SourceFormat Enforcement

[thirdparty/squid.git] / acinclude / lib-checks.m4

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 2bf98ee0aab651ad1137d10d01bab909f343fb2e..6579024a7997b683bdb6416d521be3193dee97bb 100644 (file)
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -1,31 +1,9 @@
-dnl 
-dnl AUTHOR: Squid Web Cache team
-dnl
-dnl SQUID Web Proxy Cache          http://www.squid-cache.org/
-dnl ----------------------------------------------------------
-dnl Squid is the result of efforts by numerous individuals from
-dnl the Internet community; see the CONTRIBUTORS file for full
-dnl details.   Many organizations have provided support for Squid's
-dnl development; see the SPONSORS file for full details.  Squid is
-dnl Copyrighted (C) 2001 by the Regents of the University of
-dnl California; see the COPYRIGHT file for full details.  Squid
-dnl incorporates software developed and/or copyrighted by other
-dnl sources; see the CREDITS file for full details.
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful,
-dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-dnl GNU General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
-
+## Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
 
 dnl checks whether dbopen needs -ldb to be added to libs
 dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
@@ -115,7 +93,11 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-    SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
+#else
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
+#endif
     SSL *ssl = SSL_new(sslContext);
     X509* cert = SSL_get_certificate(ssl);
     return 0;
@@ -128,7 +110,10 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
    AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
    AC_MSG_RESULT([yes])
   ],
-  [])
+  [
+   AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
+   AC_MSG_RESULT([cross-compile, assuming no])
+  ])
 
   AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
   AC_RUN_IFELSE([
@@ -139,7 +124,11 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-    SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+    SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
+#else
+    SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
+#endif
     X509 ***pCert = (X509 ***)sslContext->cert;
     X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
     if (sslCtxCert != NULL)
@@ -154,7 +143,10 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
   [
    AC_MSG_RESULT([no])
   ],
-[])
+  [
+   AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
+   AC_MSG_RESULT([cross-compile, assuming no])
+  ])
 
 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 ])
@@ -277,3 +269,46 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
 
 SQUID_STATE_ROLLBACK(check_TXTDB)
 ])
+
+dnl Check if we can rewrite the hello message stored in an SSL object.
+dnl The tests are very basic, just check if the required members exist in
+dnl SSL structure.
+AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
+  AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
+  SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
+  AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
+
+  AC_COMPILE_IFELSE([
+  AC_LANG_PROGRAM(
+    [
+     #include <openssl/ssl.h>
+     #include <openssl/err.h>
+     #include <assert.h>
+    ],
+    [
+    SSL *ssl;
+    char *random, *msg;
+    memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
+    SSL3_BUFFER *wb=&(ssl->s3->wbuf);
+    assert(wb->len == 0);
+    memcpy(wb->buf, msg, 0);
+    assert(wb->left == 0);
+    memcpy(ssl->init_buf->data, msg, 0);
+    ssl->init_num = 0;
+    ssl->s3->wpend_ret = 0;
+    ssl->s3->wpend_tot = 0;
+    SSL_CIPHER *cipher = 0;
+    assert(SSL_CIPHER_get_id(cipher));
+    ])
+  ],
+  [
+   AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
+  ],
+  [
+   AC_MSG_RESULT([no])
+  ],
+  [])
+
+SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
+]
+)