Mercurial > dovecot > core-2.2
changeset 21143:aeb2d1f53ae5
configure: Fix build with old OpenSSL without SSL_clear_options
SSL_clear_options was introduced in OpenSSL 0.9.8m but may be
backported to older versions in "enterprise" OS releases, so a version
check is insufficient here.
It was originally implemented as a macro but is a function in more
recent OpenSSL versions, so a test that works for both cases is needed.
author | Paul Howarth <paul@city-fan.org> |
---|---|
date | Mon, 31 Oct 2016 10:49:38 +0000 |
parents | 572ab8899bbc |
children | c430a59fe897 |
files | configure.ac src/lib-ssl-iostream/iostream-openssl.c |
diffstat | 2 files changed, 25 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/configure.ac Thu Nov 17 17:13:09 2016 +0200 +++ b/configure.ac Mon Oct 31 10:49:38 2016 +0000 @@ -1706,6 +1706,29 @@ have_ssl="yes (OpenSSL)" build_dcrypt_openssl="no" + # SSL_clear_options introduced in openssl 0.9.8m but may be backported to + # older versions in "enterprise" OS releases; originally implemented as a + # macro but as a function in more recent openssl versions + AC_CACHE_CHECK([whether SSL_clear_options exists],i_cv_have_ssl_clear_options,[ + old_LIBS=$LIBS + LIBS="$LIBS -lssl" + AC_TRY_LINK([ + #include <openssl/ssl.h> + ], [ + SSL *ssl; + long options; + SSL_clear_options(ssl, options); + ], [ + i_cv_have_ssl_clear_options=yes + ], [ + i_cv_have_ssl_clear_options=no + ]) + LIBS=$old_LIBS + ]) + if test $i_cv_have_ssl_clear_options = yes; then + AC_DEFINE(HAVE_SSL_CLEAR_OPTIONS,, [Define if you have SSL_clear_options]) + fi + AC_CHECK_LIB(ssl, SSL_get_current_compression, [ AC_DEFINE(HAVE_SSL_COMPRESSION,, [Build with OpenSSL compression]) ],, $SSL_LIBS)
--- a/src/lib-ssl-iostream/iostream-openssl.c Thu Nov 17 17:13:09 2016 +0200 +++ b/src/lib-ssl-iostream/iostream-openssl.c Mon Oct 31 10:49:38 2016 +0000 @@ -163,7 +163,9 @@ if (set->prefer_server_ciphers) SSL_set_options(ssl_io->ssl, SSL_OP_CIPHER_SERVER_PREFERENCE); if (set->protocols != NULL) { +#if defined(HAVE_SSL_CLEAR_OPTIONS) SSL_clear_options(ssl_io->ssl, OPENSSL_ALL_PROTOCOL_OPTIONS); +#endif SSL_set_options(ssl_io->ssl, openssl_get_protocol_options(set->protocols)); }