acinclude/lib-checks.m4

   1 ## Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl checks whether dbopen needs -ldb to be added to libs
   9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
  10
  11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
  12   AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
  13     SQUID_STATE_SAVE(dbopen_libdb)
  14     LIBS="$LIBS -ldb"
  15     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  16 #if HAVE_SYS_TYPES_H
  17 #include <sys/types.h>
  18 #endif
  19 #if HAVE_LIMITS_H
  20 #include <limits.h>
  21 #endif
  22 #if HAVE_DB_185_H
  23 #include <db_185.h>
  24 #elif HAVE_DB_H
  25 #include <db.h>
  26 #endif]],
  27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
  28     [ac_cv_dbopen_libdb="yes"],
  29     [ac_cv_dbopen_libdb="no"])
  30     SQUID_STATE_ROLLBACK(dbopen_libdb)
  31   ])
  32 ])
  33
  34
  35 dnl check whether regex works by actually compiling one
  36 dnl sets squid_cv_regex_works to either yes or no
  37
  38 AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[
  39   AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[
  40     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
  41 #if HAVE_SYS_TYPES_H
  42 #include <sys/types.h>
  43 #endif
  44 #if HAVE_REGEX_H
  45 #include <regex.h>
  46 #endif
  47 ]], [[
  48 regex_t t; regcomp(&t,"",0);]])],
  49     [ squid_cv_regex_works=yes ],
  50     [ squid_cv_regex_works=no ])
  51   ])
  52 ])
  53
  54
  55 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  56   AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
  57     SQUID_STATE_SAVE(iphlpapi)
  58     LIBS="$LIBS -liphlpapi"
  59     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  60 #include <windows.h>
  61 #include <winsock2.h>
  62 #include <iphlpapi.h>
  63 ]], [[
  64   MIB_IPNETTABLE i;
  65   unsigned long isz=sizeof(i);
  66   GetIpNetTable(&i,&isz,FALSE);
  67     ]])],
  68     [squid_cv_have_libiphlpapi=yes
  69      SQUID_STATE_COMMIT(iphlpapi)],
  70     [squid_cv_have_libiphlpapi=no
  71      SQUID_STATE_ROLLBACK(iphlpapi)])
  72   ])
  73   SQUID_STATE_ROLLBACK(iphlpapi)
  74 ])
  75
  76 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
  77 dnl workaround can be used instead of using the SSL_get_certificate
  78 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
  79   AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
  80   AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
  81   SQUID_STATE_SAVE(check_SSL_get_certificate)
  82   LIBS="$SSLLIB $LIBS"
  83   if test "x$SSLLIBDIR" != "x"; then
  84      LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
  85   fi
  86
  87   AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
  88   AC_RUN_IFELSE([
  89   AC_LANG_PROGRAM(
  90     [
  91      #include <openssl/ssl.h>
  92      #include <openssl/err.h>
  93     ],
  94     [
  95     SSLeay_add_ssl_algorithms();
  96 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
  97     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
  98 #else
  99     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
 100 #endif
 101     SSL *ssl = SSL_new(sslContext);
 102     X509* cert = SSL_get_certificate(ssl);
 103     return 0;
 104     ])
 105   ],
 106   [
 107    AC_MSG_RESULT([no])
 108   ],
 109   [
 110    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
 111    AC_MSG_RESULT([yes])
 112   ],
 113   [
 114    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
 115    AC_MSG_RESULT([cross-compile, assuming no])
 116   ])
 117
 118   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
 119   AC_RUN_IFELSE([
 120   AC_LANG_PROGRAM(
 121     [
 122      #include <openssl/ssl.h>
 123      #include <openssl/err.h>
 124     ],
 125     [
 126     SSLeay_add_ssl_algorithms();
 127 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 128     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 129 #else
 130     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
 131 #endif
 132     X509 ***pCert = (X509 ***)sslContext->cert;
 133     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
 134     if (sslCtxCert != NULL)
 135         return 1;
 136     return 0;
 137     ])
 138   ],
 139   [
 140    AC_MSG_RESULT([yes])
 141    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
 142   ],
 143   [
 144    AC_MSG_RESULT([no])
 145   ],
 146   [
 147    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
 148    AC_MSG_RESULT([cross-compile, assuming no])
 149   ])
 150
 151 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 152 ])
 153
 154 dnl Checks whether the  SSL_CTX_new and similar functions require
 155 dnl a const 'SSL_METHOD *' argument
 156 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
 157   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 158   SQUID_STATE_SAVE(check_const_SSL_METHOD)
 159   AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 160
 161   AC_COMPILE_IFELSE([
 162   AC_LANG_PROGRAM(
 163     [
 164      #include <openssl/ssl.h>
 165      #include <openssl/err.h>
 166     ],
 167     [
 168        const SSL_METHOD *method = NULL;
 169        SSL_CTX *sslContext = SSL_CTX_new(method);
 170        return (sslContext != NULL);
 171     ])
 172   ],
 173   [
 174    AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
 175    AC_MSG_RESULT([yes])
 176   ],
 177   [
 178    AC_MSG_RESULT([no])
 179   ],
 180   [])
 181
 182 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
 183 ]
 184 )
 185
 186 dnl Try to handle TXT_DB related  problems:
 187 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
 188 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
 189 dnl    implemented correctly and causes type conversion errors while compiling squid
 190
 191 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 192   AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
 193   AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
 194   AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
 195
 196   SQUID_STATE_SAVE(check_TXTDB)
 197
 198   LIBS="$LIBS $SSLLIB"
 199   squid_cv_check_openssl_pstring="no"
 200   AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
 201   AC_COMPILE_IFELSE([
 202   AC_LANG_PROGRAM(
 203     [
 204      #include <openssl/txt_db.h>
 205     ],
 206     [
 207     TXT_DB *db = NULL;
 208     int i = sk_OPENSSL_PSTRING_num(db->data);
 209     return 0;
 210     ])
 211   ],
 212   [
 213    AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
 214    AC_MSG_RESULT([yes])
 215    squid_cv_check_openssl_pstring="yes"
 216   ],
 217   [
 218    AC_MSG_RESULT([no])
 219   ],
 220   [])
 221
 222   if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
 223      AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
 224      AC_COMPILE_IFELSE([
 225      AC_LANG_PROGRAM(
 226        [
 227         #include <openssl/txt_db.h>
 228        ],
 229        [
 230        TXT_DB *db = NULL;
 231        const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
 232        return (current_row != NULL);
 233        ])
 234      ],
 235      [
 236       AC_MSG_RESULT([no])
 237      ],
 238      [
 239       AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
 240       AC_MSG_RESULT([yes])
 241      ],
 242      [])
 243   fi
 244
 245   AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
 246   AC_COMPILE_IFELSE([
 247   AC_LANG_PROGRAM(
 248     [
 249      #include <openssl/txt_db.h>
 250
 251      static unsigned long index_serial_hash(const char **a){}
 252      static int index_serial_cmp(const char **a, const char **b){}
 253      static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
 254      static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
 255     ],
 256     [
 257     TXT_DB *db = NULL;
 258     TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
 259     ])
 260   ],
 261   [
 262    AC_MSG_RESULT([no])
 263   ],
 264   [
 265    AC_MSG_RESULT([yes])
 266    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
 267   ],
 268 [])
 269
 270 SQUID_STATE_ROLLBACK(check_TXTDB)
 271 ])
 272
 273 dnl Check if we can rewrite the hello message stored in an SSL object.
 274 dnl The tests are very basic, just check if the required members exist in
 275 dnl SSL structure.
 276 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
 277   AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
 278   SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
 279   AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
 280
 281   AC_COMPILE_IFELSE([
 282   AC_LANG_PROGRAM(
 283     [
 284      #include <openssl/ssl.h>
 285      #include <openssl/err.h>
 286      #include <assert.h>
 287     ],
 288     [
 289     SSL *ssl;
 290     char *random, *msg;
 291     memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
 292     SSL3_BUFFER *wb=&(ssl->s3->wbuf);
 293     assert(wb->len == 0);
 294     memcpy(wb->buf, msg, 0);
 295     assert(wb->left == 0);
 296     memcpy(ssl->init_buf->data, msg, 0);
 297     ssl->init_num = 0;
 298     ssl->s3->wpend_ret = 0;
 299     ssl->s3->wpend_tot = 0;
 300     SSL_CIPHER *cipher = 0;
 301     assert(SSL_CIPHER_get_id(cipher));
 302     ])
 303   ],
 304   [
 305    AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
 306   ],
 307   [
 308    AC_MSG_RESULT([no])
 309   ],
 310   [])
 311
 312 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
 313 ]
 314 )