From fb9c4b137c8a6bb7705a3124bc4998c4aa2d1435 Mon Sep 17 00:00:00 2001 From: "William A. Rowe Jr" Date: Fri, 30 May 2003 18:41:53 +0000 Subject: [PATCH] Based on list discussion between myself and Geoff, it seems prudent to check for both the existence of the openssl/engine.h header file and some 'expected function' such as ENGINE_init() (better suggestions are welcome.) Also clear up some confusion; so long as we have ENGINE_load_builtin_engines() we should attempt to preload those. This patch protects all ENGINE-based code within the tests for the engine header and function, and changes a version test into a function test. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100104 13f79535-47bb-0310-9956-ffa450edef68 --- acinclude.m4 | 4 ++++ modules/ssl/ssl_engine_config.c | 4 ++-- modules/ssl/ssl_engine_init.c | 4 ++-- modules/ssl/ssl_toolkit_compat.h | 5 ++++- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/acinclude.m4 b/acinclude.m4 index e7d1ff14b8..8bf220e93a 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -356,6 +356,7 @@ if test "x$ap_ssltk_configured" = "x"; then fi if test "x$ap_ssltk_type" = "x"; then AC_MSG_CHECKING(for OpenSSL version) + dnl First check for manditory headers AC_CHECK_HEADERS([openssl/opensslv.h openssl/ssl.h], [ap_ssltk_type="openssl"], []) if test "$ap_ssltk_type" = "openssl"; then dnl so it's OpenSSL - test for a good version @@ -373,6 +374,8 @@ if test "x$ap_ssltk_configured" = "x"; then echo "WARNING: OpenSSL version may contain security vulnerabilities!" echo " Ensure the latest security patches have been applied!" ]) + dnl Look for additional, possibly missing headers + AC_CHECK_HEADERS(openssl/engine.h) else AC_MSG_RESULT([no OpenSSL headers found]) fi @@ -425,6 +428,7 @@ if test "x$ap_ssltk_configured" = "x"; then AC_CHECK_LIB(crypto, SSLeay_version, [], [liberrors="yes"]) AC_CHECK_LIB(ssl, SSL_CTX_new, [], [liberrors="yes"]) AC_CHECK_FUNCS(ENGINE_init) + AC_CHECK_FUNCS(ENGINE_load_builtin_engines) else AC_CHECK_LIB(sslc, SSLC_library_version, [], [liberrors="yes"]) AC_CHECK_LIB(sslc, SSL_CTX_new, [], [liberrors="yes"]) diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 9a55d17b26..a2ee3d4d67 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -510,7 +510,7 @@ const char *ssl_cmd_SSLPassPhraseDialog(cmd_parms *cmd, return NULL; } -#ifdef HAVE_ENGINE_INIT +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd, void *dcfg, const char *arg) @@ -518,7 +518,7 @@ const char *ssl_cmd_SSLCryptoDevice(cmd_parms *cmd, SSLModConfigRec *mc = myModConfig(cmd->server); const char *err; ENGINE *e; -#if SSL_LIBRARY_VERSION >= 0x00907000 +#ifdef HAVE_ENGINE_LOAD_BUILTIN_ENGINES static int loaded_engines = FALSE; /* early loading to make sure the engines are already diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index e2f4909593..f4e758b9e4 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -270,7 +270,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * SSL external crypto device ("engine") support */ -#ifdef HAVE_ENGINE_INIT +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) ssl_init_Engine(base_server, p); #endif @@ -351,7 +351,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, * Support for external a Crypto Device ("engine"), usually * a hardware accellerator card for crypto operations. */ -#ifdef HAVE_ENGINE_INIT +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) void ssl_init_Engine(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h index cba8de88d3..9691ed26dc 100644 --- a/modules/ssl/ssl_toolkit_compat.h +++ b/modules/ssl/ssl_toolkit_compat.h @@ -66,7 +66,10 @@ #include #include #include -#ifdef HAVE_ENGINE_INIT +/* Avoid tripping over an engine build installed globally and detected + * when the user points at an explicit non-engine flavor of OpenSSL + */ +#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT) #include #endif