SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
])
+dnl Checks whether the SSL_CTX_new and similar functions require
+dnl a const 'SSL_METHOD *' argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
+ AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
+ SQUID_STATE_SAVE(check_const_SSL_METHOD)
+ AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
+
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [
+ #include <openssl/ssl.h>
+ #include <openssl/err.h>
+ ],
+ [
+ const SSL_METHOD *method = NULL;
+ SSL_CTX *sslContext = SSL_CTX_new(method);
+ return (sslContext != NULL);
+ ])
+ ],
+ [
+ AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1)
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [])
+
+SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
+]
+)
dnl Try to handle TXT_DB related problems:
dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version
AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[
AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member")
+ AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value")
AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors")
SQUID_STATE_SAVE(check_TXTDB)
LIBS="$LIBS $SSLLIB"
+ squid_cv_check_openssl_pstring="no"
AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member)
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM(
[
AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1)
AC_MSG_RESULT([yes])
+ squid_cv_check_openssl_pstring="yes"
],
[
AC_MSG_RESULT([no])
],
[])
+ if test x"$squid_cv_check_openssl_pstring" = "xyes"; then
+ AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used)
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM(
+ [
+ #include <openssl/txt_db.h>
+ ],
+ [
+ TXT_DB *db = NULL;
+ const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0));
+ return (current_row != NULL);
+ ])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ ],
+ [
+ AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1)
+ AC_MSG_RESULT([yes])
+ ],
+ [])
+ fi
+
AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used)
AC_COMPILE_IFELSE([
AC_LANG_PROGRAM(
if test "x$with_openssl" = "xyes"; then
SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
+SQUID_CHECK_OPENSSL_CONST_SSL_METHOD
SQUID_CHECK_OPENSSL_TXTDB
fi
#if SQUID_SSLTXTDB_PSTRINGDATA
for (int i = 0; i < sk_OPENSSL_PSTRING_num(db->data); ++i) {
+#if SQUID_STACKOF_PSTRINGDATA_HACK
+ const char ** current_row = ((const char **)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, db->data), i));
+#else
const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, i));
+#endif
#else
for (int i = 0; i < sk_num(db->data); ++i) {
const char ** current_row = ((const char **)sk_value(db->data, i));
bool removed_one = false;
#if SQUID_SSLTXTDB_PSTRINGDATA
for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
+#if SQUID_STACKOF_PSTRINGDATA_HACK
+ const char ** current_row = ((const char **)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, db.get()->data), i));
+#else
const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
+#endif
#else
for (int i = 0; i < sk_num(db.get()->data); ++i) {
const char ** current_row = ((const char **)sk_value(db.get()->data, i));
return false;
#if SQUID_SSLTXTDB_PSTRINGDATA
+#if SQUID_STACKOF_PSTRINGDATA_HACK
+ const char **row = ((const char **)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, db.get()->data), 0));
+#else
const char **row = (const char **)sk_OPENSSL_PSTRING_value(db.get()->data, 0);
+#endif
#else
const char **row = (const char **)sk_value(db.get()->data, 0);
#endif
#if SQUID_SSLTXTDB_PSTRINGDATA
for (int i = 0; i < sk_OPENSSL_PSTRING_num(db.get()->data); ++i) {
+#if SQUID_STACKOF_PSTRINGDATA_HACK
+ const char ** current_row = ((const char **)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, db.get()->data), i));
+#else
const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db.get()->data, i));
+#endif
#else
for (int i = 0; i < sk_num(db.get()->data); ++i) {
const char ** current_row = ((const char **)sk_value(db.get()->data, i));
because they are used by ssl_crtd.
*/
-#if OPENSSL_VERSION_NUMBER < 0x00909000L
-typedef SSL_METHOD * ContextMethod;
-#else
+#if SQUID_USE_CONST_SSL_METHOD
typedef const SSL_METHOD * ContextMethod;
+#else
+typedef SSL_METHOD * ContextMethod;
#endif
/**
sslCreateClientContext(const char *certfile, const char *keyfile, int version, const char *cipher, const char *options, const char *flags, const char *CAfile, const char *CApath, const char *CRLfile)
{
int ssl_error;
-#if OPENSSL_VERSION_NUMBER < 0x00909000L
- SSL_METHOD *method;
-#else
- const SSL_METHOD *method;
-#endif
- SSL_CTX *sslContext;
+ Ssl::ContextMethod method;
+ SSL_CTX * sslContext;
long fl = Ssl::parse_flags(flags);
ssl_initialize();