acinclude/lib-checks.m4

   1 ## Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl checks whether dbopen needs -ldb to be added to libs
   9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
  10
  11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
  12   AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
  13     SQUID_STATE_SAVE(dbopen_libdb)
  14     LIBS="$LIBS -ldb"
  15     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  16 #if HAVE_SYS_TYPES_H
  17 #include <sys/types.h>
  18 #endif
  19 #if HAVE_LIMITS_H
  20 #include <limits.h>
  21 #endif
  22 #if HAVE_DB_185_H
  23 #include <db_185.h>
  24 #elif HAVE_DB_H
  25 #include <db.h>
  26 #endif]],
  27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
  28     [ac_cv_dbopen_libdb="yes"],
  29     [ac_cv_dbopen_libdb="no"])
  30     SQUID_STATE_ROLLBACK(dbopen_libdb)
  31   ])
  32 ])
  33
  34
  35 dnl check whether regex works by actually compiling one
  36 dnl sets squid_cv_regex_works to either yes or no
  37
  38 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
  39   AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
  40     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  41 #if HAVE_SYS_TYPES_H
  42 #include <sys/types.h>
  43 #endif
  44 #if HAVE_REGEX_H
  45 #include <regex.h>
  46 #endif
  47 ]], [[
  48 regex_t t; regcomp(&t,"",0);]])],
  49     [ squid_cv_regex_works=yes ],
  50     [ squid_cv_regex_works=no ])
  51   ])
  52 ])
  53
  54
  55 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  56   AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
  57     SQUID_STATE_SAVE(iphlpapi)
  58     LIBS="$LIBS -liphlpapi"
  59     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  60 #include <windows.h>
  61 #include <winsock2.h>
  62 #include <iphlpapi.h>
  63 ]], [[
  64   MIB_IPNETTABLE i;
  65   unsigned long isz=sizeof(i);
  66   GetIpNetTable(&i,&isz,FALSE);
  67     ]])],
  68     [squid_cv_have_libiphlpapi=yes
  69      SQUID_STATE_COMMIT(iphlpapi)],
  70     [squid_cv_have_libiphlpapi=no
  71      SQUID_STATE_ROLLBACK(iphlpapi)])
  72   ])
  73   SQUID_STATE_ROLLBACK(iphlpapi)
  74 ])
  75
  76 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
  77 dnl workaround can be used instead of using the SSL_get_certificate
  78 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
  79   AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
  80   AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
  81   SQUID_STATE_SAVE(check_SSL_get_certificate)
  82   LIBS="$SSLLIB $LIBS"
  83   if test "x$SSLLIBDIR" != "x"; then
  84      LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
  85   fi
  86
  87   AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
  88   AC_RUN_IFELSE([
  89   AC_LANG_PROGRAM(
  90     [
  91      #include <openssl/ssl.h>
  92      #include <openssl/err.h>
  93     ],
  94     [
  95     SSLeay_add_ssl_algorithms();
  96     SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
  97     SSL *ssl = SSL_new(sslContext);
  98     X509* cert = SSL_get_certificate(ssl);
  99     return 0;
 100     ])
 101   ],
 102   [
 103    AC_MSG_RESULT([no])
 104   ],
 105   [
 106    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
 107    AC_MSG_RESULT([yes])
 108   ],
 109   [
 110    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
 111    AC_MSG_RESULT([cross-compile, assuming no])
 112   ])
 113
 114   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
 115   AC_RUN_IFELSE([
 116   AC_LANG_PROGRAM(
 117     [
 118      #include <openssl/ssl.h>
 119      #include <openssl/err.h>
 120     ],
 121     [
 122     SSLeay_add_ssl_algorithms();
 123     SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
 124     X509 ***pCert = (X509 ***)sslContext->cert;
 125     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
 126     if (sslCtxCert != NULL)
 127         return 1;
 128     return 0;
 129     ])
 130   ],
 131   [
 132    AC_MSG_RESULT([yes])
 133    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
 134   ],
 135   [
 136    AC_MSG_RESULT([no])
 137   ],
 138   [
 139    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
 140    AC_MSG_RESULT([cross-compile, assuming no])
 141   ])
 142
 143 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 144 ])
 145
 146 dnl Checks whether the  SSL_CTX_new and similar functions require
 147 dnl a const 'SSL_METHOD *' argument
 148 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
 149   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 150   SQUID_STATE_SAVE(check_const_SSL_METHOD)
 151   AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 152
 153   AC_COMPILE_IFELSE([
 154   AC_LANG_PROGRAM(
 155     [
 156      #include <openssl/ssl.h>
 157      #include <openssl/err.h>
 158     ],
 159     [
 160        const SSL_METHOD *method = NULL;
 161        SSL_CTX *sslContext = SSL_CTX_new(method);
 162        return (sslContext != NULL);
 163     ])
 164   ],
 165   [
 166    AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
 167    AC_MSG_RESULT([yes])
 168   ],
 169   [
 170    AC_MSG_RESULT([no])
 171   ],
 172   [])
 173
 174 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
 175 ]
 176 )
 177
 178 dnl Try to handle TXT_DB related  problems:
 179 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
 180 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
 181 dnl    implemented correctly and causes type conversion errors while compiling squid
 182
 183 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 184   AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
 185   AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
 186   AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
 187
 188   SQUID_STATE_SAVE(check_TXTDB)
 189
 190   LIBS="$LIBS $SSLLIB"
 191   squid_cv_check_openssl_pstring="no"
 192   AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
 193   AC_COMPILE_IFELSE([
 194   AC_LANG_PROGRAM(
 195     [
 196      #include <openssl/txt_db.h>
 197     ],
 198     [
 199     TXT_DB *db = NULL;
 200     int i = sk_OPENSSL_PSTRING_num(db->data);
 201     return 0;
 202     ])
 203   ],
 204   [
 205    AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
 206    AC_MSG_RESULT([yes])
 207    squid_cv_check_openssl_pstring="yes"
 208   ],
 209   [
 210    AC_MSG_RESULT([no])
 211   ],
 212   [])
 213
 214   if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
 215      AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
 216      AC_COMPILE_IFELSE([
 217      AC_LANG_PROGRAM(
 218        [
 219         #include <openssl/txt_db.h>
 220        ],
 221        [
 222        TXT_DB *db = NULL;
 223        const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
 224        return (current_row != NULL);
 225        ])
 226      ],
 227      [
 228       AC_MSG_RESULT([no])
 229      ],
 230      [
 231       AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
 232       AC_MSG_RESULT([yes])
 233      ],
 234      [])
 235   fi
 236
 237   AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
 238   AC_COMPILE_IFELSE([
 239   AC_LANG_PROGRAM(
 240     [
 241      #include <openssl/txt_db.h>
 242
 243      static unsigned long index_serial_hash(const char **a){}
 244      static int index_serial_cmp(const char **a, const char **b){}
 245      static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
 246      static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
 247     ],
 248     [
 249     TXT_DB *db = NULL;
 250     TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
 251     ])
 252   ],
 253   [
 254    AC_MSG_RESULT([no])
 255   ],
 256   [
 257    AC_MSG_RESULT([yes])
 258    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
 259   ],
 260 [])
 261
 262 SQUID_STATE_ROLLBACK(check_TXTDB)
 263 ])
 264
 265 dnl Check if we can rewrite the hello message stored in an SSL object.
 266 dnl The tests are very basic, just check if the required members exist in
 267 dnl SSL structure.
 268 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
 269   AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
 270   SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
 271   AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
 272
 273   AC_COMPILE_IFELSE([
 274   AC_LANG_PROGRAM(
 275     [
 276      #include <openssl/ssl.h>
 277      #include <openssl/err.h>
 278      #include <assert.h>
 279     ],
 280     [
 281     SSL *ssl;
 282     char *random, *msg;
 283     memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
 284     SSL3_BUFFER *wb=&(ssl->s3->wbuf);
 285     assert(wb->len == 0);
 286     memcpy(wb->buf, msg, 0);
 287     assert(wb->left == 0);
 288     memcpy(ssl->init_buf->data, msg, 0);
 289     ssl->init_num = 0;
 290     ssl->s3->wpend_ret = 0;
 291     ssl->s3->wpend_tot = 0;
 292     ])
 293   ],
 294   [
 295    AC_DEFINE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, 1)
 296    AC_MSG_RESULT([yes])
 297   ],
 298   [
 299    AC_MSG_RESULT([no])
 300   ],
 301   [])
 302
 303 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
 304 ]
 305 )