-dnl
-dnl AUTHOR: Squid Web Cache team
-dnl
-dnl SQUID Web Proxy Cache http://www.squid-cache.org/
-dnl ----------------------------------------------------------
-dnl Squid is the result of efforts by numerous individuals from
-dnl the Internet community; see the CONTRIBUTORS file for full
-dnl details. Many organizations have provided support for Squid's
-dnl development; see the SPONSORS file for full details. Squid is
-dnl Copyrighted (C) 2001 by the Regents of the University of
-dnl California; see the COPYRIGHT file for full details. Squid
-dnl incorporates software developed and/or copyrighted by other
-dnl sources; see the CREDITS file for full details.
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful,
-dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-dnl GNU General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
-
+## Copyright (C) 1996-2017 The Squid Software Foundation and contributors
+##
+## Squid software is distributed under GPLv2+ license and includes
+## contributions from numerous individuals and organizations.
+## Please see the COPYING and CONTRIBUTORS files for details.
+##
dnl checks whether dbopen needs -ldb to be added to libs
dnl sets ac_cv_dbopen_libdb to either "yes" or "no"
],
[
SSLeay_add_ssl_algorithms();
- SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
+#else
+ SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
+#endif
SSL *ssl = SSL_new(sslContext);
X509* cert = SSL_get_certificate(ssl);
return 0;
AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
AC_MSG_RESULT([yes])
],
- [])
+ [
+ AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0)
+ AC_MSG_RESULT([cross-compile, assuming no])
+ ])
AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
AC_RUN_IFELSE([
],
[
SSLeay_add_ssl_algorithms();
- SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+ SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
+#else
+ SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
+#endif
X509 ***pCert = (X509 ***)sslContext->cert;
X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
if (sslCtxCert != NULL)
[
AC_MSG_RESULT([no])
],
-[])
+ [
+ AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0)
+ AC_MSG_RESULT([cross-compile, assuming no])
+ ])
SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
])
+dnl Checks whether the SSL_CTX_new and similar functions require
+dnl a const 'SSL_METHOD *' argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
+ AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
+ SQUID_STATE_SAVE(check_const_SSL_METHOD)
+ AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
+
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+ ],
+ [
+ const SSL_METHOD *method = NULL;
+ SSL_CTX *sslContext = SSL_CTX_new(method);
+ return (sslContext != NULL);
+ ])
+ ],
+ [
+ AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [])
+
+SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
+]
+)
dnl Try to handle TXT_DB related problems:
dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
+ AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
SQUID_STATE_SAVE(check_TXTDB)
LIBS="$LIBS $SSLLIB"
+ squid_cv_check_openssl_pstring="no"
AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM(
[
AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
AC_MSG_RESULT([yes])
+ squid_cv_check_openssl_pstring="yes"
],
[
AC_MSG_RESULT([no])
],
[])
+ if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
+ AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [
+ #include <openssl/txt_db.h>
+ ],
+ [
+ TXT_DB *db = NULL;
+ const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
+ return (current_row != NULL);
+ ])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
+ AC_MSG_RESULT([yes])
+ ],
+ [])
+ fi
+
AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM(
SQUID_STATE_ROLLBACK(check_TXTDB)
])
+
+dnl Check if we can rewrite the hello message stored in an SSL object.
+dnl The tests are very basic, just check if the required members exist in
+dnl SSL structure.
+AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[
+ AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct")
+ SQUID_STATE_SAVE(check_openSSL_overwrite_hack)
+ AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct)
+
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+ #include <assert.h>
+ ],
+ [
+ SSL *ssl;
+ char *random, *msg;
+ memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE);
+ SSL3_BUFFER *wb=&(ssl->s3->wbuf);
+ assert(wb->len == 0);
+ memcpy(wb->buf, msg, 0);
+ assert(wb->left == 0);
+ memcpy(ssl->init_buf->data, msg, 0);
+ ssl->init_num = 0;
+ ssl->s3->wpend_ret = 0;
+ ssl->s3->wpend_tot = 0;
+ SSL_CIPHER *cipher = 0;
+ assert(SSL_CIPHER_get_id(cipher));
+ ])
+ ],
+ [
+ AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [])
+
+SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack)
+]
+)