Mercurial > hg > xemacs-beta
changeset 5887:6eca500211f4
Prototype for X509_check_host() has changed, detect this in configure.ac
ChangeLog addition:
2015-04-09 Aidan Kehoe <kehoea@parhasard.net>
* configure.ac:
If X509_check_host() is available, check the number of arguments
it takes. Don't use it if it takes any number of arguments other
than five. Also don't use it if <openssl/x509v3.h> does not
declare it, since if that is so there is no portable way to tell
how many arguments it should take, and so we would end up smashing
the stack.
* configure: Regenerate.
src/ChangeLog addition:
2015-04-09 Aidan Kehoe <kehoea@parhasard.net>
* tls.c:
#include <openssl/x509v3.h> for its prototype for
X509_check_host().
* tls.c (tls_open):
Pass the new fifth argument to X509_check_host().
| author | Aidan Kehoe <kehoea@parhasard.net> |
|---|---|
| date | Thu, 09 Apr 2015 14:27:02 +0100 |
| parents | c96000075e49 |
| children | a85efdabe237 |
| files | ChangeLog configure configure.ac src/ChangeLog src/tls.c |
| diffstat | 5 files changed, 91 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Apr 08 21:03:18 2015 +0100 +++ b/ChangeLog Thu Apr 09 14:27:02 2015 +0100 @@ -1,3 +1,14 @@ +2015-04-09 Aidan Kehoe <kehoea@parhasard.net> + + * configure.ac: + If X509_check_host() is available, check the number of arguments + it takes. Don't use it if it takes any number of arguments other + than five. Also don't use it if <openssl/x509v3.h> does not + declare it, since if that is so there is no portable way to tell + how many arguments it should take, and so we would end up smashing + the stack. + * configure: Regenerate. + 2015-03-26 Vin Shelton <acs@xemacs.org> * configure.ac: Recognize and support 64-bit cygwin, thanks to
--- a/configure Wed Apr 08 21:03:18 2015 +0100 +++ b/configure Thu Apr 09 14:27:02 2015 +0100 @@ -11797,7 +11797,7 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -11843,7 +11843,7 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -11867,7 +11867,7 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -11912,7 +11912,7 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -11936,7 +11936,7 @@ We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; @@ -21417,10 +21417,47 @@ if test "$?" = 0; then LIBS="$LIBS "$openssl_libs"" && if test "$verbose" = "yes"; then echo " Appending \""$openssl_libs"\" to \$LIBS"; fi fi - ac_fn_c_check_func "$LINENO" "X509_check_host" "ac_cv_func_X509_check_host" + ac_fn_c_check_func "$LINENO" "X509_check_host" "ac_cv_func_X509_check_host" if test "x$ac_cv_func_X509_check_host" = xyes; then : - $as_echo "#define HAVE_X509_CHECK_HOST 1" >>confdefs.h - + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + #include <openssl/x509v3.h> +int +main () +{ +return X509_check_host ((void *) 0, + (const char *) 0, 0, 0, + (void *) 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking that X509_check_host is declared" >&5 +$as_echo_n "checking that X509_check_host is declared... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <openssl/x509v3.h> +int +main () +{ +return X509_check_host (-1); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + $as_echo "#define HAVE_X509_CHECK_HOST 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi else
--- a/configure.ac Wed Apr 08 21:03:18 2015 +0100 +++ b/configure.ac Thu Apr 09 14:27:02 2015 +0100 @@ -5439,7 +5439,27 @@ if test "$?" = 0; then XE_APPEND("$openssl_libs", LIBS) fi - AC_CHECK_FUNC(X509_check_host, [AC_DEFINE(HAVE_X509_CHECK_HOST)]) + dnl Check whether X509_check_host can be linked in. + AC_CHECK_FUNC(X509_check_host, + AC_COMPILE_IFELSE( + dnl It can; check that its declaration is compatible with five + dnl arguments. An early version of the function took only four. + [AC_LANG_PROGRAM([#include <openssl/x509v3.h>], + [return X509_check_host ((void *) 0, + (const char *) 0, 0, 0, + (void *) 0); ])], + dnl Now check that it is *not* compatible with just one argument, + dnl as would be the case if no declaration was in the header, and + dnl the header was old, compared to the DLL. This sort of version + dnl sanity-checking is particularly necessary with OpenSSL. E.g. on + dnl OS X there has always been an installed system version of it, + dnl but pkg-config, above, will pick up the MacPorts version. + [ AC_MSG_CHECKING(that X509_check_host is declared) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include <openssl/x509v3.h>], + [return X509_check_host (-1);])], + AC_MSG_RESULT(no), + [AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_X509_CHECK_HOST)])])) else with_tls=no fi
--- a/src/ChangeLog Wed Apr 08 21:03:18 2015 +0100 +++ b/src/ChangeLog Thu Apr 09 14:27:02 2015 +0100 @@ -1,3 +1,11 @@ +2015-04-09 Aidan Kehoe <kehoea@parhasard.net> + + * tls.c: + #include <openssl/x509v3.h> for its prototype for + X509_check_host(). + * tls.c (tls_open): + Pass the new fifth argument to X509_check_host(). + 2015-04-08 Aidan Kehoe <kehoea@parhasard.net> * data.c (parse_integer):
--- a/src/tls.c Wed Apr 08 21:03:18 2015 +0100 +++ b/src/tls.c Thu Apr 09 14:27:02 2015 +0100 @@ -782,6 +782,10 @@ #include <openssl/conf.h> #include <openssl/err.h> +#ifdef HAVE_X509_CHECK_HOST +#include <openssl/x509v3.h> +#endif + /* The context used to create connections */ static SSL_CTX *ssl_ctx; @@ -1023,8 +1027,8 @@ } #ifdef HAVE_X509_CHECK_HOST - err = X509_check_host (peer_cert, (const unsigned char *) hostname, - strlen (hostname), 0); + err = X509_check_host (peer_cert, (const char *) hostname, + strlen (hostname), 0, NULL); if (err < 0) { warn_when_safe (Qtls_error, Qerror,