Commit 039a89c331e9b799 changed the OpenSSL check slightly, but that
broke ./configure on systems which do not install the openssl.pc
pkg-config support file. This is typically an issue on most of the BSD
platforms, where the OpenSSL package from the base repository does not
provide that file.
We should anyway in this case have a better check of OpenSSL version
available. So in the case pkg-config fails, it will run an additional
test looking for the OpenSSL version number in the opensslv.h header
file and check against that version number.
I did consider to rip out the pkg-config test all together, but decided
to let it stay. If pkg-config works, it provides much more details to
the ./configure script than just the version number check - such as
include and library paths if those are outside the default system paths.
If the user adds OPENSSL_CFLAGS or OPENSSL_LIBS to the ./configure
script, the pkg-config will not be run. But this patch ensures that the
OpenSSL version is also checked in this situation.
This patch have been tested on Scientic Linux 7.3 (RHEL clone) and
FreeBSD 10.3-RELEASE-p11.
v5 - Remove the right OPENSSL_LIBS and preserve the old one
- In PKG_CHECK_MODULES(), check for openssl instead of libssl
+ libcrypto
- Fix tab/space issues once again
v4 - Move the CFLAGS/LDFLAGS declarations before the manual
version test; otherwise we're still testing the system install
version
v3 - Remove not needed and duplicated OPENSSL_LIBS assignment
- Fix tab/space issues in modified lines
v2 - Don't use try to simplify the version matching, use the full
OPENSSL_VERSION_NUMBER
- Fixed typo (OpneSSL -> OpenSSL)
- Improve a few comments
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
configure.ac | 28 ++++++++++++++++++++++++----
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index acea060..7d3fce5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -859,11 +859,10 @@ if test "${enable_crypto}" = "yes" -a
"${with_crypto_library}" = "openssl"; then
# if the user did not explicitly specify flags, try to
autodetect
PKG_CHECK_MODULES(
[OPENSSL],
- [libcrypto >= 1.0.1, libssl >= 1.0.1],
- [have_openssl="yes"],
- [AC_MSG_ERROR([Minimum supported OpenSSL version is
1.0.1])]
+ [openssl >= 1.0.1],
+ [have_openssl="yes"],
+ [] # If this fails, we will do another test next
)
-
OPENSSL_LIBS=${OPENSSL_LIBS:--lssl -lcrypto}
fi
@@ -872,6 +871,27 @@ if test "${enable_crypto}" = "yes" -a
"${with_crypto_library}" = "openssl"; then
CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}"
LIBS="${LIBS} ${OPENSSL_LIBS}"
+ # If pkgconfig check failed or OPENSSL_CFLAGS/OPENSSL_LIBS env vars
+ # are used, check the version directly in the OpenSSL include file
+ if test "${have_openssl}" != "yes"; then
+ AC_MSG_CHECKING([additionally if OpenSSL is available and
version >= 1.0.1])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+#include <openssl/opensslv.h>
+ ]],
+ [[
+/* Version encoding: MNNFFPPS - see opensslv.h for details */
+#if OPENSSL_VERSION_NUMBER < 0x10001000L
+#error OpenSSL too old
+#endif
+ ]]
+ )],
+ [AC_MSG_RESULT([ok])],
+ [AC_MSG_ERROR([OpenSSL version too old])]
+ )
+ fi
+
AC_CHECK_FUNCS([SSL_CTX_new EVP_CIPHER_CTX_set_key_length],
,
[AC_MSG_ERROR([openssl check failed])]
--
2.11.0
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
