Hi,
On 18-04-17 01:28, David Sommerseth wrote:
> Commit 039a89c331e9b799 changed the OpenSSL check slightly, but that
> broke ./configure on systems which do not install the openssl.pc
> pkg-config support file. This is typically an issue on most of the BSD
> platforms, where the OpenSSL package from the base repository does not
> provide that file.
>
> We should anyway in this case have a better check of OpenSSL version
> available. So in the case pkg-config fails, it will run an additional
> test looking for the OpenSSL version number in the opensslv.h header
> file and check against that version number.
>
> I did consider to rip out the pkg-config test all together, but decided
> to let it stay. If pkg-config works, it provides much more details to
> the ./configure script than just the version number check - such as
> include and library paths if those are outside the default system paths.
>
> If the user adds OPENSSL_CFLAGS or OPENSSL_LIBS to the ./configure
> script, the pkg-config will not be run. But this patch ensures that the
> OpenSSL version is also checked in this situation.
>
> This patch have been tested on Scientic Linux 7.3 (RHEL clone) and
> FreeBSD 10.3-RELEASE-p11.
>
> v3 - Remove not needed and duplicated OPENSSL_LIBS assignment
> - Fix tab/space issues in modified lines
>
> v2 - Don't use try to simplify the version matching, use the full
> OPENSSL_VERSION_NUMBER
> - Fixed typo (OpneSSL -> OpenSSL)
> - Improve a few comments
>
> Signed-off-by: David Sommerseth <dav...@openvpn.net>
> ---
> configure.ac | 26 +++++++++++++++++++++++---
> 1 file changed, 23 insertions(+), 3 deletions(-)
>
> diff --git a/configure.ac b/configure.ac
> index acea060..a0cbc98 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -860,11 +860,31 @@ if test "${enable_crypto}" = "yes" -a
> "${with_crypto_library}" = "openssl"; then
> PKG_CHECK_MODULES(
> [OPENSSL],
> [libcrypto >= 1.0.1, libssl >= 1.0.1],
> - [have_openssl="yes"],
> - [AC_MSG_ERROR([Minimum supported OpenSSL version is
> 1.0.1])]
> + [have_openssl="yes"],
> + [] # If this fails, we will do another test next
> )
> + fi
>
> - OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
> + # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
> + # are used, check the version directly in the OpenSSL include file
> + if test "${have_openssl}" != "yes"; then
> + AC_MSG_CHECKING([additionally if OpenSSL is available and version >=
> 1.0.1])
> + AC_COMPILE_IFELSE(
> + [AC_LANG_PROGRAM(
> + [[
> +#include <openssl/opensslv.h>
> + ]],
> + [[
> +/* Version encoding: MNNFFPPS - see opensslv.h for details */
> +#if OPENSSL_VERSION_NUMBER < 0x10001000L
> +#error OpenSSL too old
> +#endif
> + ]]
> + )],
> + [AC_MSG_RESULT([ok])],
> + [AC_MSG_ERROR([OpenSSL version too old])]
> + )
> + OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
> fi
>
> saved_CFLAGS="${CFLAGS}"
>
Sorry I didn't spot this before, but the new check should come after the
lines that update the CFLAGS and LIBS, otherwise this checks the system
lib, rather than the one specified though OPENSSL_LIBS and
OPENSSL_CFLAGS. (The first line of that is the last line of this patch.)
And still some spaces in there ;-)
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
