1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
--- squid-3.4.4.orig/acinclude/lib-checks.m4 2014-03-09 10:40:56.000000000 +0100
+++ squid-3.4.4/acinclude/lib-checks.m4 2014-03-11 19:44:28.088928982 +0100
@@ -95,69 +95,6 @@ AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[
SQUID_STATE_ROLLBACK(iphlpapi)
])
-dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a
-dnl workaround can be used instead of using the SSL_get_certificate
-AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[
- AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid")
- AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate")
- SQUID_STATE_SAVE(check_SSL_get_certificate)
- LIBS="$SSLLIB $LIBS"
- if test "x$SSLLIBDIR" != "x"; then
- LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR"
- fi
-
- AC_MSG_CHECKING(whether the SSL_get_certificate is buggy)
- AC_RUN_IFELSE([
- AC_LANG_PROGRAM(
- [
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- ],
- [
- SSLeay_add_ssl_algorithms();
- SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
- SSL *ssl = SSL_new(sslContext);
- X509* cert = SSL_get_certificate(ssl);
- return 0;
- ])
- ],
- [
- AC_MSG_RESULT([no])
- ],
- [
- AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1)
- AC_MSG_RESULT([yes])
- ],
- [])
-
- AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works)
- AC_RUN_IFELSE([
- AC_LANG_PROGRAM(
- [
- #include <openssl/ssl.h>
- #include <openssl/err.h>
- ],
- [
- SSLeay_add_ssl_algorithms();
- SSL_CTX *sslContext = SSL_CTX_new(SSLv3_method());
- X509 ***pCert = (X509 ***)sslContext->cert;
- X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1;
- if (sslCtxCert != NULL)
- return 1;
- return 0;
- ])
- ],
- [
- AC_MSG_RESULT([yes])
- AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1)
- ],
- [
- AC_MSG_RESULT([no])
- ],
-[])
-
-SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
-])
dnl Checks whether the SSL_CTX_new and similar functions require
dnl a const 'SSL_METHOD *' argument
|
