1 ## Copyright (C) 1996-2016 The Squid Software Foundation and contributors
3 ## Squid software is distributed under GPLv2+ license and includes
4 ## contributions from numerous individuals and organizations.
5 ## Please see the COPYING and CONTRIBUTORS files for details.
8 dnl checks whether dbopen needs -ldb to be added to libs
9 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
11 AC_DEFUN([SQUID_CHECK_DBOPEN_NEEDS_LIBDB],[
12 AC_CACHE_CHECK(if dbopen needs -ldb,ac_cv_dbopen_libdb, [
13 SQUID_STATE_SAVE(dbopen_libdb)
15 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
17 #include <sys/types.h>
27 [[dbopen("", 0, 0, DB_HASH, (void *)0L)]])],
28 [ac_cv_dbopen_libdb="yes"],
29 [ac_cv_dbopen_libdb="no"])
30 SQUID_STATE_ROLLBACK(dbopen_libdb)
35 AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
36 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[
37 SQUID_STATE_SAVE(iphlpapi)
38 LIBS="$LIBS -liphlpapi"
39 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
45 unsigned long isz=sizeof(i);
46 GetIpNetTable(&i,&isz,FALSE);
48 [squid_cv_have_libiphlpapi=yes
49 SQUID_STATE_COMMIT(iphlpapi)],
50 [squid_cv_have_libiphlpapi=no
51 SQUID_STATE_ROLLBACK(iphlpapi)])
53 SQUID_STATE_ROLLBACK(iphlpapi)
56 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
57 dnl workaround can be used instead of using the SSL_get_certificate
58 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
59 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
60 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
61 SQUID_STATE_SAVE(check_SSL_get_certificate)
63 if test "x$SSLLIBDIR" != "x"; then
64 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
67 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
71 #include <openssl/ssl.h>
72 #include <openssl/err.h>
75 SSLeay_add_ssl_algorithms();
76 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
77 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
79 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
81 SSL *ssl = SSL_new(sslContext);
82 X509* cert = SSL_get_certificate(ssl);
90 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
94 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
95 AC_MSG_RESULT([cross-compile, assuming no])
98 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
102 #include <openssl/ssl.h>
103 #include <openssl/err.h>
106 SSLeay_add_ssl_algorithms();
107 #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
108 SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
110 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
112 X509 ***pCert = (X509 ***)sslContext->cert;
113 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
114 if (sslCtxCert != NULL)
121 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
127 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
128 AC_MSG_RESULT([cross-compile, assuming no])
131 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
134 dnl Checks whether the SSL_CTX_new and similar functions require
135 dnl a const 'SSL_METHOD *' argument
136 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
137 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
138 SQUID_STATE_SAVE(check_const_SSL_METHOD)
139 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
144 #include <openssl/ssl.h>
145 #include <openssl/err.h>
148 const SSL_METHOD *method = NULL;
149 SSL_CTX *sslContext = SSL_CTX_new(method);
150 return (sslContext != NULL);
154 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
162 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
166 dnl Try to handle TXT_DB related problems:
167 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
168 dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not
169 dnl implemented correctly and causes type conversion errors while compiling squid
171 AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
172 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
173 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
174 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
176 SQUID_STATE_SAVE(check_TXTDB)
179 squid_cv_check_openssl_pstring="no"
180 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
184 #include <openssl/txt_db.h>
188 int i = sk_OPENSSL_PSTRING_num(db->data);
193 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
195 squid_cv_check_openssl_pstring="yes"
202 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
203 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
207 #include <openssl/txt_db.h>
211 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
212 return (current_row != NULL);
219 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
225 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
229 #include <openssl/txt_db.h>
231 static unsigned long index_serial_hash(const char **a){}
232 static int index_serial_cmp(const char **a, const char **b){}
233 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
234 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
238 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp));
246 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1)
250 SQUID_STATE_ROLLBACK(check_TXTDB)
253 dnl Check if we can rewrite the hello message stored in an SSL object.
254 dnl The tests are very basic, just check if the required members exist in
256 AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
257 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
258 SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
259 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
264 #include <openssl/ssl.h>
265 #include <openssl/err.h>
271 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
272 SSL3_BUFFER *wb=&(ssl->s3->wbuf);
273 assert(wb->len == 0);
274 memcpy(wb->buf, msg, 0);
275 assert(wb->left == 0);
276 memcpy(ssl->init_buf->data, msg, 0);
278 ssl->s3->wpend_ret = 0;
279 ssl->s3->wpend_tot = 0;
280 SSL_CIPHER *cipher = 0;
281 assert(SSL_CIPHER_get_id(cipher));
285 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
292 SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)