From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 18 Feb 2010 13:34:03 +0000 (+0000)
Subject: Pickup ldns fix #297.
X-Git-Tag: release-1.4.2~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=366e8c447761c83e33ca2279cbeb007db0d4946b;p=thirdparty%2Funbound.git

Pickup ldns fix #297.


git-svn-id: file:///svn/unbound/trunk@1988 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/acx_nlnetlabs.m4 b/acx_nlnetlabs.m4
index dc07f66e1..692ae004c 100644
--- a/acx_nlnetlabs.m4
+++ b/acx_nlnetlabs.m4
@@ -2,7 +2,8 @@
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
-# Version 6
+# Version 7
+# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS seperate, -ldl
 # 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN
 # 2010-01-20 added AHX_COONFIG_STRLCAT
 # 2009-07-14 U_CHAR detection improved for windows crosscompile.
@@ -593,6 +594,7 @@ AC_DEFUN([ACX_SSL_CHECKS], [
                 dnl assume /usr/include is already in the include-path.
                 if test "$ssldir" != "/usr"; then
                         CPPFLAGS="$CPPFLAGS -I$ssldir/include"
+                        LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
                 fi
                 break;
             fi
@@ -605,11 +607,13 @@ AC_DEFUN([ACX_SSL_CHECKS], [
             dnl assume /usr is already in the lib and dynlib paths.
             if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
                 LDFLAGS="$LDFLAGS -L$ssldir/lib"
+                LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
                 ACX_RUNTIME_PATH_ADD([$ssldir/lib])
             fi
         
             AC_MSG_CHECKING([for HMAC_CTX_init in -lcrypto])
             LIBS="$LIBS -lcrypto"
+            LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
             AC_TRY_LINK(, [
                 int HMAC_CTX_init(void);
                 (void)HMAC_CTX_init();
@@ -621,7 +625,9 @@ AC_DEFUN([ACX_SSL_CHECKS], [
                 AC_MSG_RESULT(no)
                 # check if -lwsock32 or -lgdi32 are needed.	
                 BAKLIBS="$LIBS"
+                BAKSSLLIBS="$LIBSSL_LIBS"
                 LIBS="$LIBS -lgdi32"
+                LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
                 AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
                 AC_TRY_LINK([], [
                     int HMAC_CTX_init(void);
@@ -633,7 +639,9 @@ AC_DEFUN([ACX_SSL_CHECKS], [
                   ],[
                     AC_MSG_RESULT(no)
                     LIBS="$BAKLIBS"
+                    LIBSSL_LIBS="$BAKSSLLIBS"
                     LIBS="$LIBS -ldl"
+                    LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
                     AC_MSG_CHECKING([if -lcrypto needs -ldl])
                     AC_TRY_LINK([], [
                         int HMAC_CTX_init(void);
@@ -651,6 +659,12 @@ AC_DEFUN([ACX_SSL_CHECKS], [
         fi
         AC_SUBST(HAVE_SSL)
         AC_SUBST(RUNTIME_PATH)
+	# openssl engine functionality needs dlopen().
+	BAKLIBS="$LIBS"
+	AC_SEARCH_LIBS([dlopen], [dl])
+	if test "$LIBS" != "$BAKLIBS"; then
+		LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
+	fi
     fi
 AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
 AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
diff --git a/configure b/configure
index 57ec14869..5ba26c67c 100755
--- a/configure
+++ b/configure
@@ -17107,6 +17107,7 @@ _ACEOF
 
                                 if test "$ssldir" != "/usr"; then
                         CPPFLAGS="$CPPFLAGS -I$ssldir/include"
+                        LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir/include"
                 fi
                 break;
             fi
@@ -17121,6 +17122,7 @@ $as_echo "found in $ssldir" >&6; }
             HAVE_SSL=yes
                         if test "$ssldir" != "/usr" -a "$ssldir" != ""; then
                 LDFLAGS="$LDFLAGS -L$ssldir/lib"
+                LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir/lib"
 
 	if test "x$enable_rpath" = xyes; then
 		if echo "$ssldir/lib" | grep "^/" >/dev/null; then
@@ -17133,6 +17135,7 @@ $as_echo "found in $ssldir" >&6; }
             { $as_echo "$as_me:$LINENO: checking for HMAC_CTX_init in -lcrypto" >&5
 $as_echo_n "checking for HMAC_CTX_init in -lcrypto... " >&6; }
             LIBS="$LIBS -lcrypto"
+            LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
             cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
@@ -17190,7 +17193,9 @@ sed 's/^/| /' conftest.$ac_ext >&5
 $as_echo "no" >&6; }
                 # check if -lwsock32 or -lgdi32 are needed.
                 BAKLIBS="$LIBS"
+                BAKSSLLIBS="$LIBSSL_LIBS"
                 LIBS="$LIBS -lgdi32"
+                LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
                 { $as_echo "$as_me:$LINENO: checking if -lcrypto needs -lgdi32" >&5
 $as_echo_n "checking if -lcrypto needs -lgdi32... " >&6; }
                 cat >conftest.$ac_ext <<_ACEOF
@@ -17249,7 +17254,9 @@ sed 's/^/| /' conftest.$ac_ext >&5
                     { $as_echo "$as_me:$LINENO: result: no" >&5
 $as_echo "no" >&6; }
                     LIBS="$BAKLIBS"
+                    LIBSSL_LIBS="$BAKSSLLIBS"
                     LIBS="$LIBS -ldl"
+                    LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
                     { $as_echo "$as_me:$LINENO: checking if -lcrypto needs -ldl" >&5
 $as_echo_n "checking if -lcrypto needs -ldl... " >&6; }
                     cat >conftest.$ac_ext <<_ACEOF
@@ -17331,6 +17338,98 @@ rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
         fi
 
 
+	# openssl engine functionality needs dlopen().
+	BAKLIBS="$LIBS"
+	{ $as_echo "$as_me:$LINENO: checking for library containing dlopen" >&5
+$as_echo_n "checking for library containing dlopen... " >&6; }
+if test "${ac_cv_search_dlopen+set}" = set; then
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h.  */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dl; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  rm -f conftest.$ac_objext conftest$ac_exeext
+if { (ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
+$as_echo "$ac_try_echo") >&5
+  (eval "$ac_link") 2>conftest.er1
+  ac_status=$?
+  grep -v '^ *+' conftest.er1 >conftest.err
+  rm -f conftest.er1
+  cat conftest.err >&5
+  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
+  (exit $ac_status); } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then
+  ac_cv_search_dlopen=$ac_res
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+
+fi
+
+rm -rf conftest.dSYM
+rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
+      conftest$ac_exeext
+  if test "${ac_cv_search_dlopen+set}" = set; then
+  break
+fi
+done
+if test "${ac_cv_search_dlopen+set}" = set; then
+  :
+else
+  ac_cv_search_dlopen=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_dlopen" >&5
+$as_echo "$ac_cv_search_dlopen" >&6; }
+ac_res=$ac_cv_search_dlopen
+if test "$ac_res" != no; then
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+	if test "$LIBS" != "$BAKLIBS"; then
+		LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
+	fi
     fi
 
 for ac_header in openssl/ssl.h
@@ -18017,19 +18116,33 @@ fi
 
 case "$enable_gost" in
 	yes)
-	{ $as_echo "$as_me:$LINENO: checking for EVP_PKEY_set_type_str in -lcrypto" >&5
-$as_echo_n "checking for EVP_PKEY_set_type_str in -lcrypto... " >&6; }
-if test "${ac_cv_lib_crypto_EVP_PKEY_set_type_str+set}" = set; then
+	{ $as_echo "$as_me:$LINENO: checking for EVP_PKEY_set_type_str" >&5
+$as_echo_n "checking for EVP_PKEY_set_type_str... " >&6; }
+if test "${ac_cv_func_EVP_PKEY_set_type_str+set}" = set; then
   $as_echo_n "(cached) " >&6
 else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto  $LIBS"
-cat >conftest.$ac_ext <<_ACEOF
+  cat >conftest.$ac_ext <<_ACEOF
 /* confdefs.h.  */
 _ACEOF
 cat confdefs.h >>conftest.$ac_ext
 cat >>conftest.$ac_ext <<_ACEOF
 /* end confdefs.h.  */
+/* Define EVP_PKEY_set_type_str to an innocuous variant, in case <limits.h> declares EVP_PKEY_set_type_str.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define EVP_PKEY_set_type_str innocuous_EVP_PKEY_set_type_str
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char EVP_PKEY_set_type_str (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef EVP_PKEY_set_type_str
 
 /* Override any GCC internal prototype to avoid an error.
    Use char because int might match the return type of a GCC
@@ -18038,6 +18151,13 @@ cat >>conftest.$ac_ext <<_ACEOF
 extern "C"
 #endif
 char EVP_PKEY_set_type_str ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_EVP_PKEY_set_type_str || defined __stub___EVP_PKEY_set_type_str
+choke me
+#endif
+
 int
 main ()
 {
@@ -18067,22 +18187,21 @@ $as_echo "$ac_try_echo") >&5
 	 test "$cross_compiling" = yes ||
 	 $as_test_x conftest$ac_exeext
        }; then
-  ac_cv_lib_crypto_EVP_PKEY_set_type_str=yes
+  ac_cv_func_EVP_PKEY_set_type_str=yes
 else
   $as_echo "$as_me: failed program was:" >&5
 sed 's/^/| /' conftest.$ac_ext >&5
 
-	ac_cv_lib_crypto_EVP_PKEY_set_type_str=no
+	ac_cv_func_EVP_PKEY_set_type_str=no
 fi
 
 rm -rf conftest.dSYM
 rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
       conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
 fi
-{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_EVP_PKEY_set_type_str" >&5
-$as_echo "$ac_cv_lib_crypto_EVP_PKEY_set_type_str" >&6; }
-if test "x$ac_cv_lib_crypto_EVP_PKEY_set_type_str" = x""yes; then
+{ $as_echo "$as_me:$LINENO: result: $ac_cv_func_EVP_PKEY_set_type_str" >&5
+$as_echo "$ac_cv_func_EVP_PKEY_set_type_str" >&6; }
+if test "x$ac_cv_func_EVP_PKEY_set_type_str" = x""yes; then
   :
 else
   { { $as_echo "$as_me:$LINENO: error: OpenSSL >= 1.0.0 is needed for GOST support" >&5
diff --git a/configure.ac b/configure.ac
index 9e9c96ad8..42cb1fcfb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -401,7 +401,7 @@ esac
 AC_ARG_ENABLE(gost, AC_HELP_STRING([--enable-gost], [Enable GOST support, experimental]))
 case "$enable_gost" in
 	yes)
-	AC_CHECK_LIB(crypto, EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support])])
+	AC_CHECK_FUNC(EVP_PKEY_set_type_str, [:],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support])])
 	AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.])
 	;;
 	no|*)
diff --git a/doc/Changelog b/doc/Changelog
index 7813d7611..ad3cbca2b 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
 	- No more blacklisting of unresponsive servers, a 2 minute timeout
 	  is backed off to.
 	- RD flag not enabled for dnssec-blacklisted tries, unless necessary.
+	- pickup ldns compile fix, libdl for libcrypto.
 
 17 February 2010: Wouter
 	- Disregard DNSKEY from authority section for chain of trust.
diff --git a/ldns-src.tar.gz b/ldns-src.tar.gz
index 88ca283a5..f8d643f63 100644
Binary files a/ldns-src.tar.gz and b/ldns-src.tar.gz differ