From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 29 May 2017 00:03:34 +0000 (+1200)
Subject: Bug 4662 pt4: better *_up_ref() detection
X-Git-Tag: M-staged-PR71~156
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fe94990bdaeb578eb75271d985d1253084d51d5f;p=thirdparty%2Fsquid.git

Bug 4662 pt4: better *_up_ref() detection

Also, removes duplicate X509_up_ref definition in ssl/support.h

Also, updates LIBS for feature detect with custom library locations
---

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index e7ee2e7616..0863b88caa 100644
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -52,6 +52,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
   AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
   AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
   SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
+  LIBS="$LIBS $SSLLIB"
   AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
   AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
   AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
@@ -68,7 +69,11 @@ AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists")
   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists")
   AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_set0_untrusted() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists")
   SQUID_STATE_SAVE(check_openssl_libcrypto_api)
+  LIBS="$LIBS $SSLLIB"
   AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1))
   AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1))
   AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1))
@@ -77,6 +82,9 @@ AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[
   AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1))
   AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1))
   AC_CHECK_LIB(crypto, X509_STORE_CTX_set0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_SET0_UNTRUSTED, 1))
+  AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1))
+  AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1))
+  AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1))
   SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api)
 ])
 
@@ -86,6 +94,7 @@ AC_DEFUN([SQUID_CHECK_LIBSSL_API],[
   AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists")
   AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists")
   SQUID_STATE_SAVE(check_openssl_libssl_api)
+  LIBS="$LIBS $SSLLIB"
   AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1))
   AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1))
   AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1))
diff --git a/src/security/forward.h b/src/security/forward.h
index f95f7b3638..6ad6b66459 100644
--- a/src/security/forward.h
+++ b/src/security/forward.h
@@ -51,9 +51,13 @@ typedef CbDataList<Security::CertError> CertErrors;
 
 #if USE_OPENSSL
 CtoCpp1(X509_free, X509 *)
-#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_X509_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_X509) // OpenSSL 1.0 API
 inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
+#endif /* CRYPTO_LOCK_X509 */
+#endif /* X509_up_ref */
 typedef Security::LockingPointer<X509, X509_free_cpp, HardFun<int, X509 *, X509_up_ref> > CertPointer;
 #elif USE_GNUTLS
 CtoCpp1(gnutls_x509_crt_deinit, gnutls_x509_crt_t)
@@ -64,9 +68,13 @@ typedef void * CertPointer;
 
 #if USE_OPENSSL
 CtoCpp1(X509_CRL_free, X509_CRL *)
-#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_X509_CRL_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_X509_CRL) // OpenSSL 1.0 API
 inline int X509_CRL_up_ref(X509_CRL *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509_CRL); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features X509_up_ref (v1.1) and CRYPTO_LOCK_X509 (v1.0)
+#endif /* CRYPTO_LOCK_X509_CRL */
+#endif /* X509_CRL_up_ref */
 typedef Security::LockingPointer<X509_CRL, X509_CRL_free_cpp, HardFun<int, X509_CRL *, X509_CRL_up_ref> > CrlPointer;
 #elif USE_GNUTLS
 CtoCpp1(gnutls_x509_crl_deinit, gnutls_x509_crl_t)
@@ -81,9 +89,13 @@ typedef std::list<Security::CrlPointer> CertRevokeList;
 
 #if USE_OPENSSL
 CtoCpp1(DH_free, DH *);
-#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0
+#if !HAVE_LIBCRYPTO_DH_UP_REF // OpenSSL 1.1 API
+#if defined(CRYPTO_LOCK_DH) // OpenSSL 1.0 API
 inline int DH_up_ref(DH *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_DH); return 0;}
-#endif
+#else
+#error missing both OpenSSL API features DH_up_ref (v1.1) and CRYPTO_LOCK_DH (v1.0)
+#endif /* OpenSSL 1.0 CRYPTO_LOCK_X509_CRL */
+#endif /* OpenSSL 1.1 DH_up_ref */
 typedef Security::LockingPointer<DH, DH_free_cpp, HardFun<int, DH *, DH_up_ref> > DhePointer;
 #else
 typedef void *DhePointer;
diff --git a/src/ssl/support.h b/src/ssl/support.h
index e8f566209e..a940e59156 100644
--- a/src/ssl/support.h
+++ b/src/ssl/support.h
@@ -83,12 +83,6 @@ bool InitServerContext(Security::ContextPointer &, AnyP::PortCfg &);
 /// initialize a TLS client context with OpenSSL specific settings
 bool InitClientContext(Security::ContextPointer &, Security::PeerOptions &, long flags);
 
-#if defined(CRYPTO_LOCK_X509)
-// portability wrapper for OpenSSL 1.0 vs 1.1
-// use Security::CertPointer instead where possible
-inline int X509_up_ref(X509 *t) {if (t) CRYPTO_add(&t->references, 1, CRYPTO_LOCK_X509); return 0;}
-#endif
-
 } //namespace Ssl
 
 /// \ingroup ServerProtocolSSLAPI