- configure detects ssl security level API function in the autoconf

  manner.  Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.

git-svn-id: file:///svn/unbound/trunk@3921 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/config.h.in b/config.h.in
index 04fc74396e95295fdd391e153992412d819ea459..64d1c797a0e07a99cb954770f71db4fdfbda6af2 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -395,6 +395,9 @@
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
+/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
+#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+
 /* Define to 1 if you have the <stdarg.h> header file. */
 #undef HAVE_STDARG_H
 

diff --git a/configure b/configure
index fb0eeb4eb4f35130e7b97b908df18de325e3f09c..5716f4995a2953481f96fcfbeb821b94d4e1e8ae 100755 (executable)
--- a/configure
+++ b/configure
@@ -17556,12 +17556,13 @@ done
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-for ac_func in OPENSSL_init_ssl
+for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level
 do :
-  ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl"
-if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_INIT_SSL 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi

diff --git a/configure.ac b/configure.ac
index 3a8c55fd1a50866c303c5e39eace4e97b85331ef..9ccde4d3dc7aea0a3900d11c8506e80256098fb8 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -681,7 +681,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-AC_CHECK_FUNCS([OPENSSL_init_ssl])
+AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level])
 LIBS="$BAKLIBS"
 
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [

diff --git a/daemon/remote.c b/daemon/remote.c
index 70c7de7df9e16ccf98c0045c4f086e215ecbdf00..faee2f88169c56f4f6ce0839249abd1353e39733 100644 (file)
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -243,7 +243,7 @@ daemon_remote_create(struct config_file* cfg)
 
        if (cfg->remote_control_use_cert == 0) {
                /* No certificates are requested */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
                SSL_CTX_set_security_level(rc->ctx, 0);
 #endif
                if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {

diff --git a/doc/Changelog b/doc/Changelog
index 36017abe8f9a0ab7bddbbcf7176cfcfa467b5da8..bdf5be62775b54073d57594cfb9da6c3c29c391b 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+4 November 2016: Wouter
+       - configure detects ssl security level API function in the autoconf
+         manner.  Every function on its own, so that other libraries (eg.
+         LibreSSL) can develop their API without hindrance.
+
 3 November 2016: Ralph
        - Set OpenSSL security level to 0 when using aNULL ciphers.
 

diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 857e0d641d73f047be854ddf1368471430b43111..663497205ce7b37ef305bcb708d8724b81cfe131 100644 (file)
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -176,7 +176,7 @@ setup_ctx(struct config_file* cfg)
                free(c_cert);
        } else {
                /* Use ciphers that don't require authentication  */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
                SSL_CTX_set_security_level(ctx, 0);
 #endif
                if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))