From: W.C.A. Wijngaards Date: Thu, 22 Apr 2021 07:05:43 +0000 (+0200) Subject: - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with X-Git-Tag: release-1.13.2rc1~191 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a45a7efe694d7524d2d37070b5266453004bd4a1;p=thirdparty%2Funbound.git - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with OpenSSL 1.0.1. --- diff --git a/config.h.in b/config.h.in index fd382694a..a843d703d 100644 --- a/config.h.in +++ b/config.h.in @@ -516,6 +516,9 @@ /* Define if you have the SSL libraries installed. */ #undef HAVE_SSL +/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_PROTOS + /* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ #undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB diff --git a/configure b/configure index f86683f76..30e061f35 100755 --- a/configure +++ b/configure @@ -18418,7 +18418,7 @@ done # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected +for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" diff --git a/configure.ac b/configure.ac index ba5bf0058..14d9b02c2 100644 --- a/configure.ac +++ b/configure.ac @@ -859,7 +859,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C # these check_funcs need -lssl BAKLIBS="$LIBS" LIBS="-lssl $LIBS" -AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected]) +AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level SSL_set1_host SSL_get0_peername X509_VERIFY_PARAM_set1_host SSL_CTX_set_ciphersuites SSL_CTX_set_tlsext_ticket_key_evp_cb SSL_CTX_set_alpn_select_cb SSL_get0_alpn_selected SSL_CTX_set_alpn_protos]) LIBS="$BAKLIBS" AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ diff --git a/doc/Changelog b/doc/Changelog index d6e1e485a..793b40cf1 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,8 @@ - Merge #466 from FGasper: Support OpenSSLs that lack SSL_get0_alpn_selected. - Fix #468: OpenSSL 1.0.1 can no longer build Unbound. + - Further fix for #468: detect SSL_CTX_set_alpn_protos for build with + OpenSSL 1.0.1. 13 April 2021: George - Fix documentation comment for files previously residing in checkconf/. diff --git a/testcode/dohclient.c b/testcode/dohclient.c index 263418049..b00bb15e0 100644 --- a/testcode/dohclient.c +++ b/testcode/dohclient.c @@ -501,7 +501,9 @@ run(struct http2_session* h2_session, int port, int no_tls, int count, char** q) if(!no_tls) { ctx = connect_sslctx_create(NULL, NULL, NULL, 0); if(!ctx) fatal_exit("cannot create ssl ctx"); +#ifdef HAVE_SSL_CTX_SET_ALPN_PROTOS SSL_CTX_set_alpn_protos(ctx, (const unsigned char *)"\x02h2", 3); +#endif ssl = outgoing_ssl_fd(ctx, fd); if(!ssl) { printf("cannot create ssl\n");