1 ## Copyright (C) 1996-2016 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl checks whether dbopen needs -ldb to be added to libs
9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
12 AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
13 SQUID_STATE_SAVE(dbopen_libdb)
15 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
17 #include <sys/types.h>
27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
28 [ac_cv_dbopen_libdb="yes"],
29 [ac_cv_dbopen_libdb="no"])
30 SQUID_STATE_ROLLBACK(dbopen_libdb)
35 dnl check whether regex works by actually compiling one
36 dnl sets squid_cv_regex_works to either yes or no
38 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
39 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
40 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
42 #include <sys/types.h>
48 regex_t t; regcomp(&t,"",0);]])],
49 [ squid_cv_regex_works=yes ],
50 [ squid_cv_regex_works=no ])
55 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
56 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
57 SQUID_STATE_SAVE(iphlpapi)
58 LIBS="$LIBS -liphlpapi"
59 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
65 unsigned long isz=sizeof(i);
66 GetIpNetTable(&i,&isz,FALSE);
68 [squid_cv_have_libiphlpapi=yes
69 SQUID_STATE_COMMIT(iphlpapi)],
70 [squid_cv_have_libiphlpapi=no
71 SQUID_STATE_ROLLBACK(iphlpapi)])
73 SQUID_STATE_ROLLBACK(iphlpapi)
76 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
77 dnl workaround can be used instead of using the SSL_get_certificate
78 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
79 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
80 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
81 SQUID_STATE_SAVE(check_SSL_get_certificate)
83 if test "x$SSLLIBDIR" != "x"; then
84 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
87 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
91 #include <openssl/ssl.h>
92 #include <openssl/err.h>
95 SSLeay_add_ssl_algorithms();
96 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
97 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
99 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
101 SSL *ssl = SSL_new(sslContext);
102 X509* cert = SSL_get_certificate(ssl);
110 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
114 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
115 AC_MSG_RESULT([cross-compile, assuming no])
118 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
122 #include <openssl/ssl.h>
123 #include <openssl/err.h>
126 SSLeay_add_ssl_algorithms();
127 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
128 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
130 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
132 X509 ***pCert = (X509 ***)sslContext->cert;
133 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
134 if (sslCtxCert != NULL)
141 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
147 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
148 AC_MSG_RESULT([cross-compile, assuming no])
151 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
154 dnl Checks whether the SSL_CTX_new and similar functions require
155 dnl a const 'SSL_METHOD *' argument
156 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
157 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
158 SQUID_STATE_SAVE(check_const_SSL_METHOD)
159 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
164 #include <openssl/ssl.h>
165 #include <openssl/err.h>
168 const SSL_METHOD *method = NULL;
169 SSL_CTX *sslContext = SSL_CTX_new(method);
170 return (sslContext != NULL);
174 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
182 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
186 dnl Try to handle TXT_DB related problems:
187 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
188 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
189 dnl implemented correctly and causes type conversion errors while compiling squid
191 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
192 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
193 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
194 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
196 SQUID_STATE_SAVE(check_TXTDB)
199 squid_cv_check_openssl_pstring="no"
200 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
204 #include <openssl/txt_db.h>
208 int i = sk_OPENSSL_PSTRING_num(db->data);
213 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
215 squid_cv_check_openssl_pstring="yes"
222 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
223 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
227 #include <openssl/txt_db.h>
231 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
232 return (current_row != NULL);
239 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
245 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
249 #include <openssl/txt_db.h>
251 static unsigned long index_serial_hash(const char **a){}
252 static int index_serial_cmp(const char **a, const char **b){}
253 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
254 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
258 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
266 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
270 SQUID_STATE_ROLLBACK(check_TXTDB)
273 dnl Check if we can rewrite the hello message stored in an SSL object.
274 dnl The tests are very basic, just check if the required members exist in
276 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
277 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
278 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
279 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
284 #include <openssl/ssl.h>
285 #include <openssl/err.h>
291 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
292 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
293 assert(wb->len == 0);
294 memcpy(wb->buf, msg, 0);
295 assert(wb->left == 0);
296 memcpy(ssl->init_buf->data, msg, 0);
298 ssl->s3->wpend_ret = 0;
299 ssl->s3->wpend_tot = 0;
300 SSL_CIPHER *cipher = 0;
301 assert(SSL_CIPHER_get_id(cipher));
305 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
312 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)