- configure detects ssl security level API function in the autoconf

manner.  Every function on its own, so that other libraries (eg.
  LibreSSL) can develop their API without hindrance.


git-svn-id: file:///svn/unbound/trunk@3921 be551aaa-1e26-0410-a405-d3ace91eadb9

config.h.in

@@ -395,6 +395,9 @@
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
+/* Define to 1 if you have the `SSL_CTX_set_security_level' function. */
+#undef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+
 /* Define to 1 if you have the <stdarg.h> header file. */
 #undef HAVE_STDARG_H
 

configure

@@ -17556,12 +17556,13 @@ done
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-for ac_func in OPENSSL_init_ssl
+for ac_func in OPENSSL_init_ssl SSL_CTX_set_security_level
 do :
-  ac_fn_c_check_func "$LINENO" "OPENSSL_init_ssl" "ac_cv_func_OPENSSL_init_ssl"
-if test "x$ac_cv_func_OPENSSL_init_ssl" = xyes; then :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_INIT_SSL 1
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
 fi

configure.ac

@@ -681,7 +681,7 @@ AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_C
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
-AC_CHECK_FUNCS([OPENSSL_init_ssl])
+AC_CHECK_FUNCS([OPENSSL_init_ssl SSL_CTX_set_security_level])
 LIBS="$BAKLIBS"
 
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [

daemon/remote.c

@@ -243,7 +243,7 @@ daemon_remote_create(struct config_file* cfg)
 
 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
 		SSL_CTX_set_security_level(rc->ctx, 0);
 #endif
 		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {

doc/Changelog

@@ -1,3 +1,8 @@
+4 November 2016: Wouter
+	- configure detects ssl security level API function in the autoconf
+	  manner.  Every function on its own, so that other libraries (eg.
+	  LibreSSL) can develop their API without hindrance.
+
 3 November 2016: Ralph
 	- Set OpenSSL security level to 0 when using aNULL ciphers.
 

smallapp/unbound-control.c

@@ -176,7 +176,7 @@ setup_ctx(struct config_file* cfg)
 		free(c_cert);
 	} else {
 		/* Use ciphers that don't require authentication  */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
 		SSL_CTX_set_security_level(ctx, 0);
 #endif
 		if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))