diff --git a/config.h.in b/config.h.in index 0d3b74183..54b9e4a34 100644 --- a/config.h.in +++ b/config.h.in @@ -727,7 +727,8 @@ /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ #undef HAVE_SSL_CTX_SET_CIPHERSUITES -/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function. */ +/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or + macro. */ #undef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION /* Define to 1 to enable SSSD support. */ diff --git a/configure b/configure index 212d7eaa3..2ff5d6743 100755 --- a/configure +++ b/configure @@ -21986,252 +21986,32 @@ _ACEOF fi if test "${enable_openssl-no}" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for X509_STORE_CTX_get0_cert in -lcrypto" >&5 -$as_echo_n "checking for X509_STORE_CTX_get0_cert in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_X509_STORE_CTX_get0_cert+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char X509_STORE_CTX_get0_cert (); -int -main () -{ -return X509_STORE_CTX_get0_cert (); - ; - return 0; -} + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_X509_STORE_CTX_get0_cert=yes -else - ac_cv_lib_crypto_X509_STORE_CTX_get0_cert=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" >&5 -$as_echo "$ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" >&6; } -if test "x$ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" = xyes; then : - $as_echo "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h fi +done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ASN1_STRING_get0_data in -lcrypto" >&5 -$as_echo_n "checking for ASN1_STRING_get0_data in -lcrypto... " >&6; } -if ${ac_cv_lib_crypto_ASN1_STRING_get0_data+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ + # SSL_CTX_set_min_proto_version may be a macro + ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" " + $ac_includes_default + #include -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char ASN1_STRING_get0_data (); -int -main () -{ -return ASN1_STRING_get0_data (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_crypto_ASN1_STRING_get0_data=yes -else - ac_cv_lib_crypto_ASN1_STRING_get0_data=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_ASN1_STRING_get0_data" >&5 -$as_echo "$ac_cv_lib_crypto_ASN1_STRING_get0_data" >&6; } -if test "x$ac_cv_lib_crypto_ASN1_STRING_get0_data" = xyes; then : - $as_echo "#define HAVE_ASN1_STRING_GET0_DATA 1" >>confdefs.h - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ciphersuites in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_set_ciphersuites in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_set_ciphersuites (); -int -main () -{ -return SSL_CTX_set_ciphersuites (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto=yes -else - ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" = xyes; then : - $as_echo "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_min_proto_version in -lssl" >&5 -$as_echo_n "checking for SSL_CTX_set_min_proto_version in -lssl... " >&6; } -if ${ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char SSL_CTX_set_min_proto_version (); -int -main () -{ -return SSL_CTX_set_min_proto_version (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto=yes -else - ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" >&5 -$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" = xyes; then : +" +if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then : $as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS_client_method in -lssl" >&5 -$as_echo_n "checking for TLS_client_method in -lssl... " >&6; } -if ${ac_cv_lib_ssl_TLS_client_method_lcrypto+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char TLS_client_method (); -int -main () -{ -return TLS_client_method (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_TLS_client_method_lcrypto=yes -else - ac_cv_lib_ssl_TLS_client_method_lcrypto=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_TLS_client_method_lcrypto" >&5 -$as_echo "$ac_cv_lib_ssl_TLS_client_method_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_TLS_client_method_lcrypto" = xyes; then : - $as_echo "#define HAVE_TLS_CLIENT_METHOD 1" >>confdefs.h - -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS_server_method in -lssl" >&5 -$as_echo_n "checking for TLS_server_method in -lssl... " >&6; } -if ${ac_cv_lib_ssl_TLS_server_method_lcrypto+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lssl -lcrypto $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char TLS_server_method (); -int -main () -{ -return TLS_server_method (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_ssl_TLS_server_method_lcrypto=yes -else - ac_cv_lib_ssl_TLS_server_method_lcrypto=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_TLS_server_method_lcrypto" >&5 -$as_echo "$ac_cv_lib_ssl_TLS_server_method_lcrypto" >&6; } -if test "x$ac_cv_lib_ssl_TLS_server_method_lcrypto" = xyes; then : - $as_echo "#define HAVE_TLS_SERVER_METHOD 1" >>confdefs.h - -fi - + LIBS="$OLIBS" fi OLIBS="$LIBS" LIBS="${LIBS} ${NET_LIBS}" @@ -30204,11 +29984,6 @@ fi - - - - - diff --git a/configure.ac b/configure.ac index a2bd1eb66..79451f870 100644 --- a/configure.ac +++ b/configure.ac @@ -2958,12 +2958,15 @@ dnl dnl Check for functions only present in OpenSSL 1.1 and above dnl if test "${enable_openssl-no}" != no; then - AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, [AC_DEFINE(HAVE_X509_STORE_CTX_GET0_CERT)]) - AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, [AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA)]) - AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites, [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [-lcrypto]) - AC_CHECK_LIB(ssl, SSL_CTX_set_min_proto_version, [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [-lcrypto]) - AC_CHECK_LIB(ssl, TLS_client_method, [AC_DEFINE(HAVE_TLS_CLIENT_METHOD)], [], [-lcrypto]) - AC_CHECK_LIB(ssl, TLS_server_method, [AC_DEFINE(HAVE_TLS_SERVER_METHOD)], [], [-lcrypto]) + OLIBS="$LIBS" + LIBS="$LIBS $LIBTLS" + AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method]) + # SSL_CTX_set_min_proto_version may be a macro + AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ + AC_INCLUDES_DEFAULT + #include + ]) + LIBS="$OLIBS" fi dnl dnl If socket(2) not in libc, check -lsocket and -linet @@ -4743,12 +4746,7 @@ AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-st AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.]) AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) -AH_TEMPLATE(HAVE_X509_STORE_CTX_GET0_CERT, [Define to 1 if you have the `X509_STORE_CTX_get0_cert' function.]) -AH_TEMPLATE(HAVE_ASN1_STRING_GET0_DATA, [Define to 1 if you have the `ASN1_STRING_get0_data' function.]) -AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function.]) -AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function.]) -AH_TEMPLATE(HAVE_TLS_CLIENT_METHOD, [Define to 1 if you have the `TLS_client_method' function.]) -AH_TEMPLATE(HAVE_TLS_SERVER_METHOD, [Define to 1 if you have the `TLS_server_method' function.]) +AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) dnl dnl Bits to copy verbatim into config.h.in