configure.ac: Give a warning if openssl headers don't match library.

We don't look at the patchlevel, since that tends not to have any
API changes, and sometimes gets out of sync when distributors are
careless.

We only give the warning when the test program compiles but gives a
nonzero exit status: sadly, autoconf doesn't give us an easy way to
distinguish these.

Fixes #40138
This commit is contained in:
Nick Mathewson 2020-09-23 09:52:43 -04:00
parent 10e40ca1de
commit ff300b384f

View File

@ -1044,8 +1044,6 @@ TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [], [if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl]) [/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
if test "$enable_static_openssl" = "yes"; then if test "$enable_static_openssl" = "yes"; then
if test "$tor_cv_library_openssl_dir" = "(system)"; then if test "$tor_cv_library_openssl_dir" = "(system)"; then
AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl") AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
@ -1057,7 +1055,7 @@ else
fi fi
AC_SUBST(TOR_OPENSSL_LIBS) AC_SUBST(TOR_OPENSSL_LIBS)
dnl Now check for particular openssl functions. dnl Now validate openssl, and check for particular openssl functions.
save_LIBS="$LIBS" save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS" save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS" save_CPPFLAGS="$CPPFLAGS"
@ -1087,6 +1085,28 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
[ : ], [ : ],
[ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ]) [ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
dnl Let's see if we have a version mismatch between includes and libs.
AC_MSG_CHECKING([for significant mismatch between openssl headers and libraries])
ac_retval=foo
AC_TRY_RUN(AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#include <openssl/crypto.h>
]], [[
/* Include major, minor, and fix, but not patch or status. */
unsigned long mask = 0xfffff000;
unsigned long linking = OpenSSL_version_num() & mask;
unsigned long running = OPENSSL_VERSION_NUMBER & mask;
return !(linking==running);
]]), [openssl_ver_mismatch=no], [
# This is a kludge to figure out whether compilation failed, or whether
# running the program failed.
if test "$ac_retval" == "1"; then
openssl_ver_mismatch=inconclusive
else
openssl_ver_mismatch=yes
fi], [openssl_ver_mismatch=cross])
AC_MSG_RESULT([$openssl_ver_mismatch])
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h> [#include <openssl/ssl.h>
]) ])
@ -2649,6 +2669,19 @@ fi
AC_OUTPUT AC_OUTPUT
if test "$openssl_ver_mismatch" = "yes"; then
AC_MSG_WARN([
============
Warning! The version OpenSSL headers we get from compiling with
"${TOR_CPPFLAGS_OPENSSL:-(no extra options)}"
do not match version of the OpenSSL library we get when linking with
"$TOR_LDFLAGS_OPENSSL $TOR_OPENSSL_LIBS".
This might cause compilation to fail. Try using --with-openssl-dir to specify
the exact OpenSSL path you want.
============
])
fi
# #
# Mini-report on what will be built. # Mini-report on what will be built.
# #