diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2015-09-19 16:36:55 +0200 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2015-09-22 08:36:28 -0400 |
| commit | ae98dd255b3db5585c0eab17dab702f72046ee57 (patch) | |
| tree | a833f89da6b350198401c7f4adff8557b65cb0cf | |
| parent | c84f3c917735caf073ee97935687c1ba8ee3639e (diff) | |
| download | tor-ae98dd255b3db5585c0eab17dab702f72046ee57.tar.gz tor-ae98dd255b3db5585c0eab17dab702f72046ee57.zip | |
Check that openssl has ECC support during configure
This allows builds on machines with a crippled openssl to fail early
during configure. Bugfix on 0.2.7.1-alpha, which introduced the
requirement for ECC support. Fixes bug 17109.
| -rw-r--r-- | changes/bug17109 | 4 | ||||
| -rw-r--r-- | configure.ac | 13 |
2 files changed, 17 insertions, 0 deletions
diff --git a/changes/bug17109 b/changes/bug17109 new file mode 100644 index 0000000000..9f80f6ef16 --- /dev/null +++ b/changes/bug17109 @@ -0,0 +1,4 @@ + o Minor bugfixes: + - Fail during configure if we're trying to build against an OpenSSL + built without ECC support. Fixes bug 17109, bugfix on + 0.2.7.1-alpha which started requiring ECC. diff --git a/configure.ac b/configure.ac index bf818ac4eb..2220c18fdb 100644 --- a/configure.ac +++ b/configure.ac @@ -642,6 +642,19 @@ AC_TRY_COMPILE([ [ : ], [ AC_ERROR([OpenSSL is too old. We require 1.0.0 or later. You can specify a path to a newer one with --with-openssl-dir.]) ]) +AC_TRY_COMPILE([ +#include <openssl/opensslv.h> +#include <openssl/evp.h> +#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_ECDSA) +#error "no ECC" +#endif +#if !defined(NID_X9_62_prime256v1) || !defined(NID_secp224r1) +#error "curves unavailable" +#endif + ], [], + [ : ], + [ AC_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ]) + AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , , [#include <openssl/ssl.h> ]) |