Re: trafficserver git commit: TS-3380: Add configure time constant to enable openssl 1.0.2 changes to compile with libressl

Mon, 09 Feb 2015 19:06:36 -0800 



On Feb 9, 2015, at 4:12 PM, shinr...@apache.org wrote:



[snip]

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/2dbdd9c2/build/crypto.m4
----------------------------------------------------------------------
diff --git a/build/crypto.m4 b/build/crypto.m4
index 32276a2..2c83793 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -89,7 +89,12 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
   enable_tls_sni=yes

   TS_ADDTO(LIBS, [$OPENSSL_LIBS])
-  AC_CHECK_HEADERS(openssl/tls1.h openssl/ssl.h openssl/ts.h)
+  AC_CHECK_HEADERS(openssl/ssl.h openssl/ts.h)
+  AC_CHECK_HEADERS(openssl/tls1.h, [], [],
+[ #ifdef HEADER_SSL_H
+#include <openssl/tls1.h>
+#endif ])

Where does HEADER_SSL_H come from? The previous check for <openssl/tls1.h> 
works on my systems ... what configuration was this change for?
Without this change I was seeing the following when compiling against openssl 1.0.2 

checking openssl/tls1.h presence... yes
configure: WARNING: openssl/tls1.h: present but cannot be compiled
configure: WARNING: openssl/tls1.h:     check for missing prerequisite headers?
configure: WARNING: openssl/tls1.h: see the Autoconf documentation
configure: WARNING: openssl/tls1.h:     section "Present But Cannot Be Compiled"
configure: WARNING: openssl/tls1.h: proceeding with the compiler's result





+
   # We are looking for SSL_CTX_set_tlsext_servername_callback, but it's a
   # macro, so AC_CHECK_FUNCS is not going to do the business.
   AC_MSG_CHECKING([for SSL_CTX_set_tlsext_servername_callback])
@@ -122,3 +127,79 @@ AC_DEFUN([TS_CHECK_CRYPTO_SNI], [
   TS_ARG_ENABLE_VAR([use], [tls-sni])
   AC_SUBST(use_tls_sni)
])
+
+AC_DEFUN([TS_CHECK_CRYPTO_CERT_CB], [

SSL_CTX_set_cert_cb is a function, so you should just be able to use 
AC_SEARCH_LIBS here ...


Cool.  Still figuring out auto tools.  Will try the AC_SEARCH_LIBS



[snip]

+
+AC_DEFUN([TS_CHECK_CRYPTO_SET_RBIO], [
+  _rbio_saved_LIBS=$LIBS
+  enable_set_rbio=yes

Can you explain this one to me? SSL_set_rbio is not an OpenSSL API ... is it 
planned for a future version?
Yes, this was just added to openssl master for 1.1. Added in preparation for TS-3372. 



thanks,
James

Reply via email to