upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- configure detects ssl security level API function in the autoconf

Browse source 
manner.  Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.


git-svn-id: file:///svn/unbound/trunk@3921 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2016-11-04 08:05:42 +00:00
parent 3b4cbcf631
commit fa81710d16
6 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config.h.in
View file

@ -395,6 +395,9 @@
/* Define if you have the SSL libraries installed. */ /* Define if you have the SSL libraries installed. */
#undef HAVE_SSL #undef HAVE_SSL
/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
/* Define to 1 if you have the <stdarg.h> header file. */ /* Define to 1 if you have the <stdarg.h> header file. */
#undef HAVE_STDARG_H #undef HAVE_STDARG_H

9
configure vendored
View file

@ -17556,12 +17556,13 @@ done
# these check_funcs need -lssl # these check_funcs need -lssl
BAKLIBS="$LIBS" BAKLIBS="$LIBS"
LIBS="-lssl $LIBS" LIBS="-lssl $LIBS"
for ac_func in OPENSSL_init_ssl for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level
do : do :
ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl" as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then : ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
cat >>confdefs.h <<_ACEOF cat >>confdefs.h <<_ACEOF
#define HAVE_OPENSSL_INIT_SSL 1 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
_ACEOF _ACEOF
fi fi

2
configure.ac
View file

@ -681,7 +681,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
# these check_funcs need -lssl # these check_funcs need -lssl
BAKLIBS="$LIBS" BAKLIBS="$LIBS"
LIBS="-lssl $LIBS" LIBS="-lssl $LIBS"
AC_CHECK_FUNCS([OPENSSL_init_ssl]) AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level])
LIBS="$BAKLIBS" LIBS="$BAKLIBS"
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [

2
daemon/remote.c
View file

@ -243,7 +243,7 @@ daemon_remote_create(struct config_file* cfg)
if (cfg->remote_control_use_cert == 0) { if (cfg->remote_control_use_cert == 0) {
/* No certificates are requested */ /* No certificates are requested */
#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL) #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
SSL_CTX_set_security_level(rc->ctx, 0); SSL_CTX_set_security_level(rc->ctx, 0);
#endif #endif
if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) { if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {

5
doc/Changelog
View file

@ -1,3 +1,8 @@
4 November 2016: Wouter
- configure detects ssl security level API function in the autoconf
manner. Every function on its own, so that other libraries (eg.
LibreSSL) can develop their API without hindrance.
3 November 2016: Ralph 3 November 2016: Ralph
- Set OpenSSL security level to 0 when using aNULL ciphers. - Set OpenSSL security level to 0 when using aNULL ciphers.

2
smallapp/unbound-control.c
View file

@ -176,7 +176,7 @@ setup_ctx(struct config_file* cfg)
free(c_cert); free(c_cert);
} else { } else {
/* Use ciphers that don't require authentication */ /* Use ciphers that don't require authentication */
#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL) #ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
SSL_CTX_set_security_level(ctx, 0); SSL_CTX_set_security_level(ctx, 0);
#endif #endif
if(!SSL_CTX_set_cipher_list(ctx, "aNULL")) if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))