acinclude/lib-checks.m4

   1 ## Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   2 ##
   3 ## Squid software is distributed under GPLv2+ license and includes
   4 ## contributions from numerous individuals and organizations.
   5 ## Please see the COPYING and CONTRIBUTORS files for details.
   6 ##
   7
   8 dnl checks whether dbopen needs -ldb to be added to libs
   9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
  10
  11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
  12   AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
  13     SQUID_STATE_SAVE(dbopen_libdb)
  14     LIBS="$LIBS -ldb"
  15     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  16 #if HAVE_SYS_TYPES_H
  17 #include <sys/types.h>
  18 #endif
  19 #if HAVE_LIMITS_H
  20 #include <limits.h>
  21 #endif
  22 #if HAVE_DB_185_H
  23 #include <db_185.h>
  24 #elif HAVE_DB_H
  25 #include <db.h>
  26 #endif]],
  27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
  28     [ac_cv_dbopen_libdb="yes"],
  29     [ac_cv_dbopen_libdb="no"])
  30     SQUID_STATE_ROLLBACK(dbopen_libdb)
  31   ])
  32 ])
  33
  34
  35 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
  36   AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
  37     SQUID_STATE_SAVE(iphlpapi)
  38     LIBS="$LIBS -liphlpapi"
  39     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
  40 #include <windows.h>
  41 #include <winsock2.h>
  42 #include <iphlpapi.h>
  43 ]], [[
  44   MIB_IPNETTABLE i;
  45   unsigned long isz=sizeof(i);
  46   GetIpNetTable(&i,&isz,FALSE);
  47     ]])],
  48     [squid_cv_have_libiphlpapi=yes
  49      SQUID_STATE_COMMIT(iphlpapi)],
  50     [squid_cv_have_libiphlpapi=no
  51      SQUID_STATE_ROLLBACK(iphlpapi)])
  52   ])
  53   SQUID_STATE_ROLLBACK(iphlpapi)
  54 ])
  55
  56 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
  57 dnl workaround can be used instead of using the SSL_get_certificate
  58 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
  59   AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
  60   AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
  61   SQUID_STATE_SAVE(check_SSL_get_certificate)
  62   LIBS="$SSLLIB $LIBS"
  63   if test "x$SSLLIBDIR" != "x"; then
  64      LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
  65   fi
  66
  67   AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
  68   AC_RUN_IFELSE([
  69   AC_LANG_PROGRAM(
  70     [
  71      #include <openssl/ssl.h>
  72      #include <openssl/err.h>
  73     ],
  74     [
  75     SSLeay_add_ssl_algorithms();
  76 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
  77     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
  78 #else
  79     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
  80 #endif
  81     SSL *ssl = SSL_new(sslContext);
  82     X509* cert = SSL_get_certificate(ssl);
  83     return 0;
  84     ])
  85   ],
  86   [
  87    AC_MSG_RESULT([no])
  88   ],
  89   [
  90    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
  91    AC_MSG_RESULT([yes])
  92   ],
  93   [
  94    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
  95    AC_MSG_RESULT([cross-compile, assuming no])
  96   ])
  97
  98   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
  99   AC_RUN_IFELSE([
 100   AC_LANG_PROGRAM(
 101     [
 102      #include <openssl/ssl.h>
 103      #include <openssl/err.h>
 104     ],
 105     [
 106     SSLeay_add_ssl_algorithms();
 107 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
 108     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 109 #else
 110     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
 111 #endif
 112     X509 ***pCert = (X509 ***)sslContext->cert;
 113     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
 114     if (sslCtxCert != NULL)
 115         return 1;
 116     return 0;
 117     ])
 118   ],
 119   [
 120    AC_MSG_RESULT([yes])
 121    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
 122   ],
 123   [
 124    AC_MSG_RESULT([no])
 125   ],
 126   [
 127    AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
 128    AC_MSG_RESULT([cross-compile, assuming no])
 129   ])
 130
 131 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 132 ])
 133
 134 dnl Checks whether the  SSL_CTX_new and similar functions require
 135 dnl a const 'SSL_METHOD *' argument
 136 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
 137   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 138   SQUID_STATE_SAVE(check_const_SSL_METHOD)
 139   AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
 140
 141   AC_COMPILE_IFELSE([
 142   AC_LANG_PROGRAM(
 143     [
 144      #include <openssl/ssl.h>
 145      #include <openssl/err.h>
 146     ],
 147     [
 148        const SSL_METHOD *method = NULL;
 149        SSL_CTX *sslContext = SSL_CTX_new(method);
 150        return (sslContext != NULL);
 151     ])
 152   ],
 153   [
 154    AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
 155    AC_MSG_RESULT([yes])
 156   ],
 157   [
 158    AC_MSG_RESULT([no])
 159   ],
 160   [])
 161
 162 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
 163 ]
 164 )
 165
 166 dnl Try to handle TXT_DB related  problems:
 167 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
 168 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
 169 dnl    implemented correctly and causes type conversion errors while compiling squid
 170
 171 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 172   AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
 173   AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
 174   AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
 175
 176   SQUID_STATE_SAVE(check_TXTDB)
 177
 178   LIBS="$LIBS $SSLLIB"
 179   squid_cv_check_openssl_pstring="no"
 180   AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
 181   AC_COMPILE_IFELSE([
 182   AC_LANG_PROGRAM(
 183     [
 184      #include <openssl/txt_db.h>
 185     ],
 186     [
 187     TXT_DB *db = NULL;
 188     int i = sk_OPENSSL_PSTRING_num(db->data);
 189     return 0;
 190     ])
 191   ],
 192   [
 193    AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
 194    AC_MSG_RESULT([yes])
 195    squid_cv_check_openssl_pstring="yes"
 196   ],
 197   [
 198    AC_MSG_RESULT([no])
 199   ],
 200   [])
 201
 202   if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
 203      AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
 204      AC_COMPILE_IFELSE([
 205      AC_LANG_PROGRAM(
 206        [
 207         #include <openssl/txt_db.h>
 208        ],
 209        [
 210        TXT_DB *db = NULL;
 211        const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
 212        return (current_row != NULL);
 213        ])
 214      ],
 215      [
 216       AC_MSG_RESULT([no])
 217      ],
 218      [
 219       AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
 220       AC_MSG_RESULT([yes])
 221      ],
 222      [])
 223   fi
 224
 225   AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_  macros should used)
 226   AC_COMPILE_IFELSE([
 227   AC_LANG_PROGRAM(
 228     [
 229      #include <openssl/txt_db.h>
 230
 231      static unsigned long index_serial_hash(const char **a){}
 232      static int index_serial_cmp(const char **a, const char **b){}
 233      static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
 234      static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
 235     ],
 236     [
 237     TXT_DB *db = NULL;
 238     TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
 239     ])
 240   ],
 241   [
 242    AC_MSG_RESULT([no])
 243   ],
 244   [
 245    AC_MSG_RESULT([yes])
 246    AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
 247   ],
 248 [])
 249
 250 SQUID_STATE_ROLLBACK(check_TXTDB)
 251 ])
 252
 253 dnl Check if we can rewrite the hello message stored in an SSL object.
 254 dnl The tests are very basic, just check if the required members exist in
 255 dnl SSL structure.
 256 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
 257   AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
 258   SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
 259   AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
 260
 261   AC_COMPILE_IFELSE([
 262   AC_LANG_PROGRAM(
 263     [
 264      #include <openssl/ssl.h>
 265      #include <openssl/err.h>
 266      #include <assert.h>
 267     ],
 268     [
 269     SSL *ssl;
 270     char *random, *msg;
 271     memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
 272     SSL3_BUFFER *wb=&(ssl->s3->wbuf);
 273     assert(wb->len == 0);
 274     memcpy(wb->buf, msg, 0);
 275     assert(wb->left == 0);
 276     memcpy(ssl->init_buf->data, msg, 0);
 277     ssl->init_num = 0;
 278     ssl->s3->wpend_ret = 0;
 279     ssl->s3->wpend_tot = 0;
 280     SSL_CIPHER *cipher = 0;
 281     assert(SSL_CIPHER_get_id(cipher));
 282     ])
 283   ],
 284   [
 285    AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
 286   ],
 287   [
 288    AC_MSG_RESULT([no])
 289   ],
 290   [])
 291
 292 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
 293 ]
 294 )