buf, msg, 0);
413 assert(wb->left == 0);
414 memcpy(ssl->init_buf->data, msg, 0);
416 ssl->s3->wpend_ret = 0;
417 ssl->s3->wpend_tot = 0;
418 SSL_CIPHER *cipher = 0;
419 assert(SSL_CIPHER_get_id(cipher));
423 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
430 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)