=== modified file 'acinclude/lib-checks.m4' --- acinclude/lib-checks.m4 2013-06-30 15:54:22 +0000 +++ acinclude/lib-checks.m4 2013-07-01 15:31:57 +0000 @@ -79,201 +79,191 @@ SQUID_STATE_SAVE(iphlpapi) LIBS="$LIBS -liphlpapi" AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include #include #include ]], [[ MIB_IPNETTABLE i; unsigned long isz=sizeof(i); GetIpNetTable(&i,&isz,FALSE); ]])], [squid_cv_have_libiphlpapi=yes SQUID_STATE_COMMIT(iphlpapi)], [squid_cv_have_libiphlpapi=no SQUID_STATE_ROLLBACK(iphlpapi)]) ]) SQUID_STATE_ROLLBACK(iphlpapi) ]) dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a dnl workaround can be used instead of using the SSL_get_certificate AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid") AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate") SQUID_STATE_SAVE(check_SSL_get_certificate) LIBS="$SSLLIB $LIBS" if test "x$SSLLIBDIR" != "x"; then LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" fi - AC_MSG_CHECKING(whether the SSL_get_certificate is buggy) - AC_RUN_IFELSE([ - AC_LANG_PROGRAM( - [ - #include - #include + AC_CACHE_CHECK([whether the SSL_get_certificate is buggy], + squid_cv_ssl_get_certificate_is_buggy, [AC_RUN_IFELSE([ + AC_LANG_PROGRAM([ +#include +#include + ],[ +SSLeay_add_ssl_algorithms(); +SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); +SSL *ssl = SSL_new(sslContext); +X509* cert = SSL_get_certificate(ssl); +return 0; + ]) + ],[ + squid_cv_ssl_get_certificate_is_buggy=no + ],[ + squid_cv_ssl_get_certificate_is_buggy=yes + ], [])] + ) + if test "x$squid_cv_ssl_get_certificate_is_buggy" = "xyes"; then + AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) + fi + + AC_CACHE_CHECK([whether the workaround for SSL_get_certificate works], + squid_cv_ssl_get_certificate_workaround,[ + AC_RUN_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + #include + ], + [ + SSLeay_add_ssl_algorithms(); + SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); + X509 ***pCert = (X509 ***)sslContext->cert; + X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; + if (sslCtxCert != NULL) + return 1; + return 0; + ]) ], - [ - SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); - SSL *ssl = SSL_new(sslContext); - X509* cert = SSL_get_certificate(ssl); - return 0; - ]) - ], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) - AC_MSG_RESULT([yes]) - ], - []) - - AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works) - AC_RUN_IFELSE([ - AC_LANG_PROGRAM( - [ - #include - #include - ], - [ - SSLeay_add_ssl_algorithms(); - SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method()); - X509 ***pCert = (X509 ***)sslContext->cert; - X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; - if (sslCtxCert != NULL) - return 1; - return 0; - ]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) - ], - [ - AC_MSG_RESULT([no]) - ], -[]) + [squid_cv_ssl_get_certificate_workaround=yes], + [squid_cv_ssl_get_certificate_workaround=no], + []) + ]) + if test "x$squid_cv_ssl_get_certificate_workaround" = "yes" ; then + AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) + fi -SQUID_STATE_ROLLBACK(check_SSL_get_certificate) + SQUID_STATE_ROLLBACK(check_SSL_get_certificate) ]) dnl Checks whether the SSL_CTX_new and similar functions require dnl a const 'SSL_METHOD *' argument AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") SQUID_STATE_SAVE(check_const_SSL_METHOD) - AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM( - [ - #include - #include + AC_CACHE_CHECK([whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'], + squid_cv_ssl_ctx_new_api_const,[ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + #include + ], + [ + const SSL_METHOD *method = NULL; + SSL_CTX *sslContext = SSL_CTX_new(method); + return (sslContext != NULL); + ]) ], - [ - const SSL_METHOD *method = NULL; - SSL_CTX *sslContext = SSL_CTX_new(method); - return (sslContext != NULL); - ]) - ], - [ - AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1) - AC_MSG_RESULT([yes]) - ], - [ - AC_MSG_RESULT([no]) - ], - []) - -SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) -] -) + [squid_cv_ssl_ctx_new_api_const=yes], + [squid_cv_ssl_ctx_new_api_const=no], + []) + ]) + if test "x$squid_cv_ssl_ctx_new_api_const"; then + AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1) + fi + + SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) +]) dnl Try to handle TXT_DB related problems: dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not dnl implemented correctly and causes type conversion errors while compiling squid AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value") AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") SQUID_STATE_SAVE(check_TXTDB) - LIBS="$LIBS $SSLLIB" - squid_cv_check_openssl_pstring="no" - AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM( - [ - #include + AC_CACHE_CHECK([whether the TXT_DB use OPENSSL_PSTRING data member], + squid_cv_check_openssl_pstring,[ + LIBS="$LIBS $SSLLIB" + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + ], + [ + TXT_DB *db = NULL; + int i = sk_OPENSSL_PSTRING_num(db->data); + return 0; + ]) ], - [ - TXT_DB *db = NULL; - int i = sk_OPENSSL_PSTRING_num(db->data); - return 0; - ]) - ], - [ - AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) - AC_MSG_RESULT([yes]) - squid_cv_check_openssl_pstring="yes" - ], - [ - AC_MSG_RESULT([no]) - ], - []) + [squid_cv_check_openssl_pstring="yes"], + [squid_cv_check_openssl_pstring="no"], + []) + ]) + if test x"$squid_cv_check_openssl_pstring" = "xyes"; then + AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) + fi if test x"$squid_cv_check_openssl_pstring" = "xyes"; then - AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM( - [ - #include + AC_CACHE_CHECK([whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used], + squid_cv_pstringdata_hack,[ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([ + #include + ],[ + TXT_DB *db = NULL; + const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0)); + return (current_row != NULL); + ])], + [squid_cv_pstringdata_hack=no], + [squid_cv_pstringdata_hack=yes] ], - [ - TXT_DB *db = NULL; - const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0)); - return (current_row != NULL); - ]) - ], - [ - AC_MSG_RESULT([no]) - ], - [ + []) + ) + if "x$squid_cv_pstringdata_hack" = "xyes" ; then AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1) - AC_MSG_RESULT([yes]) - ], - []) + fi fi - AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM( - [ - #include - - static unsigned long index_serial_hash(const char **a){} - static int index_serial_cmp(const char **a, const char **b){} - static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) - static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) - ], - [ - TXT_DB *db = NULL; - TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); - ]) - ], - [ - AC_MSG_RESULT([no]) - ], - [ - AC_MSG_RESULT([yes]) - AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) - ], -[]) - -SQUID_STATE_ROLLBACK(check_TXTDB) + AC_CACHE_CHECK(whether the workaround for OpenSSL IMPLEMENT_LHASH_ is needed, + squid_cv_use_implement_lhash_workaround,[ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM( + [ + #include + + static unsigned long index_serial_hash(const char **a){} + static int index_serial_cmp(const char **a, const char **b){} + static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) + static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) + ], [ + TXT_DB *db = NULL; + TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); + ]) + ], + [squid_cv_use_implement_lhash_workaround=no], + [squid_cv_use_implement_lhash_workaround=yes], []) + ]) + if test "x$squid_cv_use_implement_lhash_workaround" = "xyes"; then + AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) + fi + SQUID_STATE_ROLLBACK(check_TXTDB) ])