mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Merge branch '164-remove-openssl-warning' into 'master'

Browse Source 
Remove useless OpenSSL warning from configure script

Closes #164

See merge request isc-projects/bind9!139
This commit is contained in:
Ondřej Surý
2018-03-17 10:16:20 -04:00
parent 77d5f5075a e9571d29af
commit f3070d104a
2 changed files with 0 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
configure vendored
View File

@@ -1008,7 +1008,6 @@ with_gost
with_eddsa with_eddsa
with_aes with_aes
with_cc_alg with_cc_alg
enable_openssl_version_check
enable_openssl_hash enable_openssl_hash
enable_crypto_rand enable_crypto_rand
with_lmdb with_lmdb
@@ -1700,8 +1699,6 @@ Optional Features:
--enable-devpoll use /dev/poll when available [default=yes] --enable-devpoll use /dev/poll when available [default=yes]
--enable-threads enable multithreading --enable-threads enable multithreading
--enable-native-pkcs11 use native PKCS11 for all crypto [default=no] --enable-native-pkcs11 use native PKCS11 for all crypto [default=no]
--enable-openssl-version-check
check OpenSSL version [default=yes]
--enable-openssl-hash use OpenSSL for hash functions [default=yes] --enable-openssl-hash use OpenSSL for hash functions [default=yes]
--enable-crypto-rand use the crypto provider for random [default=yes] --enable-crypto-rand use the crypto provider for random [default=yes]
--enable-largefile 64-bit file support --enable-largefile 64-bit file support
@@ -16511,62 +16508,6 @@ fi
rm -f core conftest.err conftest.$ac_objext \ rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext conftest$ac_exeext conftest.$ac_ext
# Check whether --enable-openssl-version-check was given.
if test "${enable_openssl_version_check+set}" = set; then :
enableval=$enable_openssl_version_check;
fi
case "$enable_openssl_version_check" in
yes|'')
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
$as_echo_n "checking OpenSSL library version... " >&6; }
if test "$cross_compiling" = yes; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming target platform has compatible version" >&5
$as_echo "assuming target platform has compatible version" >&6; }
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
OPENSSL_VERSION_NUMBER < 0x00908000L) ||
(OPENSSL_VERSION_NUMBER >= 0x0090804fL &&
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n");
return (1);
}
_ACEOF
if ac_fn_c_try_run "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
$as_echo "ok" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not compatible" >&5
$as_echo "not compatible" >&6; }
OPENSSL_WARNING=yes
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
;;
no)
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: Skipped OpenSSL version check" >&5
$as_echo "Skipped OpenSSL version check" >&6; }
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL FIPS mode support" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL FIPS mode support" >&5
$as_echo_n "checking for OpenSSL FIPS mode support... " >&6; } $as_echo_n "checking for OpenSSL FIPS mode support... " >&6; }
have_fips_mode="" have_fips_mode=""
@@ -26680,31 +26621,6 @@ not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and
EOF EOF
fi fi
if test "X$OPENSSL_WARNING" != "X"; then
cat << \EOF
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING
WARNING Your OpenSSL crypto library may be vulnerable to WARNING
WARNING one or more of the the following known security WARNING
WARNING flaws: WARNING
WARNING WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING
WARNING CVE-2006-2940 and CVE-2015-3193. WARNING
WARNING WARNING
WARNING It is recommended that you upgrade to OpenSSL WARNING
WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING
WARNING (or greater). WARNING
WARNING WARNING
WARNING You can disable this warning by specifying: WARNING
WARNING WARNING
WARNING --disable-openssl-version-check WARNING
WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
EOF
fi
# Tell Emacs to edit this file in shell mode. # Tell Emacs to edit this file in shell mode.
# Local Variables: # Local Variables:
# mode: sh # mode: sh

62
configure.in
View File

@@ -1689,43 +1689,6 @@ DSO_METHOD_dlfcn();
[AC_MSG_RESULT(assuming it does work on target platform)] [AC_MSG_RESULT(assuming it does work on target platform)]
) )
AC_ARG_ENABLE(openssl-version-check,
[AS_HELP_STRING([--enable-openssl-version-check],
[check OpenSSL version @<:@default=yes@:>@])])
case "$enable_openssl_version_check" in
yes|'')
AC_MSG_CHECKING(OpenSSL library version)
AC_TRY_RUN([
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL &&
OPENSSL_VERSION_NUMBER < 0x00908000L) ||
(OPENSSL_VERSION_NUMBER >= 0x0090804fL &&
OPENSSL_VERSION_NUMBER < 0x10002000L) ||
OPENSSL_VERSION_NUMBER >= 0x1000205fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010lx\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n"
"Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n"
"Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n");
return (1);
}
],
[AC_MSG_RESULT(ok)],
[AC_MSG_RESULT(not compatible)
OPENSSL_WARNING=yes
],
[AC_MSG_RESULT(assuming target platform has compatible version)])
;;
no)
AC_MSG_RESULT(Skipped OpenSSL version check)
;;
esac
AC_MSG_CHECKING(for OpenSSL FIPS mode support) AC_MSG_CHECKING(for OpenSSL FIPS mode support)
have_fips_mode="" have_fips_mode=""
AC_TRY_LINK([#include <openssl/crypto.h>], AC_TRY_LINK([#include <openssl/crypto.h>],
@@ -5557,31 +5520,6 @@ not have DNSSEC support. Use --with-openssl, or --with-pkcs11 and
EOF EOF
fi fi
if test "X$OPENSSL_WARNING" != "X"; then
cat << \EOF
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING
WARNING Your OpenSSL crypto library may be vulnerable to WARNING
WARNING one or more of the the following known security WARNING
WARNING flaws: WARNING
WARNING WARNING
WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING
WARNING CVE-2006-2940 and CVE-2015-3193. WARNING
WARNING WARNING
WARNING It is recommended that you upgrade to OpenSSL WARNING
WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING
WARNING (or greater). WARNING
WARNING WARNING
WARNING You can disable this warning by specifying: WARNING
WARNING WARNING
WARNING --disable-openssl-version-check WARNING
WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
EOF
fi
# Tell Emacs to edit this file in shell mode. # Tell Emacs to edit this file in shell mode.
# Local Variables: # Local Variables:
# mode: sh # mode: sh