1 ## Copyright (C) 1996-2015 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl checks whether dbopen needs -ldb to be added to libs
9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
12 AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
13 SQUID_STATE_SAVE(dbopen_libdb)
15 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
17 #include <sys/types.h>
27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
28 [ac_cv_dbopen_libdb="yes"],
29 [ac_cv_dbopen_libdb="no"])
30 SQUID_STATE_ROLLBACK(dbopen_libdb)
35 dnl check whether regex works by actually compiling one
36 dnl sets squid_cv_regex_works to either yes or no
38 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
39 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
40 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
42 #include <sys/types.h>
48 regex_t t; regcomp(&t,"",0);]])],
49 [ squid_cv_regex_works=yes ],
50 [ squid_cv_regex_works=no ])
55 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
56 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
57 SQUID_STATE_SAVE(iphlpapi)
58 LIBS="$LIBS -liphlpapi"
59 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
65 unsigned long isz=sizeof(i);
66 GetIpNetTable(&i,&isz,FALSE);
68 [squid_cv_have_libiphlpapi=yes
69 SQUID_STATE_COMMIT(iphlpapi)],
70 [squid_cv_have_libiphlpapi=no
71 SQUID_STATE_ROLLBACK(iphlpapi)])
73 SQUID_STATE_ROLLBACK(iphlpapi)
76 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
77 dnl workaround can be used instead of using the SSL_get_certificate
78 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
79 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
80 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
81 SQUID_STATE_SAVE(check_SSL_get_certificate)
83 if test "x$SSLLIBDIR" != "x"; then
84 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
87 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
91 #include <openssl/ssl.h>
92 #include <openssl/err.h>
95 SSLeay_add_ssl_algorithms();
96 SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
97 SSL *ssl = SSL_new(sslContext);
98 X509* cert = SSL_get_certificate(ssl);
106 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
111 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
115 #include <openssl/ssl.h>
116 #include <openssl/err.h>
119 SSLeay_add_ssl_algorithms();
120 SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
121 X509 ***pCert = (X509 ***)sslContext->cert;
122 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
123 if (sslCtxCert != NULL)
130 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
137 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
140 dnl Checks whether the SSL_CTX_new and similar functions require
141 dnl a const 'SSL_METHOD *' argument
142 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
143 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
144 SQUID_STATE_SAVE(check_const_SSL_METHOD)
145 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
150 #include <openssl/ssl.h>
151 #include <openssl/err.h>
154 const SSL_METHOD *method = NULL;
155 SSL_CTX *sslContext = SSL_CTX_new(method);
156 return (sslContext != NULL);
160 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
168 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
172 dnl Try to handle TXT_DB related problems:
173 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
174 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
175 dnl implemented correctly and causes type conversion errors while compiling squid
177 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
178 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
179 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
180 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
182 SQUID_STATE_SAVE(check_TXTDB)
185 squid_cv_check_openssl_pstring="no"
186 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
190 #include <openssl/txt_db.h>
194 int i = sk_OPENSSL_PSTRING_num(db->data);
199 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
201 squid_cv_check_openssl_pstring="yes"
208 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
209 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
213 #include <openssl/txt_db.h>
217 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
218 return (current_row != NULL);
225 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
231 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
235 #include <openssl/txt_db.h>
237 static unsigned long index_serial_hash(const char **a){}
238 static int index_serial_cmp(const char **a, const char **b){}
239 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
240 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
244 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
252 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
256 SQUID_STATE_ROLLBACK(check_TXTDB)
259 dnl Check if we can rewrite the hello message stored in an SSL object.
260 dnl The tests are very basic, just check if the required members exist in
262 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
263 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
264 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
265 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
270 #include <openssl/ssl.h>
271 #include <openssl/err.h>
277 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
278 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
279 assert(wb->len == 0);
280 memcpy(wb->buf, msg, 0);
281 assert(wb->left == 0);
282 memcpy(ssl->init_buf->data, msg, 0);
284 ssl->s3->wpend_ret = 0;
285 ssl->s3->wpend_tot = 0;
289 AC_DEFINE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, 1)
297 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)