- Fix configure to detect SSL_CTX_set_ciphersuites, for better

  library compatibility when compiling.

git-svn-id: file:///svn/unbound/trunk@5058 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/config.h.in b/config.h.in
index f1853ba38451f8a44c52a144d6928500c06a2f8b..22403ad2f9fe04ce9959fd049a5e5da9474ccdc4 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -451,6 +451,9 @@
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
+/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */
+#undef HAVE_SSL_CTX_SET_CIPHERSUITES
+
 /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
 #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
 

diff --git a/configure b/configure
index 480cc3fbfbb2725d89386b98f2fb31be11427675..bfc57db7419f704a62b321c684b6ebbaecc5d74b 100755 (executable)
--- a/configure
+++ b/configure
@@ -18009,7 +18009,7 @@ done
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host
+for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

diff --git a/configure.ac b/configure.ac
index d5385d39a089b3159d53e21e0d06f1c1c3867483..31937d04679f32cf1ae3cdc17f11d792a8cb92ec 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -786,7 +786,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host])
+AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites])
 LIBS="$BAKLIBS"
 
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [

diff --git a/daemon/unbound.c b/daemon/unbound.c
index 193bb123155059a0a817be6d4c9b093b675eca2e..dfbc1238f00aa719ffab90ebe19246afbcda8915 100644 (file)
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -436,7 +436,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
                                fatal_exit("failed to set tls-cipher %s", cfg->tls_ciphers);
                        }
                }
-#if OPENSSL_VERSION_NUMBER >= 0x1010101
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
                if(cfg->tls_ciphersuites && cfg->tls_ciphersuites[0]) {
                        if (!SSL_CTX_set_ciphersuites(daemon->listen_sslctx, cfg->tls_ciphersuites)) {
                                fatal_exit("failed to set tls-ciphersuites %s", cfg->tls_ciphersuites);

diff --git a/doc/Changelog b/doc/Changelog
index 7f2b6dc95056397ca5d6d50d0276092833d5c4f8..402b7ce300c927e8f4a096b69af02f00ce8c98dc 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
        - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites
          options for unbound.conf.
        - Fixes for the patch, and man page entry.
+       - Fix configure to detect SSL_CTX_set_ciphersuites, for better
+         library compatibility when compiling.
 
 22 January 2018: Wouter
        - Fix space calculation for tcp req buffer size.