Sorry for the late review! Sick/work/blah.
----- Original Message ----- > TS-462: Configure checks for ServerNameIndication > > > Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo > Commit: > http://git-wip-us.apache.org/repos/asf/trafficserver/commit/cad0e9b5 > Tree: > http://git-wip-us.apache.org/repos/asf/trafficserver/tree/cad0e9b5 > Diff: > http://git-wip-us.apache.org/repos/asf/trafficserver/diff/cad0e9b5 > > Branch: refs/heads/master > Commit: cad0e9b529337ee70b52235be9065e73820c157e > Parents: f67290f > Author: James Peach <jpe...@apache.org> > Authored: Wed Feb 29 22:11:40 2012 -0800 > Committer: James Peach <jpe...@apache.org> > Committed: Tue Mar 13 20:33:15 2012 -0700 > > ---------------------------------------------------------------------- > build/crypto.m4 | 39 > +++++++++++++++++++++++++++++++++++++++ > configure.ac | 4 ++++ > lib/ts/ink_config.h.in | 1 + > 3 files changed, 44 insertions(+), 0 deletions(-) > ---------------------------------------------------------------------- > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cad0e9b5/build/crypto.m4 > ---------------------------------------------------------------------- > diff --git a/build/crypto.m4 b/build/crypto.m4 > index 5cdc80a..3cee32f 100644 > --- a/build/crypto.m4 > +++ b/build/crypto.m4 > @@ -124,3 +124,42 @@ AC_DEFUN([TS_CHECK_CRYPTO_NEXTPROTONEG], [ > TS_ARG_ENABLE_VAR([use], [tls-npn]) > AC_SUBST(use_tls_npn) > ]) > + > +AC_DEFUN([TS_CHECK_CRYPTO_SNI], [ > + _sni_saved_LIBS=$LIBS > + enable_tls_sni=yes > + > + TS_ADDTO(LIBS, [$LIBSSL]) > + AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h) > + # We are looking for SSL_CTX_set_tlsext_servername_callback, but > it's a > + # macro, so AC_CHECK_FUNCS is not going to do the business. > + AC_MSG_CHECKING([for SSL_CTX_set_tlsext_servername_callback]) > + AC_COMPILE_IFELSE( > + [ > + AC_LANG_PROGRAM([[ > +#if HAVE_OPENSSL_SSL_H > +#include <openssl/ssl.h> > +#endif > +#if HAVE_OPENSSL_TLS1_H > +#include <openssl/tls1.h> > +#endif > + ]], > + [[SSL_CTX_set_tlsext_servername_callback(NULL, NULL);]]) > + ], > + [ > + AC_MSG_RESULT([yes]) > + ], > + [ > + AC_MSG_RESULT([no]) > + enable_tls_sni=no > + ]) > + > + AC_CHECK_FUNCS(SSL_get_servername, [], [enable_tls_sni=no]) > + > + LIBS=$_sni_saved_LIBS > + > + AC_MSG_CHECKING(whether to enable ServerNameIndication TLS > extension support) > + AC_MSG_RESULT([$enable_tls_sni]) > + TS_ARG_ENABLE_VAR([use], [tls-sni]) > + AC_SUBST(use_tls_sni) > +]) This seems like overkill. All you'd have to do is surround your changes in the code with #ifndef OPENSSL_NO_TLSEXT At least that's how httpd does it: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_init.c?view=markup#l495 > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cad0e9b5/configure.ac > ---------------------------------------------------------------------- > diff --git a/configure.ac b/configure.ac > index 52e072f..9f849e7 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -845,6 +845,10 @@ fi > TS_CHECK_CRYPTO_NEXTPROTONEG > > # > +# Check for ServerNameIndication TLS extension support. > +TS_CHECK_CRYPTO_SNI > + > +# > # Check for zlib presence and usability > TS_CHECK_ZLIB > > > http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cad0e9b5/lib/ts/ink_config.h.in > ---------------------------------------------------------------------- > diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in > index 6d02b77..aa12b36 100644 > --- a/lib/ts/ink_config.h.in > +++ b/lib/ts/ink_config.h.in > @@ -114,6 +114,7 @@ > #define TS_USE_HWLOC @use_hwloc@ > #define TS_USE_FREELIST @use_freelist@ > #define TS_USE_TLS_NPN @use_tls_npn@ > +#define TS_USE_TLS_SNI @use_tls_sni@ > > /* OS API definitions */ > #define GETHOSTBYNAME_R_HOSTENT_DATA > @gethostbyname_r_hostent_data@ > > -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
