1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
|
dnl DOVECOT_CHECK_SSL_FUNC(function)
AC_DEFUN([DOVECOT_CHECK_SSL_FUNC], [
AC_CHECK_DECL([$1], AC_DEFINE(HAVE_$1,, [Define if you have $1]),,
[[#include <openssl/opensslv.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/ec.h>
#include <openssl/ssl.h>
#include <openssl/hmac.h>
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/encoder.h>
#include <openssl/decoder.h>
#include <openssl/params.h>
#include <openssl/provider.h>
#include <openssl/core.h>
#endif
#include <openssl/objects.h>
#include <openssl/err.h>
]])
])
AC_DEFUN([DOVECOT_SSL], [
build_dcrypt_openssl=no
have_openssl=no
PKG_CHECK_EXISTS([openssl], [
PKG_CHECK_MODULES(SSL, [openssl >= 1.1.1])
], [
AC_CHECK_LIB(ssl, SSL_read, [
AC_CHECK_HEADERS(openssl/ssl.h openssl/err.h, [
SSL_LIBS="-lssl -lcrypto $DLLIB"
AC_SUBST(SSL_LIBS)
have_openssl=yes
], AC_MSG_ERROR(cannot build with OpenSSL: openssl/ssl.h or openssl/err.h not found))])
AS_IF([test $have_openssl != yes], [
AC_MSG_ERROR(cannot build with OpenSSL: libssl not found)
])
])
AC_MSG_CHECKING([if OpenSSL version is 1.1.1 or better])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x10101000L
#error "fail-compile"
#endif]], [[ return 0; ]])],
[ssl_version_ge_111=true], [ssl_version_ge_111=false])
AC_MSG_RESULT([$ssl_version_ge_111])
AS_IF([test $ssl_version_ge_111 != true], [
AC_MSG_ERROR([OpenSSL v1.1.1 or better required to build Dovecot])
])
AC_MSG_CHECKING([if OpenSSL version is 3.0.0 or better])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/opensslv.h>
#if OPENSSL_VERSION_NUMBER < 0x30000000L
#error "fail-compile"
#endif]], [[ return 0; ]])],
[ssl_version_ge_300=true], [ssl_version_ge_300=false])
AC_MSG_RESULT([$ssl_version_ge_300])
AS_IF([test $ssl_version_ge_300 = true], [
SSL_CFLAGS="$SSL_CFLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_API_COMPAT=30000 -DDOVECOT_USE_OPENSSL3"
dcrypt_openssl_ver=3
AC_DEFINE([HAVE_OPENSSL3],,1)
], [
SSL_CFLAGS="$SSL_CFLAGS -DOPENSSL_NO_DEPRECATED -DOPENSSL_API_COMPAT=0x1000200L"
])
old_CFLAGS="$CFLAGS"
CFLAGS="$old_CFLAGS $SSL_CFLAGS"
dnl * New style mem functions? Should be in v1.1+
AC_CACHE_CHECK([whether CRYPTO_set_mem_functions has new style parameters],i_cv_have_ssl_new_mem_funcs,[
old_LIBS=$LIBS
LIBS="$LIBS -lssl"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <openssl/ssl.h>
int CRYPTO_set_mem_functions(
void *(*m) (size_t, const char *, int),
void *(*r) (void *, size_t, const char *, int),
void (*f) (void *, const char *, int));
]], [[
]])],[
i_cv_have_ssl_new_mem_funcs=yes
],[
i_cv_have_ssl_new_mem_funcs=no
])
LIBS=$old_LIBS
])
AS_IF([test $i_cv_have_ssl_new_mem_funcs = yes], [
AC_DEFINE(HAVE_SSL_NEW_MEM_FUNCS,, [Define if CRYPTO_set_mem_functions has new style parameters])
])
dnl OpenSSl 3.0
DOVECOT_CHECK_SSL_FUNC([ERR_get_error_all])
DOVECOT_CHECK_SSL_FUNC([EVP_MAC_CTX_new])
DOVECOT_CHECK_SSL_FUNC([OSSL_PROVIDER_try_load])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_tmp_dh_callback])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_current_cert])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set0_tmp_dh_pkey])
dnl LibreSSL
DOVECOT_CHECK_SSL_FUNC([EVP_PKEY_check])
DOVECOT_CHECK_SSL_FUNC([OPENSSL_buf2hexstr])
DOVECOT_CHECK_SSL_FUNC([SSL_get1_peer_certificate])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_client_hello_cb])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_select_current_cert])
DOVECOT_CHECK_SSL_FUNC([SSL_client_hello_get0_ciphers])
DOVECOT_CHECK_SSL_FUNC([SSL_CTX_set_alpn_select_cb])
CFLAGS="$old_CFLAGS"
])
|