From: Wouter Wijngaards Date: Wed, 23 Jan 2019 08:57:49 +0000 (+0000) Subject: - Fix configure to detect SSL_CTX_set_ciphersuites, for better X-Git-Tag: release-1.9.0rc1~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e59c8344fb576e488b344f813bbc40121ba6cd8;p=thirdparty%2Funbound.git - Fix configure to detect SSL_CTX_set_ciphersuites, for better library compatibility when compiling. git-svn-id: file:///svn/unbound/trunk@5058 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/config.h.in b/config.h.in index f1853ba38..22403ad2f 100644 --- a/config.h.in +++ b/config.h.in @@ -451,6 +451,9 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +#undef HAVE_SSL_CTX_SET_CIPHERSUITES + /* Define to 1 if you have the `SSL_CTX_set_security_level' function. */ #undef HAVE_SSL_CTX_SET_SECURITY_LEVEL diff --git a/configure b/configure index 480cc3fbf..bfc57db74 100755 --- a/configure +++ b/configure @@ -18009,7 +18009,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" diff --git a/configure.ac b/configure.ac index d5385d39a..31937d046 100644 --- a/configure.ac +++ b/configure.ac @@ -786,7 +786,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ diff --git a/daemon/unbound.c b/daemon/unbound.c index 193bb1231..dfbc1238f 100644 --- a/daemon/unbound.c +++ b/daemon/unbound.c @@ -436,7 +436,7 @@ perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode, fatal_exit("failed to set tls-cipher %s", cfg->tls_ciphers); } } -#if OPENSSL_VERSION_NUMBER >= 0x1010101 +#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES if(cfg->tls_ciphersuites && cfg->tls_ciphersuites[0]) { if (!SSL_CTX_set_ciphersuites(daemon->listen_sslctx, cfg->tls_ciphersuites)) { fatal_exit("failed to set tls-ciphersuites %s", cfg->tls_ciphersuites); diff --git a/doc/Changelog b/doc/Changelog index 7f2b6dc95..402b7ce30 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Patch from Manabu Sonoda with tls-ciphers and tls-ciphersuites options for unbound.conf. - Fixes for the patch, and man page entry. + - Fix configure to detect SSL_CTX_set_ciphersuites, for better + library compatibility when compiling. 22 January 2018: Wouter - Fix space calculation for tcp req buffer size.