From 8d56fe5505dd28a1aed69ba19903b3266273db50 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 27 May 2017 08:55:48 +1200
Subject: [PATCH] Bug 4662: pt1: Feature detect the OpenSSL TLS_method() and
 similar functions

---
 acinclude/lib-checks.m4       | 16 ++++++++++++++--
 configure.ac                  |  1 +
 src/security/PeerOptions.cc   |  2 +-
 src/security/ServerOptions.cc |  2 +-
 4 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/acinclude/lib-checks.m4 b/acinclude/lib-checks.m4
index 41a6583335..df131eece8 100644
--- a/acinclude/lib-checks.m4
+++ b/acinclude/lib-checks.m4
@@ -46,6 +46,18 @@ AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
   SQUID_STATE_ROLLBACK(iphlpapi)
 ])
 
+dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions
+AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists")
+  AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists")
+  SQUID_STATE_SAVE(check_openssl_TLS_METHODS)
+  AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1))
+  AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1))
+  AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1))
+  SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS)
+])
+
 dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
 dnl workaround can be used instead of using the SSL_get_certificate
 AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
@@ -66,7 +78,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 #else
     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
@@ -97,7 +109,7 @@ AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
     ],
     [
     SSLeay_add_ssl_algorithms();
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_METHOD
     SSL_CTX *sslContext = SSL_CTX_new(TLS_method());
 #else
     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method());
diff --git a/configure.ac b/configure.ac
index dcaeba85c2..b0e07c25db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1325,6 +1325,7 @@ if test "x$with_openssl" = "xyes"; then
     AC_DEFINE(USE_OPENSSL,1,[OpenSSL support is available])
 
     # check for API functions
+    SQUID_CHECK_OPENSSL_TLS_METHODS
     SQUID_STATE_SAVE(check_SSL_CTX_get0_certificate)
     LIBS="$LIBS $SSLLIB"
     AC_CHECK_LIB(ssl, SSL_CTX_get0_certificate, [
diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 46a43a8474..b6ed67d31e 100644
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -248,7 +248,7 @@ Security::PeerOptions::createBlankContext() const
 #if USE_OPENSSL
     Ssl::Initialize();
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_TLS_CLIENT_METHOD
     SSL_CTX *t = SSL_CTX_new(TLS_client_method());
 #else
     SSL_CTX *t = SSL_CTX_new(SSLv23_client_method());
diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc
index a40e89d525..c6030f68b1 100644
--- a/src/security/ServerOptions.cc
+++ b/src/security/ServerOptions.cc
@@ -92,7 +92,7 @@ Security::ServerOptions::createBlankContext() const
 #if USE_OPENSSL
     Ssl::Initialize();
 
-#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+#if HAVE_OPENSSL_SERVER_METHOD
     SSL_CTX *t = SSL_CTX_new(TLS_server_method());
 #else
     SSL_CTX *t = SSL_CTX_new(SSLv23_server_method());
-- 
2.47.2