aboutsummaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2020-09-23 09:52:43 -0400
committerNick Mathewson <nickm@torproject.org>2020-09-23 09:52:43 -0400
commitff300b384f55e9c0a47f6613eadd5ab93ca6d923 (patch)
tree94bd7495bdecb65d63c5419f6323b1a00b54d585 /configure.ac
parent10e40ca1de34d0e0611d510f913ff4f181e04c10 (diff)
downloadtor-ff300b384f55e9c0a47f6613eadd5ab93ca6d923.tar.gz
tor-ff300b384f55e9c0a47f6613eadd5ab93ca6d923.zip
configure.ac: Give a warning if openssl headers don't match library.
We don't look at the patchlevel, since that tends not to have any API changes, and sometimes gets out of sync when distributors are careless. We only give the warning when the test program compiles but gives a nonzero exit status: sadly, autoconf doesn't give us an easy way to distinguish these. Fixes #40138
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac39
1 files changed, 36 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac
index 41c23e964c..6e6405a31e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1044,8 +1044,6 @@ TOR_SEARCH_LIBRARY(openssl, $tryssldir, [-lssl -lcrypto $TOR_LIB_GDI $TOR_LIB_WS
[if (getenv("THIS_SHOULDNT_BE_SET_X201803")) SSL_CIPHER_get_id((void *)0);], [],
[/usr/local/opt/openssl /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /opt/openssl])
-dnl XXXX check for OPENSSL_VERSION_NUMBER == SSLeay()
-
if test "$enable_static_openssl" = "yes"; then
if test "$tor_cv_library_openssl_dir" = "(system)"; then
AC_MSG_ERROR("You must specify an explicit --with-openssl-dir=x option when using --enable-static-openssl")
@@ -1057,7 +1055,7 @@ else
fi
AC_SUBST(TOR_OPENSSL_LIBS)
-dnl Now check for particular openssl functions.
+dnl Now validate openssl, and check for particular openssl functions.
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
save_CPPFLAGS="$CPPFLAGS"
@@ -1087,6 +1085,28 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
[ : ],
[ AC_MSG_ERROR([OpenSSL is built without full ECC support, including curves P256 and P224. You can specify a path to one with ECC support with --with-openssl-dir.]) ])
+dnl Let's see if we have a version mismatch between includes and libs.
+AC_MSG_CHECKING([for significant mismatch between openssl headers and libraries])
+ac_retval=foo
+AC_TRY_RUN(AC_LANG_PROGRAM([[
+ #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
+]], [[
+ /* Include major, minor, and fix, but not patch or status. */
+ unsigned long mask = 0xfffff000;
+ unsigned long linking = OpenSSL_version_num() & mask;
+ unsigned long running = OPENSSL_VERSION_NUMBER & mask;
+ return !(linking==running);
+]]), [openssl_ver_mismatch=no], [
+ # This is a kludge to figure out whether compilation failed, or whether
+ # running the program failed.
+ if test "$ac_retval" == "1"; then
+ openssl_ver_mismatch=inconclusive
+ else
+ openssl_ver_mismatch=yes
+ fi], [openssl_ver_mismatch=cross])
+AC_MSG_RESULT([$openssl_ver_mismatch])
+
AC_CHECK_MEMBERS([struct ssl_method_st.get_cipher_by_char], , ,
[#include <openssl/ssl.h>
])
@@ -2649,6 +2669,19 @@ fi
AC_OUTPUT
+if test "$openssl_ver_mismatch" = "yes"; then
+ AC_MSG_WARN([
+============
+Warning! The version OpenSSL headers we get from compiling with
+ "${TOR_CPPFLAGS_OPENSSL:-(no extra options)}"
+do not match version of the OpenSSL library we get when linking with
+ "$TOR_LDFLAGS_OPENSSL $TOR_OPENSSL_LIBS".
+This might cause compilation to fail. Try using --with-openssl-dir to specify
+the exact OpenSSL path you want.
+============
+])
+fi
+
#
# Mini-report on what will be built.
#