SSL_get_peer_certificate.
- Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
-# Version 40
+# Version 41
+# 2021-07-30 fix for openssl use of lib64 directory.
# 2021-06-14 fix nonblocking test to use host instead of target for mingw test.
# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for
# 64bit compatibility.
HAVE_SSL=yes
dnl assume /usr is already in the lib and dynlib paths.
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
- LDFLAGS="$LDFLAGS -L$ssldir/lib"
- LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
- ACX_RUNTIME_PATH_ADD([$ssldir/lib])
+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
+ LDFLAGS="$LDFLAGS -L$ssldir/lib64"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
+ ACX_RUNTIME_PATH_ADD([$ssldir/lib64])
+ else
+ LDFLAGS="$LDFLAGS -L$ssldir/lib"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
+ ACX_RUNTIME_PATH_ADD([$ssldir/lib])
+ fi
fi
AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
/* Define to 1 if you have the `SSL_get0_peername' function. */
#undef HAVE_SSL_GET0_PEERNAME
+/* Define to 1 if you have the `SSL_get1_peer_certificate' function. */
+#undef HAVE_SSL_GET1_PEER_CERTIFICATE
+
/* Define to 1 if you have the `SSL_set1_host' function. */
#undef HAVE_SSL_SET1_HOST
docdir
oldincludedir
includedir
-runstatedir
localstatedir
sharedstatedir
sysconfdir
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
- -runstatedir | --runstatedir | --runstatedi | --runstated \
- | --runstate | --runstat | --runsta | --runst | --runs \
- | --run | --ru | --r)
- ac_prev=runstatedir ;;
- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
- | --run=* | --ru=* | --r=*)
- runstatedir=$ac_optarg ;;
-
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
- libdir localedir mandir runstatedir
+ libdir localedir mandir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
$as_echo "found in $ssldir" >&6; }
HAVE_SSL=yes
if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
- LDFLAGS="$LDFLAGS -L$ssldir/lib"
- LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
+ if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then
+ LDFLAGS="$LDFLAGS -L$ssldir/lib64"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib64"
+
+ if test "x$enable_rpath" = xyes; then
+ if echo "$ssldir/lib64" | grep "^/" >/dev/null; then
+ RUNTIME_PATH="$RUNTIME_PATH -R$ssldir/lib64"
+ fi
+ fi
+
+ else
+ LDFLAGS="$LDFLAGS -L$ssldir/lib"
+ LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
if test "x$enable_rpath" = xyes; then
if echo "$ssldir/lib" | grep "^/" >/dev/null; then
fi
fi
+ fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_sha256 in -lcrypto" >&5
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
-for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos
+for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
# these check_funcs need -lssl
BAKLIBS="$LIBS"
LIBS="-lssl $LIBS"
-AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos])
+AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos SSL_get1_peer_certificate])
LIBS="$BAKLIBS"
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
if (!rc->use_cert) {
verbose(VERB_ALGO, "unauthenticated remote control connection");
} else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
+#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
+ X509* x = SSL_get1_peer_certificate(s->ssl);
+#else
X509* x = SSL_get_peer_certificate(s->ssl);
+#endif
if(!x) {
verbose(VERB_DETAIL, "remote control connection "
"provided no client certificate");
30 July 2021: Wouter
- Fix #515: Compilation against openssl 3.0.0 beta2 is failing to
build unbound.
+ - For #515: Fix compilation with openssl 3.0.0 beta2, lib64 dir and
+ SSL_get_peer_certificate.
+ - Move acx_nlnetlabs.m4 to version 41, with lib64 openssl dir check.
26 July 2021: George
- Merge #513: Stream reuse, attempt to fix #411, #439, #469. This
if((SSL_get_verify_mode(c->ssl)&SSL_VERIFY_PEER)) {
/* verification */
if(SSL_get_verify_result(c->ssl) == X509_V_OK) {
+#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
+ X509* x = SSL_get1_peer_certificate(c->ssl);
+#else
X509* x = SSL_get_peer_certificate(c->ssl);
+#endif
if(!x) {
log_addr(VERB_ALGO, "SSL connection failed: "
"no certificate",
#endif
X509_free(x);
} else {
+#ifdef HAVE_SSL_GET1_PEER_CERTIFICATE
+ X509* x = SSL_get1_peer_certificate(c->ssl);
+#else
X509* x = SSL_get_peer_certificate(c->ssl);
+#endif
if(x) {
log_cert(VERB_ALGO, "peer certificate", x);
X509_free(x);
projects / thirdparty / unbound.git / commitdiff
