mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-08-22 09:57:41 +00:00
Code Issues Releases Wiki Activity

Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled.

Browse Source 
Add a check for the function declaration in openssl/ssl.h.
This commit is contained in:
Todd C. Miller 2020-11-16 14:39:52 -07:00
parent 38dd0f63b6
commit a96b9a1373
3 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config.h.in
View File

@ -767,7 +767,8 @@
/* Define to 1 if you have the `SSL_CTX_get0_certificate' function. */ /* Define to 1 if you have the `SSL_CTX_get0_certificate' function. */
#undef HAVE_SSL_CTX_GET0_CERTIFICATE #undef HAVE_SSL_CTX_GET0_CERTIFICATE
/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ /* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.
*/
#undef HAVE_SSL_CTX_SET_CIPHERSUITES #undef HAVE_SSL_CTX_SET_CIPHERSUITES
/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or /* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or

20
configure vendored
View File

@ -22004,7 +22004,7 @@ fi
OLIBS="$LIBS" OLIBS="$LIBS"
LIBS="$LIBS $LIBTLS" LIBS="$LIBS $LIBTLS"
for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method for ac_func in X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method
do : do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -22025,6 +22025,23 @@ done
if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then : if test "x$ac_cv_have_decl_SSL_CTX_set_min_proto_version" = xyes; then :
$as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h $as_echo "#define HAVE_SSL_CTX_SET_MIN_PROTO_VERSION 1" >>confdefs.h
fi
# LibreSSL TLS 1.3 support may not be enabled, check for declaration too.
ac_fn_c_check_func "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_func_SSL_CTX_set_ciphersuites"
if test "x$ac_cv_func_SSL_CTX_set_ciphersuites" = xyes; then :
ac_fn_c_check_decl "$LINENO" "SSL_CTX_set_ciphersuites" "ac_cv_have_decl_SSL_CTX_set_ciphersuites" "
$ac_includes_default
#include <openssl/ssl.h>
"
if test "x$ac_cv_have_decl_SSL_CTX_set_ciphersuites" = xyes; then :
$as_echo "#define HAVE_SSL_CTX_SET_CIPHERSUITES 1" >>confdefs.h
fi
fi fi
LIBS="$OLIBS" LIBS="$OLIBS"
@ -30526,5 +30543,6 @@ fi

10
configure.ac
View File

@ -3065,12 +3065,19 @@ if test "${enable_openssl-no}" != no; then
OLIBS="$LIBS" OLIBS="$LIBS"
LIBS="$LIBS $LIBTLS" LIBS="$LIBS $LIBTLS"
AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate SSL_CTX_set_ciphersuites TLS_client_method TLS_server_method]) AC_CHECK_FUNCS([X509_STORE_CTX_get0_cert ASN1_STRING_get0_data SSL_CTX_get0_certificate TLS_client_method TLS_server_method])
# SSL_CTX_set_min_proto_version may be a macro # SSL_CTX_set_min_proto_version may be a macro
AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [ AC_CHECK_DECL([SSL_CTX_set_min_proto_version], [AC_DEFINE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION)], [], [
AC_INCLUDES_DEFAULT AC_INCLUDES_DEFAULT
#include <openssl/ssl.h> #include <openssl/ssl.h>
]) ])
# LibreSSL TLS 1.3 support may not be enabled, check for declaration too.
AC_CHECK_FUNC([SSL_CTX_set_ciphersuites], [
AC_CHECK_DECL([SSL_CTX_set_ciphersuites], [AC_DEFINE(HAVE_SSL_CTX_SET_CIPHERSUITES)], [], [
AC_INCLUDES_DEFAULT
#include <openssl/ssl.h>
])
])
LIBS="$OLIBS" LIBS="$OLIBS"
elif test "${enable_gcrypt-no}" != no; then elif test "${enable_gcrypt-no}" != no; then
# Use gcrypt's sha2 functions # Use gcrypt's sha2 functions
@ -4964,6 +4971,7 @@ AH_TEMPLATE(HAVE_KINFO_PROC_OPENBSD, [Define to 1 if your system has an OpenBSD-
AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.]) AH_TEMPLATE(HAVE_OPENSSL, [Define to 1 if you are using OpenSSL's TLS and sha2 functions.])
AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.]) AH_TEMPLATE(HAVE_GCRYPT, [Define to 1 if you are using gcrypt's sha2 functions.])
AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.]) AH_TEMPLATE(HAVE_SSL_CTX_SET_MIN_PROTO_VERSION, [Define to 1 if you have the `SSL_CTX_set_min_proto_version' function or macro.])
AH_TEMPLATE(HAVE_SSL_CTX_SET_CIPHERSUITES, [Define to 1 if you have the `SSL_CTX_set_ciphersuites' function or macro.])
AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.]) AH_TEMPLATE(SUDOERS_LOG_CLIENT, [Define to 1 to compile support for sudo_logsrvd in the sudoers plugin.])
AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.]) AH_TEMPLATE(HAVE_FALLTHROUGH_ATTRIBUTE, [Define to 1 if the compiler supports the fallthrough attribute.])