httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "MATHIHALLI,MADHUSUDAN (HP-Cupertino,ex1)" <madhusudan_mathiha...@am.exch.hp.com>
Subject RE: [PATCH-3] Backport of SSL-C compatibility thunks (& misc fixe s)
Date Tue, 08 Apr 2003 08:29:12 GMT
> -----Original Message-----
> From: William A. Rowe, Jr. [mailto:wrowe@apache.org]
[SNIP]
> >In other words, this patch should be comprehensive and apply clean
> >to APACHE_2_0_BRANCH today.
> 
> Or not, as Justin was kind enough to point out.  Revised 
> patch, attached.

I am having more problems than anticipated :(. (getting the following
errors)
- x509.h is not to be found in the distro of SSL-C that I have.
- error "d2i_DHparams undeclared" during compiling.

I don't know if we can depend upon the existance of x509.h in SSL-C.(I have
seen two versions of SSL-C, and neither have it). The way I work around the
problem is by defining any X509 required stuff seperate header file.

BTW, I found it easier to get the builds going with the acinclude.m4,
acconfig.h patch from 2.1-dev. Here follows a temporary patch :

Index: acinclude.m4
===================================================================
RCS file: /home/cvs/httpd-2.0/acinclude.m4,v
retrieving revision 1.133.2.1
diff -u -r1.133.2.1 acinclude.m4
--- acinclude.m4        29 Nov 2002 11:05:57 -0000      1.133.2.1
+++ acinclude.m4        8 Apr 2003 08:12:44 -0000
@@ -381,7 +381,7 @@
 ])
 
 dnl
-dnl APACHE_CHECK_SSL_TOOLKIT
+dnl APACHE_CHECK_SSL_TOOLKIT_OLD
 dnl
 dnl Find the openssl toolkit installation and check it for the right
 dnl version, then add its flags to INCLUDES and LIBS.  This should
@@ -389,7 +389,7 @@
 dnl and then AC_TRY_LINK to test the libraries directly for the version,
 dnl but that will require someone who knows how to program openssl.
 dnl
-AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
+AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT_OLD,[
 if test "x$ap_ssltk_base" = "x"; then
   AC_MSG_CHECKING(for SSL/TLS toolkit base)
   ap_ssltk_base=""
@@ -490,6 +490,123 @@
   fi
   APR_ADDTO(LIBS, [-lssl -lcrypto])
   ap_cv_ssltk="$ap_ssltk_base"
+fi
+])
+
+AC_DEFUN(APACHE_CHECK_SSL_TOOLKIT,[
+if test "x$ap_ssltk_configured" = "x"; then
+  dnl initialise the variables we use
+  ap_ssltk_base=""
+  ap_ssltk_inc=""
+  ap_ssltk_lib=""
+  ap_ssltk_type=""
+
+  dnl Determine the SSL/TLS toolkit's base directory, if any
+  AC_MSG_CHECKING(for SSL/TLS toolkit base)
+  AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,SSL/TLS toolkit), [
+    dnl If --with-ssl specifies a directory, we use that directory or fail
+    if test "x$withval" != "xyes" -a "x$withval" != "x"; then
+      dnl This ensures $withval is actually a directory and that it is
absolute
+      ap_ssltk_base="`cd $withval ; pwd`"
+    fi
+  ])
+  if test "x$ap_ssltk_base" = "x"; then
+    AC_MSG_RESULT(none)
+  else
+    AC_MSG_RESULT($ap_ssltk_base)
+  fi
+
+  dnl Run header and version checks
+  saved_CPPFLAGS=$CPPFLAGS
+  if test "x$ap_ssltk_base" != "x"; then
+    ap_ssltk_inc="-I$ap_ssltk_base/include
-I$ap_ssltk_base/include/openssl"
+    CPPFLAGS="$CPPFLAGS $ap_ssltk_inc"
+  fi
+  AC_CHECK_HEADERS([sslc.h], [ap_ssltk_type="sslc"], [])
+  if test "x$ap_ssltk_type" = "x"; then
+    AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h],
[ap_ssltk_type="openssl"], [])
+    if test "x$ap_ssltk_type" = "x"; then
+      AC_MSG_ERROR([No SSL/TLS headers were available])
+    fi
+    dnl so it's OpenSSL - report, then test for a good version
+    echo "... SSL/TLS support configuring for OpenSSL"
+    AC_MSG_CHECKING(for OpenSSL version)
+    AC_TRY_COMPILE([#include <openssl/opensslv.h>],
+[#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER <
0x0090609f
+#error "invalid openssl version"
+#endif],
+      [dnl Replace this with OPENSSL_VERSION_TEXT from opensslv.h?
+      AC_MSG_RESULT(OK)],
+      [AC_MSG_RESULT([not encouraging])
+      echo "WARNING: OpenSSL version may contain security
vulnerabilities!"])
+
+  else
+
+    dnl so it's SSL-C - report, then test anything relevant
+    echo "... SSL/TLS support configuring for SSL-C"
+    AC_MSG_CHECKING(for SSL-C version)
+    AC_TRY_COMPILE([#include <sslc.h>],
+[#if !defined(SSLC_VERSION_NUMBER) || SSLC_VERSION_NUMBER < 0x2100
+#error "invalid SSL-C version"
+#endif],
+    [AC_MSG_RESULT(OK)],
+    [AC_MSG_ERROR([SSL-C Versions < 2.1 has not been tested])])
+  fi
+  dnl restore
+  CPPFLAGS=$saved_CPPFLAGS
+
+  dnl Run library checks
+  saved_LDFLAGS=$LDFLAGS
+  saved_LIBS=$LIBS
+  if test "x$ap_ssltk_base" != "x"; then
+    if test -d "$ap_ssltk_base/lib"; then
+      ap_ssltk_lib="$ap_ssltk_base/lib"
+    else
+      ap_ssltk_lib="$ap_ssltk_base"
+    fi
+    LDFLAGS="$LDFLAGS -L$ap_ssltk_lib"
+  fi
+  dnl make sure "other" flags are available so libcrypto and libssl can
link
+  LIBS="$LIBS `$apr_config --libs`"
+  liberrors=""
+  if test "$ap_ssltk_type" = "openssl"; then
+    AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"])
+    AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"])
+  else
+    AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"])
+  fi
+  if test "x$liberrors" != "x"; then
+    AC_MSG_ERROR([... Error, SSL/TLS libraries were missing or unusable])
+  fi
+  dnl restore
+  LDFLAGS=$saved_LDFLAGS
+  LIBS=$saved_LIBS
+
+  dnl Adjust apache's configuration based on what we found above.
+  dnl (a) define preprocessor symbols
+  if test "$ap_ssltk_type" = "openssl"; then
+    AC_DEFINE(HAVE_OPENSSL)
+  else
+    AC_DEFINE(HAVE_SSLC)
+  fi
+  dnl (b) hook up include paths
+  if test "x$ap_ssltk_inc" != "x"; then
+    APR_ADDTO(INCLUDES, [$ap_ssltk_inc])
+  fi
+  dnl (c) hook up linker paths
+  if test "x$ap_ssltk_lib" != "x"; then
+    APR_ADDTO(LDFLAGS, ["-L$ap_ssltk_lib"])
+    if test "x$ap_platform_runtime_link_flag" != "x"; then
+      APR_ADDTO(LDFLAGS, ["$ap_platform_runtime_link_flag$ap_ssltk_lib"])
+    fi
+  fi
+  dnl (d) add "-lssl -lcrypto" OR "-lsslc" to LIBS because restoring LIBS
+  dnl after AC_CHECK_LIB() obliterates any flags AC_CHECK_LIB() added.
+  if test "$ap_ssltk_type" = "openssl"; then
+    APR_ADDTO(LIBS, [-lssl -lcrypto])
+  else
+    APR_ADDTO(LIBS, [-lsslc])
+  fi
 fi
 ])
 
Index: acconfig.h
===================================================================
RCS file: /home/cvs/httpd-2.0/acconfig.h,v
retrieving revision 1.1
diff -u -r1.1 acconfig.h
--- acconfig.h  31 Jan 2002 14:51:37 -0000      1.1
+++ acconfig.h  8 Apr 2003 08:12:44 -0000
@@ -1,2 +1,8 @@
 /* Define this if struct tm has a field tm_gmtoff */
 #undef HAVE_GMTOFF
+
+/* Define this if we are building with OpenSSL */
+#undef HAVE_OPENSSL
+
+/* Define this if we are building with SSL-C */
+#undef HAVE_SSLC

Mime
View raw message