Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version

Also use AC_CHECK_FUNCS to check for the other OpenSSL functions

config.h.in

@@ -727,7 +727,8 @@
 /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */
 #undef HAVE_SSL_CTX_SET_CIPHERSUITES
 
-/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function. */
+/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or
+   macro. */
 #undef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION
 
 /* Define to 1 to enable SSSD support. */

configure

@@ -21986,252 +21986,32 @@ _ACEOF
 fi
 
 if test "${enable_openssl-no}" != no; then
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for X509_STORE_CTX_get0_cert in -lcrypto" >&5
+    OLIBS="$LIBS"
-$as_echo_n "checking for X509_STORE_CTX_get0_cert in -lcrypto... " >&6; }
+    LIBS="$LIBS $LIBTLS"
-if ${ac_cv_lib_crypto_X509_STORE_CTX_get0_cert+:} false; then :
+    for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method
-  $as_echo_n "(cached) " >&6
+do :
-else
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
-  ac_check_lib_save_LIBS=$LIBS
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
-LIBS="-lcrypto  $LIBS"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+  cat >>confdefs.h <<_ACEOF
-/* end confdefs.h.  */
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char X509_STORE_CTX_get0_cert ();
-int
-main ()
-{
-return X509_STORE_CTX_get0_cert ();
-  ;
-  return 0;
-}
 _ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_crypto_X509_STORE_CTX_get0_cert=yes
-else
-  ac_cv_lib_crypto_X509_STORE_CTX_get0_cert=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" >&5
-$as_echo "$ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" >&6; }
-if test "x$ac_cv_lib_crypto_X509_STORE_CTX_get0_cert" = xyes; then :
-  $as_echo "#define HAVE_X509_STORE_CTX_GET0_CERT 1" >>confdefs.h
 
 fi
+done
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ASN1_STRING_get0_data in -lcrypto" >&5
+    # SSL_CTX_set_min_proto_version may be a macro
-$as_echo_n "checking for ASN1_STRING_get0_data in -lcrypto... " >&6; }
+    ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_min_proto_version" "ac_cv_have_decl_SSL_CTX_set_min_proto_version" "
-if ${ac_cv_lib_crypto_ASN1_STRING_get0_data+:} false; then :
+	$ac_includes_default
-  $as_echo_n "(cached) " >&6
+	#include <openssl/ssl.h>
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lcrypto  $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
 
-/* Override any GCC internal prototype to avoid an error.
+"
-   Use char because int might match the return type of a GCC
+if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then :
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ASN1_STRING_get0_data ();
-int
-main ()
-{
-return ASN1_STRING_get0_data ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_crypto_ASN1_STRING_get0_data=yes
-else
-  ac_cv_lib_crypto_ASN1_STRING_get0_data=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_crypto_ASN1_STRING_get0_data" >&5
-$as_echo "$ac_cv_lib_crypto_ASN1_STRING_get0_data" >&6; }
-if test "x$ac_cv_lib_crypto_ASN1_STRING_get0_data" = xyes; then :
-  $as_echo "#define HAVE_ASN1_STRING_GET0_DATA 1" >>confdefs.h
-
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_ciphersuites in -lssl" >&5
-$as_echo_n "checking for SSL_CTX_set_ciphersuites in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_ciphersuites ();
-int
-main ()
-{
-return SSL_CTX_set_ciphersuites ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto=yes
-else
-  ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" >&5
-$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" >&6; }
-if test "x$ac_cv_lib_ssl_SSL_CTX_set_ciphersuites_lcrypto" = xyes; then :
-  $as_echo "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h
-
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set_min_proto_version in -lssl" >&5
-$as_echo_n "checking for SSL_CTX_set_min_proto_version in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char SSL_CTX_set_min_proto_version ();
-int
-main ()
-{
-return SSL_CTX_set_min_proto_version ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto=yes
-else
-  ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" >&5
-$as_echo "$ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" >&6; }
-if test "x$ac_cv_lib_ssl_SSL_CTX_set_min_proto_version_lcrypto" = xyes; then :
   $as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h
 
 fi
 
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS_client_method in -lssl" >&5
+    LIBS="$OLIBS"
-$as_echo_n "checking for TLS_client_method in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_TLS_client_method_lcrypto+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char TLS_client_method ();
-int
-main ()
-{
-return TLS_client_method ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_TLS_client_method_lcrypto=yes
-else
-  ac_cv_lib_ssl_TLS_client_method_lcrypto=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_TLS_client_method_lcrypto" >&5
-$as_echo "$ac_cv_lib_ssl_TLS_client_method_lcrypto" >&6; }
-if test "x$ac_cv_lib_ssl_TLS_client_method_lcrypto" = xyes; then :
-  $as_echo "#define HAVE_TLS_CLIENT_METHOD 1" >>confdefs.h
-
-fi
-
-    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS_server_method in -lssl" >&5
-$as_echo_n "checking for TLS_server_method in -lssl... " >&6; }
-if ${ac_cv_lib_ssl_TLS_server_method_lcrypto+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_check_lib_save_LIBS=$LIBS
-LIBS="-lssl -lcrypto $LIBS"
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char TLS_server_method ();
-int
-main ()
-{
-return TLS_server_method ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_lib_ssl_TLS_server_method_lcrypto=yes
-else
-  ac_cv_lib_ssl_TLS_server_method_lcrypto=no
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-LIBS=$ac_check_lib_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ssl_TLS_server_method_lcrypto" >&5
-$as_echo "$ac_cv_lib_ssl_TLS_server_method_lcrypto" >&6; }
-if test "x$ac_cv_lib_ssl_TLS_server_method_lcrypto" = xyes; then :
-  $as_echo "#define HAVE_TLS_SERVER_METHOD 1" >>confdefs.h
-
-fi
-
 fi
 OLIBS="$LIBS"
 LIBS="${LIBS} ${NET_LIBS}"
@@ -30204,11 +29984,6 @@ fi
 
 
 
-
-
-
-
-
 
 
 

configure.ac

@@ -2958,12 +2958,15 @@ dnl
 dnl Check for functions only present in OpenSSL 1.1 and above
 dnl
 if test "${enable_openssl-no}" != no; then
-    AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, [AC_DEFINE(HAVE_X509_STORE_CTX_GET0_CERT)])
+    OLIBS="$LIBS"
-    AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, [AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA)])
+    LIBS="$LIBS $LIBTLS"
-    AC_CHECK_LIB(ssl, SSL_CTX_set_ciphersuites, [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [-lcrypto])
+    AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method])
-    AC_CHECK_LIB(ssl, SSL_CTX_set_min_proto_version, [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [-lcrypto])
+    # SSL_CTX_set_min_proto_version may be a macro
-    AC_CHECK_LIB(ssl, TLS_client_method, [AC_DEFINE(HAVE_TLS_CLIENT_METHOD)], [], [-lcrypto])
+    AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [
-    AC_CHECK_LIB(ssl, TLS_server_method, [AC_DEFINE(HAVE_TLS_SERVER_METHOD)], [], [-lcrypto])
+	AC_INCLUDES_DEFAULT
+	#include <openssl/ssl.h>
+    ])
+    LIBS="$OLIBS"
 fi
 dnl
 dnl If socket(2) not in libc, check -lsocket and -linet
@@ -4743,12 +4746,7 @@ AH_TEMPLATE(HAVE_KINFO_PROC2_NETBSD, [Define to 1 if your system has a NetBSD-st
 AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-style kinfo_proc struct.])
 AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.])
 AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.])
-AH_TEMPLATE(HAVE_X509_STORE_CTX_GET0_CERT, [Define to 1 if you have the `X509_STORE_CTX_get0_cert' function.])
+AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.])
-AH_TEMPLATE(HAVE_ASN1_STRING_GET0_DATA, [Define to 1 if you have the `ASN1_STRING_get0_data' function.])
-AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function.])
-AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function.])
-AH_TEMPLATE(HAVE_TLS_CLIENT_METHOD, [Define to 1 if you have the `TLS_client_method' function.])
-AH_TEMPLATE(HAVE_TLS_SERVER_METHOD, [Define to 1 if you have the `TLS_server_method' function.])
 
 dnl
 dnl Bits to copy verbatim into config.h.in