Commit 8e562874 authored by Nick Mathewson's avatar Nick Mathewson 👁
Browse files

Edit our openssl detection in autoconf to tolerate no-deprecated.

When openssl is built with no-deprecated, the TLSv1_1_method()
function isn't visible in the headers.  That's sad, because that
method is what we were looking at.

Instead, we now look at SSL_CIPHER_get_id(), which is present in
OpenSSL 1.0.1 and later, which is _not_ deprecated, and which is
also present in LibreSSL.

Fixes ticket 25353.  Not a bugfix exactly -- we never really worked
with this configuration.
parent 3bf9974b
......@@ -788,9 +788,18 @@ AC_ARG_WITH(ssl-dir,
AC_MSG_NOTICE([Now, we'll look for OpenSSL >= 1.0.1])
TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS32],
[#include <openssl/ssl.h>],
[struct ssl_method_st; const struct ssl_method_st *TLSv1_1_method(void);],
[TLSv1_1_method();], [],
[#include <openssl/ssl.h>
char *getenv(const char *);],
[struct ssl_cipher_st;
unsigned SSL_CIPHER_get_id(const struct ssl_cipher_st *);
char *getenv(const char *);],
dnl This funny-looking test program calls getenv, so that the compiler
dnl will neither make code that call SSL_CIPHER_get_id(NULL) [producing
dnl a crash], nor optimize out the call to SSL_CIPHER_get_id().
dnl We look for SSL_cipher_get_id() because it is present in
dnl OpenSSL >=1.0.1, because it is not deprecated, and because Tor
dnl depends on it.
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment