File: ssl.m4

package info (click to toggle)
dovecot 1%3A2.4.1%2Bdfsg1-6
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 46,224 kB
  • sloc: ansic: 596,204; makefile: 7,825; sh: 6,005; cpp: 1,866; perl: 487; yacc: 412; lex: 320; python: 253; xml: 232
file content (116 lines) | stat: -rw-r--r-- 3,814 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
dnl DOVECOT_CHECK_SSL_FUNC(function)
AC_DEFUN([DOVECOT_CHECK_SSL_FUNC], [
   AC_CHECK_DECL([$1], AC_DEFINE(HAVE_$1,, [Define if you have $1]),,
[[#include <openssl/opensslv.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/ec.h>
#include <openssl/ssl.h>
#include <openssl/hmac.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/encoder.h>
#include <openssl/decoder.h>
#include <openssl/params.h>
#include <openssl/provider.h>
#include <openssl/core.h>
#endif
#include <openssl/objects.h>
#include <openssl/err.h>
]])
])

AC_DEFUN([DOVECOT_SSL], [
  build_dcrypt_openssl=no
  have_openssl=no

  PKG_CHECK_EXISTS([openssl], [
     PKG_CHECK_MODULES(SSL, [openssl >= 1.1.1])
  ], [
    AC_CHECK_LIB(ssl, SSL_read, [
      AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [
        SSL_LIBS="-lssl -lcrypto $DLLIB"
        AC_SUBST(SSL_LIBS)
        have_openssl=yes
    ], AC_MSG_ERROR(cannot build with OpenSSL: openssl/ssl.h or openssl/err.h not found))])
    AS_IF([test $have_openssl != yes], [
      AC_MSG_ERROR(cannot build with OpenSSL: libssl not found)
    ])
  ])

  AC_MSG_CHECKING([if OpenSSL version is 1.1.1 or better])

  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
      #include <openssl/opensslv.h>
      #if OPENSSL_VERSION_NUMBER < 0x10101000L
      #error "fail-compile"
      #endif]], [[ return 0; ]])],
    [ssl_version_ge_111=true], [ssl_version_ge_111=false])
  AC_MSG_RESULT([$ssl_version_ge_111])

  AS_IF([test $ssl_version_ge_111 != true], [
    AC_MSG_ERROR([OpenSSL v1.1.1 or better required to build Dovecot])
  ])

  AC_MSG_CHECKING([if OpenSSL version is 3.0.0 or better])

  AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
      #include <openssl/opensslv.h>
      #if OPENSSL_VERSION_NUMBER < 0x30000000L
      #error "fail-compile"
      #endif]], [[ return 0; ]])],
    [ssl_version_ge_300=true], [ssl_version_ge_300=false])
  AC_MSG_RESULT([$ssl_version_ge_300])

  AS_IF([test $ssl_version_ge_300 = true], [
    SSL_CFLAGS="$SSL_CFLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_API_COMPAT=30000 -DDOVECOT_USE_OPENSSL3"
    dcrypt_openssl_ver=3
    AC_DEFINE([HAVE_OPENSSL3],,1)
  ], [
    SSL_CFLAGS="$SSL_CFLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_API_COMPAT=0x1000200L"
  ])

  old_CFLAGS="$CFLAGS"
  CFLAGS="$old_CFLAGS $SSL_CFLAGS"

  dnl * New style mem functions? Should be in v1.1+
  AC_CACHE_CHECK([whether CRYPTO_set_mem_functions has new style parameters],i_cv_have_ssl_new_mem_funcs,[
    old_LIBS=$LIBS
    LIBS="$LIBS -lssl"
    AC_LINK_IFELSE([AC_LANG_PROGRAM([[
      #include <openssl/ssl.h>
        int CRYPTO_set_mem_functions(
              void *(*m) (size_t, const char *, int),
              void *(*r) (void *, size_t, const char *, int),
              void (*f) (void *, const char *, int));
    ]], [[
    ]])],[
      i_cv_have_ssl_new_mem_funcs=yes
    ],[
      i_cv_have_ssl_new_mem_funcs=no
    ])
    LIBS=$old_LIBS
  ])
  AS_IF([test $i_cv_have_ssl_new_mem_funcs = yes], [
    AC_DEFINE(HAVE_SSL_NEW_MEM_FUNCS,, [Define if CRYPTO_set_mem_functions has new style parameters])
  ])

  dnl OpenSSl 3.0
  DOVECOT_CHECK_SSL_FUNC([ERR_get_error_all])
  DOVECOT_CHECK_SSL_FUNC([EVP_MAC_CTX_new])
  DOVECOT_CHECK_SSL_FUNC([OSSL_PROVIDER_try_load])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_tmp_dh_callback])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_current_cert])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set0_tmp_dh_pkey])

  dnl LibreSSL
  DOVECOT_CHECK_SSL_FUNC([EVP_PKEY_check])
  DOVECOT_CHECK_SSL_FUNC([OPENSSL_buf2hexstr])
  DOVECOT_CHECK_SSL_FUNC([SSL_get1_peer_certificate])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_client_hello_cb])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_select_current_cert])
  DOVECOT_CHECK_SSL_FUNC([SSL_client_hello_get0_ciphers])
  DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_alpn_select_cb])

  CFLAGS="$old_CFLAGS"
])