]> git.ipfire.org Git - thirdparty/squid.git/blob - acinclude/lib-checks.m4
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Docs: Copyright updates for 2018 (#114)
[thirdparty/squid.git] / acinclude / lib-checks.m4
1 ## Copyright (C) 1996-2018 The Squid Software Foundation and contributors
2 ##
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
6 ##
7
8 dnl check whether regex works by actually compiling one
9 dnl sets squid_cv_regex_works to either yes or no
10
11 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
12 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
13 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
14 #if HAVE_SYS_TYPES_H
15 #include <sys/types.h>
16 #endif
17 #if HAVE_REGEX_H
18 #include <regex.h>
19 #endif
20 ]], [[
21 regex_t t; regcomp(&t,"",0);]])],
22 [ squid_cv_regex_works=yes ],
23 [ squid_cv_regex_works=no ])
24 ])
25 ])
26
27
28 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
29 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
30 SQUID_STATE_SAVE(iphlpapi)
31 LIBS="$LIBS -liphlpapi"
32 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
33 #include <windows.h>
34 #include <winsock2.h>
35 #include <iphlpapi.h>
36 ]], [[
37 MIB_IPNETTABLE i;
38 unsigned long isz=sizeof(i);
39 GetIpNetTable(&i,&isz,FALSE);
40 ]])],
41 [squid_cv_have_libiphlpapi=yes
42 SQUID_STATE_COMMIT(iphlpapi)],
43 [squid_cv_have_libiphlpapi=no
44 SQUID_STATE_ROLLBACK(iphlpapi)])
45 ])
46 SQUID_STATE_ROLLBACK(iphlpapi)
47 ])
48
49 dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
50 AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
51 AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
52 AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
53 AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
54 SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
55 LIBS="$LIBS $SSLLIB"
56 AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
57 AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
58 AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
59 SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
60 ])
61
62 dnl Checks whether the -lcrypto library provides various OpenSSL API functions
63 AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
64 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
65 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
66 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
67 AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
68 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
69 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
70 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
71 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists")
72 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
73 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
74 AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
75 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
76 SQUID_STATE_SAVE(check_openssl_libcrypto_api)
77 LIBS="$LIBS $SSLLIB"
78 AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
79 AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
80 AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
81 AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
82 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
83 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
84 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
85 AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1))
86 AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
87 AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
88 AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
89 AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1))
90 SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
91 ])
92
93 dnl Checks whether the -lssl library provides various OpenSSL API functions
94 AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
95 AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
96 AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
97 AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
98 SQUID_STATE_SAVE(check_openssl_libssl_api)
99 LIBS="$LIBS $SSLLIB"
100 AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
101 AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
102 AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
103 SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
104 ])
105
106 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
107 dnl workaround can be used instead of using the SSL_get_certificate
108 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
109 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
110 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
111 SQUID_STATE_SAVE(check_SSL_get_certificate)
112 LIBS="$SSLLIB $LIBS"
113 if test "x$SSLLIBDIR" != "x"; then
114 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
115 fi
116
117 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
118 AC_RUN_IFELSE([
119 AC_LANG_PROGRAM(
120 [
121 #include <openssl/ssl.h>
122 #include <openssl/err.h>
123 ],
124 [
125 SSLeay_add_ssl_algorithms();
126 #if HAVE_OPENSSL_TLS_METHOD
127 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
128 #else
129 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
130 #endif
131 SSL *ssl = SSL_new(sslContext);
132 X509* cert = SSL_get_certificate(ssl);
133 return 0;
134 ])
135 ],
136 [
137 AC_MSG_RESULT([no])
138 ],
139 [
140 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
141 AC_MSG_RESULT([yes])
142 ],
143 [
144 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
145 AC_MSG_RESULT([cross-compile, assuming no])
146 ])
147
148 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
149 AC_RUN_IFELSE([
150 AC_LANG_PROGRAM(
151 [
152 #include <openssl/ssl.h>
153 #include <openssl/err.h>
154 ],
155 [
156 SSLeay_add_ssl_algorithms();
157 #if HAVE_OPENSSL_TLS_METHOD
158 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
159 #else
160 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
161 #endif
162 X509 ***pCert = (X509 ***)sslContext->cert;
163 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
164 if (sslCtxCert != NULL)
165 return 1;
166 return 0;
167 ])
168 ],
169 [
170 AC_MSG_RESULT([yes])
171 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
172 ],
173 [
174 AC_MSG_RESULT([no])
175 ],
176 [
177 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
178 AC_MSG_RESULT([cross-compile, assuming no])
179 ])
180
181 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
182 ])
183
184 dnl Checks whether the SSL_CTX_new and similar functions require
185 dnl a const 'SSL_METHOD *' argument
186 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
187 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
188 SQUID_STATE_SAVE(check_const_SSL_METHOD)
189 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
190
191 AC_COMPILE_IFELSE([
192 AC_LANG_PROGRAM(
193 [
194 #include <openssl/ssl.h>
195 #include <openssl/err.h>
196 ],
197 [
198 const SSL_METHOD *method = NULL;
199 SSL_CTX *sslContext = SSL_CTX_new(method);
200 return (sslContext != NULL);
201 ])
202 ],
203 [
204 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
205 AC_MSG_RESULT([yes])
206 ],
207 [
208 AC_MSG_RESULT([no])
209 ],
210 [])
211
212 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
213 ])
214
215 dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
216 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
217 AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
218 SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
219 AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
221 #include <openssl/ssl.h>
222
223 int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
224 return 0;
225 }
226 ],[
227 return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
228 ])
229 ],[
230 AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
231 AC_MSG_RESULT([yes])
232 ],[
233 AC_MSG_RESULT([no])
234 ])
235 SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
236 ])
237
238 dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
239 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
240 AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
241 SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
242 AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
244 #include <openssl/ssl.h>
245
246 SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
247 return NULL;
248 }
249 ],[
250 SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
251 return 0;
252 ])
253 ],[
254 AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
255 AC_MSG_RESULT([yes])
256 ],[
257 AC_MSG_RESULT([no])
258 ])
259 SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
260 ])
261
262 dnl Checks whether the X509_get0_signature() has const arguments
263 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
264 AH_TEMPLATE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, "Define if X509_get0_signature() accepts const parameters")
265 SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
266 AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
267 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
268 #include <openssl/ssl.h>
269 ],[
270 #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
271 const ASN1_BIT_STRING *sig = nullptr;
272 const X509_ALGOR *sig_alg;
273 X509_get0_signature(&sig, &sig_alg, nullptr);
274 #else
275 #error Missing X509_get0_signature()
276 #endif
277 ])
278 ],[
279 AC_DEFINE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, 1)
280 AC_MSG_RESULT([yes])
281 ],[
282 AC_MSG_RESULT([no])
283 ])
284 SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
285 ])
286
287 dnl Try to handle TXT_DB related problems:
288 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
289 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
290 dnl implemented correctly and causes type conversion errors while compiling squid
291
292 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
293 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
294 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
295 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
296
297 SQUID_STATE_SAVE(check_TXTDB)
298
299 LIBS="$LIBS $SSLLIB"
300 squid_cv_check_openssl_pstring="no"
301 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
302 AC_COMPILE_IFELSE([
303 AC_LANG_PROGRAM(
304 [
305 #include <openssl/txt_db.h>
306 ],
307 [
308 TXT_DB *db = NULL;
309 int i = sk_OPENSSL_PSTRING_num(db->data);
310 return 0;
311 ])
312 ],
313 [
314 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
315 AC_MSG_RESULT([yes])
316 squid_cv_check_openssl_pstring="yes"
317 ],
318 [
319 AC_MSG_RESULT([no])
320 ],
321 [])
322
323 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
324 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
325 AC_COMPILE_IFELSE([
326 AC_LANG_PROGRAM(
327 [
328 #include <openssl/txt_db.h>
329 ],
330 [
331 TXT_DB *db = NULL;
332 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
333 return (current_row != NULL);
334 ])
335 ],
336 [
337 AC_MSG_RESULT([no])
338 ],
339 [
340 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
341 AC_MSG_RESULT([yes])
342 ],
343 [])
344 fi
345
346 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
347 AC_COMPILE_IFELSE([
348 AC_LANG_PROGRAM(
349 [
350 #include <openssl/txt_db.h>
351
352 static unsigned long index_serial_hash(const char **a){}
353 static int index_serial_cmp(const char **a, const char **b){}
354 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
355 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
356 ],
357 [
358 TXT_DB *db = NULL;
359 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
360 ])
361 ],
362 [
363 AC_MSG_RESULT([no])
364 ],
365 [
366 AC_MSG_RESULT([yes])
367 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
368 ],
369 [])
370
371 SQUID_STATE_ROLLBACK(check_TXTDB)
372 ])
373
374 dnl Check if we can rewrite the hello message stored in an SSL object.
375 dnl The tests are very basic, just check if the required members exist in
376 dnl SSL structure.
377 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
378 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
379 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
380 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
381
382 AC_COMPILE_IFELSE([
383 AC_LANG_PROGRAM(
384 [
385 #include <openssl/ssl.h>
386 #include <openssl/err.h>
387 #include <assert.h>
388 ],
389 [
390 SSL *ssl;
391 char *random, *msg;
392 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
393 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
394 assert(wb->len == 0);
395 memcpy(wb->buf, msg, 0);
396 assert(wb->left == 0);
397 memcpy(ssl->init_buf->data, msg, 0);
398 ssl->init_num = 0;
399 ssl->s3->wpend_ret = 0;
400 ssl->s3->wpend_tot = 0;
401 SSL_CIPHER *cipher = 0;
402 assert(SSL_CIPHER_get_id(cipher));
403 ])
404 ],
405 [
406 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
407 ],
408 [
409 AC_MSG_RESULT([no])
410 ],
411 [])
412
413 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
414 ]
415 )
Mirror of https://github.com/squid-cache/squid.git