acinclude/lib-checks.m4

   1 ## Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl checks whether dbopen needs -ldb to be added to libs
   9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
  10
  11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
  12   AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
  13     SQUID_STATE_SAVE(dbopen_libdb)
  14     LIBS="$LIBS -ldb"
  15     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  16 #if HAVE_SYS_TYPES_H
  17 #include <sys/types.h>
  18 #endif
  19 #if HAVE_LIMITS_H
  20 #include <limits.h>
  21 #endif
  22 #if HAVE_DB_185_H
  23 #include <db_185.h>
  24 #elif HAVE_DB_H
  25 #include <db.h>
  26 #endif]],
  27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
  28     [ac_cv_dbopen_libdb="yes"],
  29     [ac_cv_dbopen_libdb="no"])
  30     SQUID_STATE_ROLLBACK(dbopen_libdb)
  31   ])
  32 ])
  33
  34
  35 dnl check whether regex works by actually compiling one
  36 dnl sets squid_cv_regex_works to either yes or no
  37
  38 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
  39   AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
  40     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  41 #if HAVE_SYS_TYPES_H
  42 #include <sys/types.h>
  43 #endif
  44 #if HAVE_REGEX_H
  45 #include <regex.h>
  46 #endif
  47 ]], [[
  48 regex_t t; regcomp(&t,"",0);]])],
  49     [ squid_cv_regex_works=yes ],
  50     [ squid_cv_regex_works=no ])
  51   ])
  52 ])
  53
  54
  55 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  56   AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
  57     SQUID_STATE_SAVE(iphlpapi)
  58     LIBS="$LIBS -liphlpapi"
  59     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  60 #include <windows.h>
  61 #include <winsock2.h>
  62 #include <iphlpapi.h>
  63 ]], [[
  64   MIB_IPNETTABLE i;
  65   unsigned long isz=sizeof(i);
  66   GetIpNetTable(&i,&isz,FALSE);
  67     ]])],
  68     [squid_cv_have_libiphlpapi=yes
  69      SQUID_STATE_COMMIT(iphlpapi)],
  70     [squid_cv_have_libiphlpapi=no
  71      SQUID_STATE_ROLLBACK(iphlpapi)])
  72   ])
  73   SQUID_STATE_ROLLBACK(iphlpapi)
  74 ])
  75
  76 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
  77 dnl workaround can be used instead of using the SSL_get_certificate
  78 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
  79   AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
  80   AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
  81   SQUID_STATE_SAVE(check_SSL_get_certificate)
  82   LIBS="$SSLLIB $LIBS"
  83   if test "x$SSLLIBDIR" != "x"; then
  84      LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
  85   fi
  86
  87   AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
  88   AC_RUN_IFELSE([
  89   AC_LANG_PROGRAM(
  90     [
  91      #include <openssl/ssl.h>
  92      #include <openssl/err.h>
  93     ],
  94     [
  95     SSLeay_add_ssl_algorithms();
  96     SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
  97     SSL *ssl = SSL_new(sslContext);
  98     X509* cert = SSL_get_certificate(ssl);
  99     return 0;
 100     ])
 101   ],
 102   [
 103    AC_MSG_RESULT([no])
 104   ],
 105   [
 106    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
 107    AC_MSG_RESULT([yes])
 108   ],
 109   [])
 110
 111   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
 112   AC_RUN_IFELSE([
 113   AC_LANG_PROGRAM(
 114     [
 115      #include <openssl/ssl.h>
 116      #include <openssl/err.h>
 117     ],
 118     [
 119     SSLeay_add_ssl_algorithms();
 120     SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
 121     X509 ***pCert = (X509 ***)sslContext->cert;
 122     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
 123     if (sslCtxCert != NULL)
 124         return 1;
 125     return 0;
 126     ])
 127   ],
 128   [
 129    AC_MSG_RESULT([yes])
 130    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
 131   ],
 132   [
 133    AC_MSG_RESULT([no])
 134   ],
 135 [])
 136
 137 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 138 ])
 139
 140 dnl Checks whether the  SSL_CTX_new and similar functions require
 141 dnl a const 'SSL_METHOD *' argument
 142 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
 143   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 144   SQUID_STATE_SAVE(check_const_SSL_METHOD)
 145   AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 146
 147   AC_COMPILE_IFELSE([
 148   AC_LANG_PROGRAM(
 149     [
 150      #include <openssl/ssl.h>
 151      #include <openssl/err.h>
 152     ],
 153     [
 154        const SSL_METHOD *method = NULL;
 155        SSL_CTX *sslContext = SSL_CTX_new(method);
 156        return (sslContext != NULL);
 157     ])
 158   ],
 159   [
 160    AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
 161    AC_MSG_RESULT([yes])
 162   ],
 163   [
 164    AC_MSG_RESULT([no])
 165   ],
 166   [])
 167
 168 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
 169 ]
 170 )
 171
 172 dnl Try to handle TXT_DB related  problems:
 173 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
 174 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
 175 dnl    implemented correctly and causes type conversion errors while compiling squid
 176
 177 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 178   AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
 179   AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
 180   AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
 181
 182   SQUID_STATE_SAVE(check_TXTDB)
 183
 184   LIBS="$LIBS $SSLLIB"
 185   squid_cv_check_openssl_pstring="no"
 186   AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
 187   AC_COMPILE_IFELSE([
 188   AC_LANG_PROGRAM(
 189     [
 190      #include <openssl/txt_db.h>
 191     ],
 192     [
 193     TXT_DB *db = NULL;
 194     int i = sk_OPENSSL_PSTRING_num(db->data);
 195     return 0;
 196     ])
 197   ],
 198   [
 199    AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
 200    AC_MSG_RESULT([yes])
 201    squid_cv_check_openssl_pstring="yes"
 202   ],
 203   [
 204    AC_MSG_RESULT([no])
 205   ],
 206   [])
 207
 208   if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
 209      AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
 210      AC_COMPILE_IFELSE([
 211      AC_LANG_PROGRAM(
 212        [
 213         #include <openssl/txt_db.h>
 214        ],
 215        [
 216        TXT_DB *db = NULL;
 217        const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
 218        return (current_row != NULL);
 219        ])
 220      ],
 221      [
 222       AC_MSG_RESULT([no])
 223      ],
 224      [
 225       AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
 226       AC_MSG_RESULT([yes])
 227      ],
 228      [])
 229   fi
 230
 231   AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
 232   AC_COMPILE_IFELSE([
 233   AC_LANG_PROGRAM(
 234     [
 235      #include <openssl/txt_db.h>
 236
 237      static unsigned long index_serial_hash(const char **a){}
 238      static int index_serial_cmp(const char **a, const char **b){}
 239      static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
 240      static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
 241     ],
 242     [
 243     TXT_DB *db = NULL;
 244     TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
 245     ])
 246   ],
 247   [
 248    AC_MSG_RESULT([no])
 249   ],
 250   [
 251    AC_MSG_RESULT([yes])
 252    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
 253   ],
 254 [])
 255
 256 SQUID_STATE_ROLLBACK(check_TXTDB)
 257 ])
 258
 259 dnl Check if we can rewrite the hello message stored in an SSL object.
 260 dnl The tests are very basic, just check if the required members exist in
 261 dnl SSL structure.
 262 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
 263   AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
 264   SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
 265   AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
 266
 267   AC_COMPILE_IFELSE([
 268   AC_LANG_PROGRAM(
 269     [
 270      #include <openssl/ssl.h>
 271      #include <openssl/err.h>
 272      #include <assert.h>
 273     ],
 274     [
 275     SSL *ssl;
 276     char *random, *msg;
 277     memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
 278     SSL3_BUFFER *wb=&(ssl->s3->wbuf);
 279     assert(wb->len == 0);
 280     memcpy(wb->buf, msg, 0);
 281     assert(wb->left == 0);
 282     memcpy(ssl->init_buf->data, msg, 0);
 283     ssl->init_num = 0;
 284     ssl->s3->wpend_ret = 0;
 285     ssl->s3->wpend_tot = 0;
 286     ])
 287   ],
 288   [
 289    AC_DEFINE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, 1)
 290    AC_MSG_RESULT([yes])
 291   ],
 292   [
 293    AC_MSG_RESULT([no])
 294   ],
 295   [])
 296
 297 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
 298 ]
 299 )