From: Amos Jeffries Date: Sat, 27 May 2017 05:24:31 +0000 (+1200) Subject: Bug 4662 pt3: feature detect OpenSSL 1.1 const changes X-Git-Tag: M-staged-PR71~157 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d841344c9884b42c60d1d9dc2b5b2a97ab1fd49;p=thirdparty%2Fsquid.git Bug 4662 pt3: feature detect OpenSSL 1.1 const changes --- diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4 index 5c47f707f1..e7ee2e7616 100644 --- a/acinclude/lib-checks.m4 +++ b/acinclude/lib-checks.m4 @@ -199,8 +199,54 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ []) SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) -] -) +]) + +dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument +AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[ + AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") + SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA) + AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include + +int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) { + return 0; +} + ],[ +return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL); + ]) + ],[ + AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1) + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + ]) + SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA) +]) + +dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument +AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[ + AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") + SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb) + AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include + +SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) { + return NULL; +} + ],[ +SSL_CTX_sess_set_get_cb(NULL, get_session_cb); +return 0; + ]) + ],[ + AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1) + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + ]) + SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb) +]) dnl Try to handle TXT_DB related problems: dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version diff --git a/configure.ac b/configure.ac index 74b0fe6a72..6d513cf27e 100644 --- a/configure.ac +++ b/configure.ac @@ -1342,6 +1342,8 @@ if test "x$with_openssl" = "xyes"; then SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS fi SQUID_CHECK_OPENSSL_CONST_SSL_METHOD + SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA + SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG SQUID_CHECK_OPENSSL_TXTDB SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK fi diff --git a/src/ssl/support.cc b/src/ssl/support.cc index 4e49261fec..40b92caf8e 100644 --- a/src/ssl/support.cc +++ b/src/ssl/support.cc @@ -380,7 +380,7 @@ ssl_verify_cb(int ok, X509_STORE_CTX * ctx) } // "dup" function for SSL_get_ex_new_index("cert_err_check") -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP static int ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) @@ -1440,10 +1440,10 @@ remove_session_cb(SSL_CTX *, SSL_SESSION *sessionID) } static SSL_SESSION * -#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy) -#else +#if SQUID_USE_CONST_SSL_SESSION_CBID get_session_cb(SSL *, const unsigned char *sessionID, int len, int *copy) +#else +get_session_cb(SSL *, unsigned char *sessionID, int len, int *copy) #endif { if (!Ssl::SessionCache)