diff --git a/m4macros/ax_boost_for_kea.m4 b/m4macros/ax_boost_for_kea.m4 index 56fd59ea78..acd469478e 100644 --- a/m4macros/ax_boost_for_kea.m4 +++ b/m4macros/ax_boost_for_kea.m4 @@ -75,6 +75,9 @@ if test "${boost_include_path}" ; then CPPFLAGS="$CPPFLAGS $BOOST_INCLUDES" fi +# Requiring boost >= 1.66. +AC_CHECK_HEADERS(boost/asio/io_context.hpp,,AC_MSG_ERROR([Missing boost asio io_context header: boost version must be at least 1.66])) + # Some boost headers need the header to be included for some Boost versions under C++20. # Include it in all situations for simplicity. AC_CHECK_HEADERS( @@ -88,6 +91,7 @@ AC_CHECK_HEADERS( boost/date_time/posix_time/posix_time_types.hpp \ boost/foreach.hpp \ boost/functional/hash.hpp \ + boost/integer/common_factor.hpp \ boost/interprocess/sync/interprocess_upgradable_mutex.hpp \ boost/shared_ptr.hpp \ boost/system/error_code.hpp \ @@ -98,10 +102,6 @@ AC_CHECK_HEADERS( ]] ) -AC_CHECK_HEADERS(boost/integer/common_factor.hpp) - -AC_CHECK_HEADERS(boost/asio/io_context.hpp,,AC_MSG_ERROR([Missing boost asio io_context header: boost version must be at least 1.66])) - # Verify that the path does not include standard headers by mistake. # There are two regex.h headers: one is a standard system header (usually # in /usr/include) and the second one is provided by boost. If you specify the diff --git a/m4macros/ax_crypto.m4 b/m4macros/ax_crypto.m4 index d1bc1ca892..7761c9223b 100644 --- a/m4macros/ax_crypto.m4 +++ b/m4macros/ax_crypto.m4 @@ -389,35 +389,18 @@ then AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([#include ], [auto ctx(boost::asio::ssl::context::tls);])], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_GENERIC_TLS_METHOD], [1], - [Define to 1 if boost::asio::ssl::context::tls is available])], + [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no) - AC_MSG_CHECKING([Verifying TLS 1.2 fallback]) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([#include ], - [auto ctx(boost::asio::ssl::context::tlsv12);])], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_TLS_1_2_METHOD], [1], - [Define to 1 if boost::asio::ssl::context::tlsv12 is available])], - [AC_MSG_RESULT(no) - AC_MSG_WARN([The boost version is very old: TLS support can use insecure features])])]) + AC_MSG_ERROR([Boost version >= 1.66 is required])]) dnl Check if the stream_truncated (SSL short read) error is available AC_MSG_CHECKING([stream_truncated (SSL short read) error]) AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([#include ], [const int ec = boost::asio::ssl::error::stream_truncated;])], - [AC_MSG_RESULT(yes) - AC_DEFINE([HAVE_STREAM_TRUNCATED_ERROR], [1], - [Define to 1 if boost::asio::ssl::error::stream_truncated is available])], + [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no) - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM([#include ], - [const int ec = - ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ);])], - [], - [AC_MSG_ERROR([Can not find a definition for stream_truncated (SSL short read) error: sorry, your boost library is too old])])]) + AC_MSG_ERROR([Boost version >= 1.66 is required])]) CPPFLAGS=${CPPFLAGS_SAVED} fi ]) diff --git a/meson-config.h.in b/meson-config.h.in index e5f9446a17..21f7c2e47d 100644 --- a/meson-config.h.in +++ b/meson-config.h.in @@ -25,9 +25,6 @@ /* Whether gtest defines edit_distance::CreateUnifiedDiff */ #mesondefine HAVE_CREATE_UNIFIED_DIFF -/* Whether boost::asio::ssl::context::tls is available */ -#mesondefine HAVE_GENERIC_TLS_METHOD - /* gss_str_to_oid is available */ #mesondefine HAVE_GSS_STR_TO_OID @@ -58,9 +55,6 @@ /* Whether sockaddr has a sa_len member, and corresponding sin_len and sun_len */ #mesondefine HAVE_SA_LEN -/* Whether boost::asio::ssl::error::stream_truncated is available */ -#mesondefine HAVE_STREAM_TRUNCATED_ERROR - /* Whether you have the header file. */ #mesondefine HAVE_SYS_FILIO_H diff --git a/meson.build b/meson.build index e1a565da00..9ba390348f 100644 --- a/meson.build +++ b/meson.build @@ -322,12 +322,20 @@ if cpp.has_link_argument('-Wl,--no-undefined') endif endif -result = cpp.run( - fs.read('compiler-checks/have-generic-tls-method.cc'), - name: 'HAVE_GENERIC_TLS_METHOD', - dependencies: [boost_dep, CRYPTO_DEP, threads_dep], -) -conf_data.set('HAVE_GENERIC_TLS_METHOD', result.returncode() == 0) +if CRYPTO_DEP.name() == openssl.name() + cpp.run( + fs.read('compiler-checks/have-generic-tls-method.cc'), + name: 'HAVE_GENERIC_TLS_METHOD', + dependencies: [boost_dep, CRYPTO_DEP, threads_dep], + required: true, + ) + cpp.run( + fs.read('compiler-checks/stream-truncated-error.cc'), + name: 'HAVE_STREAM_TRUNCATED_ERROR', + dependencies: [boost_dep, CRYPTO_DEP, threads_dep], + required: true, + ) +endif result = cpp.run( fs.read('compiler-checks/have-optreset.cc'), @@ -361,13 +369,6 @@ if MYSQL_DEP.found() conf_data.set('HAVE_MYSQL_GET_OPTION', result.returncode() == 0) endif -result = cpp.run( - fs.read('compiler-checks/stream-truncated-error.cc'), - name: 'HAVE_STREAM_TRUNCATED_ERROR', - dependencies: [boost_dep, CRYPTO_DEP, threads_dep], -) -conf_data.set('HAVE_STREAM_TRUNCATED_ERROR', result.returncode() == 0) - # TODO: implement when integrating with CI result = cpp.run( fs.read('compiler-checks/fuzzing-with-clusterfuzzlite.cc'), diff --git a/src/lib/asiolink/openssl_tls.cc b/src/lib/asiolink/openssl_tls.cc index 270d96a6e3..c8d2aa0e46 100644 --- a/src/lib/asiolink/openssl_tls.cc +++ b/src/lib/asiolink/openssl_tls.cc @@ -29,15 +29,7 @@ namespace asiolink { // the boost version is older than 1.64.0). TlsContext::TlsContext(TlsRole role) : TlsContextBase(role), cert_required_(true), -#ifdef HAVE_GENERIC_TLS_METHOD context_(context::method::tls) -#else -#ifdef HAVE_TLS_1_2_METHOD - context_(context::method::tlsv12) -#else - context_(context::method::tlsv1) -#endif -#endif { // Not leave the verify mode to OpenSSL default. setCertRequired(true); diff --git a/src/lib/asiolink/openssl_tls.h b/src/lib/asiolink/openssl_tls.h index ba2bc8b6c8..57c33236b8 100644 --- a/src/lib/asiolink/openssl_tls.h +++ b/src/lib/asiolink/openssl_tls.h @@ -1,4 +1,4 @@ -// Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC") +// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC") // // This Source Code Form is subject to the terms of the Mozilla Public // License, v. 2.0. If a copy of the MPL was not distributed with this @@ -230,11 +230,7 @@ public: }; // Stream truncated error code. -#ifdef HAVE_STREAM_TRUNCATED_ERROR const int STREAM_TRUNCATED = boost::asio::ssl::error::stream_truncated; -#else -const int STREAM_TRUNCATED = ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHORT_READ); -#endif } // namespace asiolink } // namespace isc diff --git a/src/lib/asiolink/testutils/openssl_sample_client.cc b/src/lib/asiolink/testutils/openssl_sample_client.cc index 1b8ee01f55..36f1dcddb0 100644 --- a/src/lib/asiolink/testutils/openssl_sample_client.cc +++ b/src/lib/asiolink/testutils/openssl_sample_client.cc @@ -11,9 +11,6 @@ #include #include - -#ifdef HAVE_GENERIC_TLS_METHOD - #include #include #include @@ -177,11 +174,3 @@ int main(int argc, char* argv[]) return 0; } -#else // !HAVE_GENERIC_TLS_METHOD - -int main() -{ - std::cerr << "this tool requires recent boost version (>= 1.64)\n"; - return 0; -} -#endif diff --git a/src/lib/asiolink/testutils/openssl_sample_server.cc b/src/lib/asiolink/testutils/openssl_sample_server.cc index 11c7d8c801..521b661ee4 100644 --- a/src/lib/asiolink/testutils/openssl_sample_server.cc +++ b/src/lib/asiolink/testutils/openssl_sample_server.cc @@ -14,9 +14,6 @@ #include #include - -#ifdef HAVE_GENERIC_TLS_METHOD - #include #include @@ -181,13 +178,3 @@ int main(int argc, char* argv[]) return 0; } - -#else // !HAVE_GENERIC_TLS_METHOD - -int main() -{ - std::cerr << "this tool requires recent boost version (>= 1.64)\n"; - return 0; -} -#endif -