mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
configure.ac: Give a warning if openssl headers don't match library.
We don't look at the patchlevel, since that tends not to have any API changes, and sometimes gets out of sync when distributors are careless. We only give the warning when the test program compiles but gives a nonzero exit status: sadly, autoconf doesn't give us an easy way to distinguish these. Fixes #40138
This commit is contained in:
parent
10e40ca1de
commit
ff300b384f
39
configure.ac
39
configure.ac
@ -1044,8 +1044,6 @@ TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS
|
|||||||
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
|
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
|
||||||
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
|
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
|
||||||
|
|
||||||
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
|
|
||||||
|
|
||||||
if test "$enable_static_openssl" = "yes"; then
|
if test "$enable_static_openssl" = "yes"; then
|
||||||
if test "$tor_cv_library_openssl_dir" = "(system)"; then
|
if test "$tor_cv_library_openssl_dir" = "(system)"; then
|
||||||
AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
|
AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
|
||||||
@ -1057,7 +1055,7 @@ else
|
|||||||
fi
|
fi
|
||||||
AC_SUBST(TOR_OPENSSL_LIBS)
|
AC_SUBST(TOR_OPENSSL_LIBS)
|
||||||
|
|
||||||
dnl Now check for particular openssl functions.
|
dnl Now validate openssl, and check for particular openssl functions.
|
||||||
save_LIBS="$LIBS"
|
save_LIBS="$LIBS"
|
||||||
save_LDFLAGS="$LDFLAGS"
|
save_LDFLAGS="$LDFLAGS"
|
||||||
save_CPPFLAGS="$CPPFLAGS"
|
save_CPPFLAGS="$CPPFLAGS"
|
||||||
@ -1087,6 +1085,28 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
|
|||||||
[ : ],
|
[ : ],
|
||||||
[ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
|
[ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
|
||||||
|
|
||||||
|
dnl Let's see if we have a version mismatch between includes and libs.
|
||||||
|
AC_MSG_CHECKING([for significant mismatch between openssl headers and libraries])
|
||||||
|
ac_retval=foo
|
||||||
|
AC_TRY_RUN(AC_LANG_PROGRAM([[
|
||||||
|
#include <openssl/opensslv.h>
|
||||||
|
#include <openssl/crypto.h>
|
||||||
|
]], [[
|
||||||
|
/* Include major, minor, and fix, but not patch or status. */
|
||||||
|
unsigned long mask = 0xfffff000;
|
||||||
|
unsigned long linking = OpenSSL_version_num() & mask;
|
||||||
|
unsigned long running = OPENSSL_VERSION_NUMBER & mask;
|
||||||
|
return !(linking==running);
|
||||||
|
]]), [openssl_ver_mismatch=no], [
|
||||||
|
# This is a kludge to figure out whether compilation failed, or whether
|
||||||
|
# running the program failed.
|
||||||
|
if test "$ac_retval" == "1"; then
|
||||||
|
openssl_ver_mismatch=inconclusive
|
||||||
|
else
|
||||||
|
openssl_ver_mismatch=yes
|
||||||
|
fi], [openssl_ver_mismatch=cross])
|
||||||
|
AC_MSG_RESULT([$openssl_ver_mismatch])
|
||||||
|
|
||||||
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
|
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
|
||||||
[#include <openssl/ssl.h>
|
[#include <openssl/ssl.h>
|
||||||
])
|
])
|
||||||
@ -2649,6 +2669,19 @@ fi
|
|||||||
|
|
||||||
AC_OUTPUT
|
AC_OUTPUT
|
||||||
|
|
||||||
|
if test "$openssl_ver_mismatch" = "yes"; then
|
||||||
|
AC_MSG_WARN([
|
||||||
|
============
|
||||||
|
Warning! The version OpenSSL headers we get from compiling with
|
||||||
|
"${TOR_CPPFLAGS_OPENSSL:-(no extra options)}"
|
||||||
|
do not match version of the OpenSSL library we get when linking with
|
||||||
|
"$TOR_LDFLAGS_OPENSSL $TOR_OPENSSL_LIBS".
|
||||||
|
This might cause compilation to fail. Try using --with-openssl-dir to specify
|
||||||
|
the exact OpenSSL path you want.
|
||||||
|
============
|
||||||
|
])
|
||||||
|
fi
|
||||||
|
|
||||||
#
|
#
|
||||||
# Mini-report on what will be built.
|
# Mini-report on what will be built.
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user