]> git.ipfire.org Git - thirdparty/kea.git/commitdiff
[trac3482] Check OpenSSL SHA-2 support in configure
authorFrancis Dupont <fdupont@isc.org>
Wed, 17 Sep 2014 09:31:49 +0000 (11:31 +0200)
committerFrancis Dupont <fdupont@isc.org>
Wed, 17 Sep 2014 09:31:49 +0000 (11:31 +0200)
ChangeLog
configure.ac

index 83013689040b75da89b968f20f43b9bc7cc6c281..139e31defa45a175d65a8e60763a1ca9ff591c8b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+835.   [build]         fdupont
+       The configure script checks if OpenSSL supports SHA-2, in order
+       to avoid very old (and likely subject to unfixed security bugs)
+       OpenSSL versions.
+       (Trac #3482, git xxx)
+
 834.   [bug]           marcin
        Corrected the definition of the example DHCPv4 and DHCPv6 address
        pools in the default kea.conf file.
index 016b024fb57ddcb1b41b4328e63f6103289b4e5e..79577ea055e7f9ec229731746ae22cce07303c0f 100644 (file)
@@ -817,6 +817,23 @@ EOF
     #CRYPTO_LDFLAGS="-ldl"
     CRYPTO_LDFLAGS=""
     CRYPTO_RPATH=""
+    dnl Check avaibility of SHA-2
+    AC_MSG_CHECKING([support of SHA-2])
+    LIBS_SAVED=${LIBS}
+    LIBS="$LIBS $CRYPTO_LIBS"
+    CPPFLAGS_SAVED=${CPPFLAGS}
+    CPPFLAGS="$CRYPTO_INCLUDES $CPPFLAGS"
+    AC_LINK_IFELSE(
+        [AC_LANG_PROGRAM([#include <openssl/evp.h>],
+                         [const EVP_MD* h224 = EVP_sha224();
+                          const EVP_MD* h256 = EVP_sha256();
+                          const EVP_MD* h384 = EVP_sha384();
+                          const EVP_MD* h512 = EVP_sha512();
+                          ])],
+        [AC_MSG_RESULT([yes])],
+        [AC_MSG_ERROR([missing EVP entry for SHA-2])])
+    LIBS=${LIBS_SAVED}
+    CPPFLAGS=${CPPFLAGS_SAVED}
 fi
 
 AM_CONDITIONAL(HAVE_BOTAN, test "$CRYPTO_NAME" = "Botan")