AC_MSG_RESULT([$OPENSSL_VERSION])
AC_MSG_CHECKING([whether OpenSSL version is recent enough])
- ## we allow 0.9.7e-?, 0.9.8* and 0.9.9*
- allowed_versions="0.9.7[e-z] 0.9.8* 0.9.9* 1.0.0*"
+ ## we allow 0.9.8z*, 1.0.0[n-z]* 1.0.1[mz]* 1.0.2*
+ ## As vulnerabilities are uncovered we should update this
+ allowed_versions="0.9.8z 1.0.0[[n-z]] 1.0.1[[m-z]] 1.0.2[[d-z]]"
OPENSSL_SANE_P=no
for ver in $allowed_versions; do
if echo "$OPENSSL_VERSION" | ${GREP-grep} -q "$ver"; then
SXE_APPEND_UNDUP([$OPENSSL_LDFLAGS], [LDFLAGS])
## check again
+ SXE_CHECK_HEADERS([openssl/opensslconf.h])
+ SXE_CHECK_HEADERS([openssl/evp.h])
+ SXE_CHECK_HEADERS([openssl/rand.h openssl/hmac.h])
+ SXE_CHECK_HEADERS([openssl/rsa.h openssl/dsa.h])
+ SXE_CHECK_HEADERS([openssl/ec.h openssl/ecdh.h])
+ SXE_CHECK_HEADERS([openssl/ecdsa.h openssl/dh.h])
SXE_CHECK_HEADERS([openssl/crypto.h])
SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
dnl Look for these standard header file locations
OPENSSL_LIBS="-lssl -lcrypto"
+ SXE_CHECK_HEADERS([openssl/opensslconf.h])
+ SXE_CHECK_HEADERS([openssl/evp.h])
+ SXE_CHECK_HEADERS([openssl/rand.h openssl/hmac.h])
+ SXE_CHECK_HEADERS([openssl/rsa.h openssl/dsa.h])
+ SXE_CHECK_HEADERS([openssl/ec.h openssl/ecdh.h])
+ SXE_CHECK_HEADERS([openssl/ecdsa.h openssl/dh.h])
SXE_CHECK_HEADERS([openssl/crypto.h])
SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
AC_DEFINE([OPENSSL_NO_DH], [1], [Description here!])
fi
+ AC_CHECK_TYPES([SSL], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+ ])
+ AC_CHECK_TYPES([SSL_METHOD], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+ ])
+ AC_CHECK_TYPES([SSL_CTX], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+ ])
+ AC_CHECK_TYPES([BIO], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_BIO_H
+# include <openssl/bio.h>
+#endif
+ ])
+ AC_CHECK_TYPES([X509], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_X509_H
+# include <openssl/x509.h>
+#endif
+ ])
+ AC_CHECK_TYPES([EVP_PKEY], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_EVP_H
+# include <openssl/evp.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_X509_H
+# include <openssl/x509.h>
+#endif
+ ])
dnl check for libssl support
AC_CHECK_LIB([ssl], [SSL_new], [openssl_ssl=yes], [openssl_ssl=no])
- if test "$openssl_ssl" = "yes"; then
- AC_DEFINE([OPENSSL_SSL], [1], [Description here!])
+ AC_MSG_CHECKING([for openssl types sufficent])
+ if test "x$ac_cv_type_EVP_PKEY" = xyes -a \
+ "x$ac_cv_type_X509" = xyes -a \
+ "x$ac_cv_type_BIO" = xyes -a \
+ "x$ac_cv_type_SSL" = xyes -a \
+ "x$ac_cv_type_SSL_METHOD" = xyes -a \
+ "x$ac_cv_type_SSL_CTX" = xyes; then
+ AC_MSG_RESULT([yes])
+ if test "$openssl_ssl" = "yes"; then
+ AC_DEFINE([OPENSSL_SSL], [1], [Description here!])
+ fi
+ else
+ have_openssl=no
+ AC_MSG_RESULT([no])
fi
])dnl SXE_CHECK_OPENSSL_FEATURES
#define INCLUDED_openssl_h_ 1
/* this is to determine what has been configured */
+#ifdef HAVE_OPENSSL_OPENSSLCONF_H
#include <openssl/opensslconf.h>
+#endif
+#ifdef HAVE_OPENSSL_EVP_H
#include <openssl/evp.h>
+#endif
+
+#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
+#endif
+
+#ifdef HAVE_OPENSSL_HMAC_H
#include <openssl/hmac.h>
+#endif
/* special asymmetric crypto systems */
+#ifdef HAVE_OPENSSL_RSA_H
#ifndef OPENSSL_NO_RSA
#include <openssl/rsa.h>
#endif
+#endif
+#ifdef HAVE_OPENSSL_DSA_H
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
+#endif
+#ifdef HAVE_OPENSSL_EC_H
#ifndef OPENSSL_NO_EC
#include <openssl/ec.h>
#endif
+#endif
+#ifdef HAVE_OPENSSL_ECDH_H
#ifndef OPENSSL_NO_ECDH
#include <openssl/ecdh.h>
#endif
+#endif
+#ifdef HAVE_OPENSSL_ECDSA_H
#ifndef OPENSSL_NO_ECDSA
#include <openssl/ecdsa.h>
#endif
+#endif
+#ifdef HAVE_OPENSSL_DH
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
+#endif
#if defined HAVE_OPENSSL_X509_H
# include <openssl/x509.h>
#define CHECK_EVPPKEY(x) CHECK_RECORD (x, evp_pkey)
#define wrap_evppkey(p) wrap_object(p)
-
-#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3)
/* opaque SSL_CONN object structure
* this is just an ssl-ish wrap around the process object
*/
#define OSSL_DEBUG_FLAG
#endif
-#endif /* !OPENSSL_NO_SSL2 || !OPENSSL_NO_SSL3 */
#endif /* INCLUDED_openssl_h_ */