From: Paul Howarth <paul@city-fan.org>
Date: Mon, 31 Oct 2016 10:49:38 +0000 (+0000)
Subject: configure: Fix build with old OpenSSL without SSL_clear_options
X-Git-Tag: 2.2.27~125
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed526ea61b0cefc48f0201560137d56e08bdfb1f;p=thirdparty%2Fdovecot%2Fcore.git

configure: Fix build with old OpenSSL without SSL_clear_options

SSL_clear_options was introduced in OpenSSL 0.9.8m but may be
backported to older versions in "enterprise" OS releases, so a version
check is insufficient here.

It was originally implemented as a macro but is a function in more
recent OpenSSL versions, so a test that works for both cases is needed.
---

diff --git a/configure.ac b/configure.ac
index dc137620dd..a9cfb6bb7f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1706,6 +1706,29 @@ if test $want_openssl != no && test $have_ssl = no; then
     have_ssl="yes (OpenSSL)"
     build_dcrypt_openssl="no"
 
+    # SSL_clear_options introduced in openssl 0.9.8m but may be backported to
+    # older versions in "enterprise" OS releases; originally implemented as a
+    # macro but as a function in more recent openssl versions
+    AC_CACHE_CHECK([whether SSL_clear_options exists],i_cv_have_ssl_clear_options,[
+      old_LIBS=$LIBS
+      LIBS="$LIBS -lssl"
+      AC_TRY_LINK([
+	#include <openssl/ssl.h>
+      ], [
+	SSL *ssl;
+	long options;
+	SSL_clear_options(ssl, options);
+      ], [
+	i_cv_have_ssl_clear_options=yes
+      ], [
+	i_cv_have_ssl_clear_options=no
+      ])
+      LIBS=$old_LIBS
+    ])
+    if test $i_cv_have_ssl_clear_options = yes; then
+      AC_DEFINE(HAVE_SSL_CLEAR_OPTIONS,, [Define if you have SSL_clear_options])
+    fi
+
     AC_CHECK_LIB(ssl, SSL_get_current_compression, [
       AC_DEFINE(HAVE_SSL_COMPRESSION,, [Build with OpenSSL compression])
     ],, $SSL_LIBS)
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 8213483fb9..e59bc545c7 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -163,7 +163,9 @@ openssl_iostream_set(struct ssl_iostream *ssl_io,
 	if (set->prefer_server_ciphers)
 		SSL_set_options(ssl_io->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
 	if (set->protocols != NULL) {
+#if defined(HAVE_SSL_CLEAR_OPTIONS)
 		SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS);
+#endif
 		SSL_set_options(ssl_io->ssl,
 				openssl_get_protocol_options(set->protocols));
 	}