Bug 4662: pt1: Feature detect the OpenSSL TLS_method() and similar functions

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 41a6583335ad6b52cee846692c6a5c2ed5e51baa..df131eece8f167b1936e579975662b337d8b7d91 100644 (file)
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -46,6 +46,18 @@ AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
   SQUID_STATE_ROLLBACK(iphlpapi)
 ])
 
+dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
+AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
+  SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
+  AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
+  AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
+  AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
+  SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
+])
+
 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
 dnl workaround can be used instead of using the SSL_get_certificate
 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
@@ -66,7 +78,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 #else
     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
@@ -97,7 +109,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 #else
     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());

diff --git a/configure.ac b/configure.ac
index dcaeba85c23c9e4192c8dcca5d51c995c096070d..b0e07c25db7d29dd8cadfd7449fbd5b1a4634129 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -1325,6 +1325,7 @@ if test "x$with_openssl" = "xyes"; then
     AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available])
 
     # check for API functions
+    SQUID_CHECK_OPENSSL_TLS_METHODS
     SQUID_STATE_SAVE(check_SSL_CTX_get0_certificate)
     LIBS="$LIBS $SSLLIB"
     AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 46a43a8474a840bab39396712a33da815f802262..b6ed67d31e1e7f622b97847b486f4d951cab66f4 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -248,7 +248,7 @@ Security::PeerOptions::createBlankContext() const
 #if USE_OPENSSL
     Ssl::Initialize();
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_CLIENT_METHOD
     SSL_CTX *t = SSL_CTX_new(TLS_client_method());
 #else
     SSL_CTX *t = SSL_CTX_new(SSLv23_client_method());

diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc
index a40e89d525f9b39e03b0dc6f057233780ad30898..c6030f68b10952782245ff7a7d7ee8d3f6788364 100644 (file)
--- a/src/security/ServerOptions.cc
+++ b/src/security/ServerOptions.cc
@@ -92,7 +92,7 @@ Security::ServerOptions::createBlankContext() const
 #if USE_OPENSSL
     Ssl::Initialize();
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_SERVER_METHOD
     SSL_CTX *t = SSL_CTX_new(TLS_server_method());
 #else
     SSL_CTX *t = SSL_CTX_new(SSLv23_server_method());