1 ## Copyright (C) 1996-2018 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl check whether regex works by actually compiling one
9 dnl sets squid_cv_regex_works to either yes or no
11 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
12 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
13 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
15 #include <sys/types.h>
21 regex_t t; regcomp(&t,"",0);]])],
22 [ squid_cv_regex_works=yes ],
23 [ squid_cv_regex_works=no ])
28 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
29 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
30 SQUID_STATE_SAVE(iphlpapi)
31 LIBS="$LIBS -liphlpapi"
32 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
38 unsigned long isz=sizeof(i);
39 GetIpNetTable(&i,&isz,FALSE);
41 [squid_cv_have_libiphlpapi=yes
42 SQUID_STATE_COMMIT(iphlpapi)],
43 [squid_cv_have_libiphlpapi=no
44 SQUID_STATE_ROLLBACK(iphlpapi)])
46 SQUID_STATE_ROLLBACK(iphlpapi)
49 dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
50 AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
51 AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
52 AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
53 AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
54 SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
56 AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
57 AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
58 AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
59 SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
62 dnl Checks whether the -lcrypto library provides various OpenSSL API functions
63 AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
64 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists")
65 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists")
66 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists")
67 AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists")
68 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists")
69 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
70 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
71 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists")
72 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
73 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
74 AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
75 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists")
76 SQUID_STATE_SAVE(check_openssl_libcrypto_api)
78 AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
79 AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
80 AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
81 AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1))
82 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1))
83 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
84 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
85 AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1))
86 AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
87 AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
88 AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
89 AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1))
90 SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
93 dnl Checks whether the -lssl library provides various OpenSSL API functions
94 AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
95 AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists")
96 AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
97 AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
98 SQUID_STATE_SAVE(check_openssl_libssl_api)
100 AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
101 AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
102 AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
103 SQUID_STATE_ROLLBACK(check_openssl_libssl_api)
106 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
107 dnl workaround can be used instead of using the SSL_get_certificate
108 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
109 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
110 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
111 SQUID_STATE_SAVE(check_SSL_get_certificate)
113 if test "x$SSLLIBDIR" != "x"; then
114 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
117 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
121 #include <openssl/ssl.h>
122 #include <openssl/err.h>
125 SSLeay_add_ssl_algorithms();
126 #if HAVE_OPENSSL_TLS_METHOD
127 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
129 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
131 SSL *ssl = SSL_new(sslContext);
132 X509* cert = SSL_get_certificate(ssl);
140 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
144 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
145 AC_MSG_RESULT([cross-compile, assuming no])
148 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
152 #include <openssl/ssl.h>
153 #include <openssl/err.h>
156 SSLeay_add_ssl_algorithms();
157 #if HAVE_OPENSSL_TLS_METHOD
158 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
160 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
162 X509 ***pCert = (X509 ***)sslContext->cert;
163 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
164 if (sslCtxCert != NULL)
171 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
177 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
178 AC_MSG_RESULT([cross-compile, assuming no])
181 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
184 dnl Checks whether the SSL_CTX_new and similar functions require
185 dnl a const 'SSL_METHOD *' argument
186 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
187 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
188 SQUID_STATE_SAVE(check_const_SSL_METHOD)
189 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
194 #include <openssl/ssl.h>
195 #include <openssl/err.h>
198 const SSL_METHOD *method = NULL;
199 SSL_CTX *sslContext = SSL_CTX_new(method);
200 return (sslContext != NULL);
204 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
212 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
215 dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
216 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
217 AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
218 SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
219 AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
220 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
221 #include <openssl/ssl.h>
223 int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
227 return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
230 AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
235 SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
238 dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
239 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
240 AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
241 SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
242 AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
243 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
244 #include <openssl/ssl.h>
246 SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
250 SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
254 AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
259 SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
262 dnl Checks whether the X509_get0_signature() has const arguments
263 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[
264 AH_TEMPLATE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, "Define if X509_get0_signature() accepts const parameters")
265 SQUID_STATE_SAVE(check_const_X509_get0_signature_args)
266 AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters")
267 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
268 #include <openssl/ssl.h>
270 #if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE
271 const ASN1_BIT_STRING *sig = nullptr;
272 const X509_ALGOR *sig_alg;
273 X509_get0_signature(&sig, &sig_alg, nullptr);
275 #error Missing X509_get0_signature()
279 AC_DEFINE(SQUID_USE_CONST_X509_GET0_SIGNATURE_ARGS, 1)
284 SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args)
287 dnl Try to handle TXT_DB related problems:
288 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
289 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
290 dnl implemented correctly and causes type conversion errors while compiling squid
292 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
293 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
294 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
295 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
297 SQUID_STATE_SAVE(check_TXTDB)
300 squid_cv_check_openssl_pstring="no"
301 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
305 #include <openssl/txt_db.h>
309 int i = sk_OPENSSL_PSTRING_num(db->data);
314 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
316 squid_cv_check_openssl_pstring="yes"
323 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
324 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
328 #include <openssl/txt_db.h>
332 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
333 return (current_row != NULL);
340 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
346 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
350 #include <openssl/txt_db.h>
352 static unsigned long index_serial_hash(const char **a){}
353 static int index_serial_cmp(const char **a, const char **b){}
354 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
355 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
359 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
367 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
371 SQUID_STATE_ROLLBACK(check_TXTDB)
374 dnl Check if we can rewrite the hello message stored in an SSL object.
375 dnl The tests are very basic, just check if the required members exist in
377 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
378 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
379 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
380 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
385 #include <openssl/ssl.h>
386 #include <openssl/err.h>
392 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
393 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
394 assert(wb->len == 0);
395 memcpy(wb->buf, msg, 0);
396 assert(wb->left == 0);
397 memcpy(ssl->init_buf->data, msg, 0);
399 ssl->s3->wpend_ret = 0;
400 ssl->s3->wpend_tot = 0;
401 SSL_CIPHER *cipher = 0;
402 assert(SSL_CIPHER_get_id(cipher));
406 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
413 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)