From a7a8e3186a21c15132cd8fb6c141afcf25a1fb74 Mon Sep 17 00:00:00 2001 From: maurerpe Date: Thu, 14 Aug 2014 17:43:55 -0400 Subject: [PATCH] Autodetect OpenSSL CMS for LibreSSL compatibility LibreSSL currently does not support CMS, so checking for CMS via OPENSSL_VERSION_NUMBER isn't reliable. Detect CMS support via autoconf instead. [ghudson@mit.edu: clarified commit message; minor style changes] ticket: 7993 (new) target_version: 1.13 tags: pullup --- src/configure.in | 3 +++ src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/configure.in b/src/configure.in index 621f105ca0..58e6e54ca7 100644 --- a/src/configure.in +++ b/src/configure.in @@ -242,6 +242,9 @@ case "$withval" in builtin|openssl) AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto) PKINIT_CRYPTO_IMPL=openssl + AC_CHECK_LIB(crypto, CMS_get0_content, + [AC_DEFINE([HAVE_OPENSSL_CMS], 1, + [Define if OpenSSL supports cms.])]) ;; nss) if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index 4d9b5e50ca..0c2d17376e 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -156,8 +156,8 @@ static char * pkinit_pkcs11_code_to_text(int err); -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -/* Use CMS support present in OpenSSL 1.0 and later. */ +#ifdef HAVE_OPENSSL_CMS +/* Use CMS support present in OpenSSL. */ #include #define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms) #define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms) -- 2.47.2