1
2
3
4
5
6
7
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
|
dnl $1 = Name of variable
dnl $2 = Name of function to check for
dnl $3 = Name of protocol
dnl $4 = Name of CPP macro to define
AC_DEFUN([TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER], [
dnl Determine if particular SSL version is enabled
if test "[$]$1" = "true" -o "[$]$1" = "force"; then
AC_CHECK_FUNC($2,, [
if test "[$]$1" = "force"; then
AC_MSG_ERROR([Unable to enable $3])
fi
$1='false'
])
fi
if test "[$]$1" = "false" -o "[$]$1" = "force_off"; then
AC_DEFINE($4, [1], [Define this to disable $3 in OpenSSL support])
fi
])
AC_DEFUN([TCLTLS_SSL_OPENSSL], [
openssldir=''
AC_ARG_WITH([ssl-dir],
AS_HELP_STRING(
[--with-ssl-dir=<dir>],
[deprecated, use --with-openssl-dir -- currently has the same meaning]
), [
|
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
-
-
+
-
-
+
-
-
-
+
-
-
-
-
+
-
-
-
-
+
-
-
-
+
-
-
-
+
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
+
-
-
-
-
+
-
-
-
-
-
-
-
+
-
-
-
-
+
+
-
-
+
+
+
-
+
+
+
+
+
+
+
|
AC_MSG_RESULT([yes])
], [
AC_MSG_RESULT([no])
AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
])
AC_LANG_POP([C])
dnl Determine if SSLv2 is supported
if test "$tcltls_ssl_ssl2" = "true"; then
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2])
AC_CHECK_FUNC(SSLv2_method,, [
tcltls_ssl_ssl2='false'
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3])
])
fi
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1])
if test "$tcltls_ssl_ssl2" = "false"; then
AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])
fi
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1])
dnl Determine if SSLv3 is supported
if test "$tcltls_ssl_ssl3" = "true"; then
AC_CHECK_FUNC(SSLv3_method,, [
tcltls_ssl_ssl3='false'
TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2])
])
fi
if test "$tcltls_ssl_ssl3" = "false"; then
AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])
fi
AC_LANG_PUSH(C)
dnl Determine if TLSv1.0 is supported
if test "$tcltls_ssl_tls1_0" = "true"; then
AC_CHECK_FUNC(TLSv1_method,, [
tcltls_ssl_tls1_0='false'
])
fi
AC_MSG_CHECKING([for SSL_set_tlsext_host_name])
if test "$tcltls_ssl_tls1_0" = "false"; then
AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])
fi
AC_LINK_IFELSE([AC_LANG_PROGRAM([
dnl Determine if TLSv1.1 is supported
if test "$tcltls_ssl_tls1_1" = "true"; then
AC_CHECK_FUNC(TLSv1_1_method,, [
tcltls_ssl_tls1_1='false'
])
fi
#include <openssl/ssl.h>
if test "$tcltls_ssl_tls1_1" = "false"; then
AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])
fi
#if (SSLEAY_VERSION_NUMBER >= 0x0907000L)
dnl Determine if TLSv1.2 is supported
if test "$tcltls_ssl_tls1_2" = "true"; then
AC_CHECK_FUNC(TLSv1_2_method,, [
tcltls_ssl_tls1_2='false'
])
fi
# include <openssl/conf.h>
if test "$tcltls_ssl_tls1_2" = "false"; then
AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])
fi
#endif
], [
AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [
AC_CHECK_FUNC(SSL_set_tlsext_host_name, [
(void)SSL_set_tlsext_host_name((void *) 0, (void *) 0);
])], [
AC_MSG_RESULT([yes])
tcltls_cv_func_tlsext_hostname='yes'
], [
tcltls_cv_func_tlsext_hostname='no'
], [
AC_MSG_RESULT([no])
])
AC_LANG_POP([C])
dnl AC_CHECK_FUNC(SSL_set_tlsext_host_name, [
dnl ], [
dnl ])
])
if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then
AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI])
fi
dnl Restore compile-altering variables
LIBS="${SAVE_LIBS}"
CFLAGS="${SAVE_CFLAGS}"
CPPFLAGS="${SAVE_CPPFLAGS}"
])
|