Bug 4662 pt3: feature detect OpenSSL 1.1 const changes

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 5c47f707f1db7243ca6a7b130ab95232b38ea790..e7ee2e7616bc90efdb75fd33da6874fe6045c038 100644 (file)
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -199,8 +199,54 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
   [])
 
 SQUID_STATE_ROLLBACK(check_const_SSL_METHOD)
-]
-)
+])
+
+dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[
+  AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
+  SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA)
+  AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'")
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <openssl/ssl.h>
+
+int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) {
+    return 0;
+}
+    ],[
+return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL);
+    ])
+  ],[
+   AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1)
+   AC_MSG_RESULT([yes])
+  ],[
+   AC_MSG_RESULT([no])
+  ])
+  SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA)
+])
+
+dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument
+AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[
+  AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
+  SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb)
+  AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument")
+  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
+#include <openssl/ssl.h>
+
+SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) {
+    return NULL;
+}
+    ],[
+SSL_CTX_sess_set_get_cb(NULL, get_session_cb);
+return 0;
+    ])
+  ],[
+   AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1)
+   AC_MSG_RESULT([yes])
+  ],[
+   AC_MSG_RESULT([no])
+  ])
+  SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb)
+])
 
 dnl Try to handle TXT_DB related  problems:
 dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version

diff --git a/configure.ac b/configure.ac
index 74b0fe6a724f06d0fc0402321a98217d0ef127a8..6d513cf27ec68c6261409535cb65f05e802d5808 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1342,6 +1342,8 @@ if test "x$with_openssl" = "xyes"; then
       SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS
     fi
     SQUID_CHECK_OPENSSL_CONST_SSL_METHOD
+    SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA
+    SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG
     SQUID_CHECK_OPENSSL_TXTDB
     SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK
   fi

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index 4e49261fec4ac1251b019664d323e60484350de1..40b92caf8e09c92c08a98da8dc5d0c115d71f309 100644 (file)
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -380,7 +380,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx)
 }
 
 // "dup" function for SSL_get_ex_new_index("cert_err_check")
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP
 static int
 ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,
                     int, long, void *)
@@ -1440,10 +1440,10 @@ remove_session_cb(SSL_CTX *, SSL_SESSION *sessionID)
 }
 
 static SSL_SESSION *
-#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
-#else
+#if SQUID_USE_CONST_SSL_SESSION_CBID
 get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy)
+#else
+get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy)
 #endif
 {
     if (!Ssl::SessionCache)