2 files changed, 39 insertions, 151 deletions
diff --git a/ChangeLog b/ChangeLog
index 768814f02..c8dbc70c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+20020511
+ - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
+   Now only searches system and /usr/local/ssl (OpenSSL's default install path)
+   Others must use --with-ssl-dir=....
 20020510
 - (stevesk) [auth.c] Shadow account and expiration cleanup.  Now
   check for root forced expire.  Still don't check for inactive.
@@ -559,4 +564,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $
+$Id: ChangeLog,v 1.2105 2002/05/11 20:17:42 tim Exp $
diff --git a/configure.ac b/configure.ac
index 6f2f9baf8..637b14e40 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.55 2002/05/08 23:04:14 tim Exp $
+# $Id: configure.ac,v 1.56 2002/05/11 20:17:44 tim Exp $
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -703,169 +703,52 @@ if test "x$PAM_MSG" = "xyes" ; then
        )
 fi
-# The big search for OpenSSL
+# Search for OpenSSL
+saved_CPPFLAGS="$CPPFLAGS"
+saved_LDFLAGS="$LDFLAGS"
 AC_ARG_WITH(ssl-dir,
        [  --with-ssl-dir=PATH     Specify path to OpenSSL installation ],
        [
                if test "x$withval" != "xno" ; then
-                        tryssldir=$withval
+                        if test -d "$withval/lib"; then
-                fi
+                                if test -n "${need_dash_r}"; then
-        ]
+                                        LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
-)
+                                else
+                                        LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-saved_LIBS="$LIBS"
-saved_LDFLAGS="$LDFLAGS"
-saved_CPPFLAGS="$CPPFLAGS"
-if test "x$prefix" != "xNONE" ; then
-        tryssldir="$tryssldir $prefix"
-fi
-AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
-        for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
-                CPPFLAGS="$saved_CPPFLAGS"
-                LDFLAGS="$saved_LDFLAGS"
-                LIBS="$saved_LIBS -lcrypto"
-                
-                # Skip directories if they don't exist
-                if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
-                        continue;
-                fi
-                if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
-                        # Try to use $ssldir/lib if it exists, otherwise 
-                        # $ssldir
-                        if test -d "$ssldir/lib" ; then
-                                LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
-                                if test ! -z "$need_dash_r" ; then
-                                        LDFLAGS="-R$ssldir/lib $LDFLAGS"
                                fi
                        else
-                                LDFLAGS="-L$ssldir $saved_LDFLAGS"
+                                if test -n "${need_dash_r}"; then
-                                if test ! -z "$need_dash_r" ; then
+                                        LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
-                                        LDFLAGS="-R$ssldir $LDFLAGS"
+                                else
+                                        LDFLAGS="-L${withval} ${LDFLAGS}"
                                fi
                        fi
-                        # Try to use $ssldir/include if it exists, otherwise 
+                        if test -d "$withval/include"; then
-                        # $ssldir
+                                CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-                        if test -d "$ssldir/include" ; then
-                                CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
                        else
-                                CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
+                                CPPFLAGS="-I${withval} ${CPPFLAGS}"
                        fi
                fi
+        ]
-                # Basic test to check for compatible version and correct linking
+)
-                # *does not* test for RSA - that comes later.
+LIBS="$LIBS -lcrypto"
-                AC_TRY_RUN(
+AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
-                        [
-#include <string.h>
-#include <openssl/rand.h>
-int main(void) 
-{
-        char a[2048];
-        memset(a, 0, sizeof(a));
-        RAND_add(a, sizeof(a), sizeof(a));
-        return(RAND_status() <= 0);
-}
-                        ],
-                        [
-                                found_crypto=1
-                                break;
-                        ], []
-                )
-                if test ! -z "$found_crypto" ; then
-                        break;
-                fi
-        done
-        if test -z "$found_crypto" ; then
-                AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])      
-        fi
-        if test -z "$ssldir" ; then
-                ssldir="(system)"
-        fi
-        ac_cv_openssldir=$ssldir
-])
-if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
-        AC_DEFINE(HAVE_OPENSSL)
-        dnl Need to recover ssldir - test above runs in subshell
-        ssldir=$ac_cv_openssldir
-        if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
-                # Try to use $ssldir/lib if it exists, otherwise 
-                # $ssldir
-                if test -d "$ssldir/lib" ; then
-                        LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
-                        if test ! -z "$need_dash_r" ; then
-                                LDFLAGS="-R$ssldir/lib $LDFLAGS"
-                        fi
-                else
-                        LDFLAGS="-L$ssldir $saved_LDFLAGS"
-                        if test ! -z "$need_dash_r" ; then
-                                LDFLAGS="-R$ssldir $LDFLAGS"
-                        fi
-                fi
-                # Try to use $ssldir/include if it exists, otherwise 
-                # $ssldir
-                if test -d "$ssldir/include" ; then
-                        CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
-                else
-                        CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
-                fi
-        fi
-fi
-LIBS="$saved_LIBS -lcrypto"
-# Now test RSA support
-saved_LIBS="$LIBS"
-AC_MSG_CHECKING([for RSA support])
-for WANTS_RSAREF in "" 1 ; do
-        if test -z "$WANTS_RSAREF" ; then
-                LIBS="$saved_LIBS"
-        else
-                LIBS="$saved_LIBS -lRSAglue -lrsaref"
-        fi
-        AC_TRY_RUN([
-#include <string.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
-#include <openssl/sha.h>
-int main(void) 
-{
-        int num; RSA *key; static unsigned char p_in[] = "blahblah";
-        unsigned char c[256], p[256];
-        memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
-        if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
-        num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
-        return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
-}
-        ],
        [
-                rsa_works=1
+                dnl Check default openssl install dir
-                break;
+                if test -n "${need_dash_r}"; then
-        ], [])
+                        LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
-done
-LIBS="$saved_LIBS"
-if test ! -z "$no_rsa" ; then
-        AC_MSG_RESULT(disabled)
-        RSA_MSG="disabled"
-else
-        if test -z "$rsa_works" ; then
-                AC_MSG_WARN([*** No RSA support found *** ])
-                RSA_MSG="no"
-        else
-                if test -z "$WANTS_RSAREF" ; then
-                        AC_MSG_RESULT(yes)
-                        RSA_MSG="yes"
                else
-                        RSA_MSG="yes (using RSAref)"
+                        LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
-                        AC_MSG_RESULT(using RSAref)
-                        LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
                fi
-        fi
+                CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
-fi
+                AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
+                        [
+                                AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
+                        ]
+                )
+        ]
+)
 # Sanity check OpenSSL headers
 AC_MSG_CHECKING([whether OpenSSL's headers match the library])

diff --git a/ChangeLog b/ChangeLog index 768814f02..c8dbc70c5 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,8 @@
		1	20020511
		2	- (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
		3	Now only searches system and /usr/local/ssl (OpenSSL's default install path)
		4	Others must use --with-ssl-dir=....
		5
1	20020510	6	20020510
2	- (stevesk) [auth.c] Shadow account and expiration cleanup. Now	7	- (stevesk) [auth.c] Shadow account and expiration cleanup. Now
3	check for root forced expire. Still don't check for inactive.	8	check for root forced expire. Still don't check for inactive.
@@ -559,4 +564,4 @@
559	- (stevesk) entropy.c: typo in debug message	564	- (stevesk) entropy.c: typo in debug message
560	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	565	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
561		566
562	$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $	567	$Id: ChangeLog,v 1.2105 2002/05/11 20:17:42 tim Exp $


diff --git a/configure.ac b/configure.ac index 6f2f9baf8..637b14e40 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.55 2002/05/08 23:04:14 tim Exp $	1	# $Id: configure.ac,v 1.56 2002/05/11 20:17:44 tim Exp $
2		2
3	AC_INIT	3	AC_INIT
4	AC_CONFIG_SRCDIR([ssh.c])	4	AC_CONFIG_SRCDIR([ssh.c])
@@ -703,169 +703,52 @@ if test "x$PAM_MSG" = "xyes" ; then
703	)	703	)
704	fi	704	fi
705		705
706	# The big search for OpenSSL	706	# Search for OpenSSL
		707	saved_CPPFLAGS="$CPPFLAGS"
		708	saved_LDFLAGS="$LDFLAGS"
707	AC_ARG_WITH(ssl-dir,	709	AC_ARG_WITH(ssl-dir,
708	[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],	710	[ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
709	[	711	[
710	if test "x$withval" != "xno" ; then	712	if test "x$withval" != "xno" ; then
711	tryssldir=$withval	713	if test -d "$withval/lib"; then
712	fi	714	if test -n "${need_dash_r}"; then
713	]	715	LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
714	)	716	else
715		717	LDFLAGS="-L${withval}/lib ${LDFLAGS}"
716	saved_LIBS="$LIBS"
717	saved_LDFLAGS="$LDFLAGS"
718	saved_CPPFLAGS="$CPPFLAGS"
719	if test "x$prefix" != "xNONE" ; then
720	tryssldir="$tryssldir $prefix"
721	fi
722	AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
723	for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
724	CPPFLAGS="$saved_CPPFLAGS"
725	LDFLAGS="$saved_LDFLAGS"
726	LIBS="$saved_LIBS -lcrypto"
727
728	# Skip directories if they don't exist
729	if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
730	continue;
731	fi
732	if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
733	# Try to use $ssldir/lib if it exists, otherwise
734	# $ssldir
735	if test -d "$ssldir/lib" ; then
736	LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
737	if test ! -z "$need_dash_r" ; then
738	LDFLAGS="-R$ssldir/lib $LDFLAGS"
739	fi	718	fi
740	else	719	else
741	LDFLAGS="-L$ssldir $saved_LDFLAGS"	720	if test -n "${need_dash_r}"; then
742	if test ! -z "$need_dash_r" ; then	721	LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
743	LDFLAGS="-R$ssldir $LDFLAGS"	722	else
		723	LDFLAGS="-L${withval} ${LDFLAGS}"
744	fi	724	fi
745	fi	725	fi
746	# Try to use $ssldir/include if it exists, otherwise	726	if test -d "$withval/include"; then
747	# $ssldir	727	CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
748	if test -d "$ssldir/include" ; then
749	CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
750	else	728	else
751	CPPFLAGS="-I$ssldir $saved_CPPFLAGS"	729	CPPFLAGS="-I${withval} ${CPPFLAGS}"
752	fi	730	fi
753	fi	731	fi
754		732	]
755	# Basic test to check for compatible version and correct linking	733	)
756	# does not test for RSA - that comes later.	734	LIBS="$LIBS -lcrypto"
757	AC_TRY_RUN(	735	AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
758	[
759	#include <string.h>
760	#include <openssl/rand.h>
761	int main(void)
762	{
763	char a[2048];
764	memset(a, 0, sizeof(a));
765	RAND_add(a, sizeof(a), sizeof(a));
766	return(RAND_status() <= 0);
767	}
768	],
769	[
770	found_crypto=1
771	break;
772	], []
773	)
774
775	if test ! -z "$found_crypto" ; then
776	break;
777	fi
778	done
779
780	if test -z "$found_crypto" ; then
781	AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])
782	fi
783	if test -z "$ssldir" ; then
784	ssldir="(system)"
785	fi
786
787	ac_cv_openssldir=$ssldir
788	])
789
790	if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
791	AC_DEFINE(HAVE_OPENSSL)
792	dnl Need to recover ssldir - test above runs in subshell
793	ssldir=$ac_cv_openssldir
794	if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
795	# Try to use $ssldir/lib if it exists, otherwise
796	# $ssldir
797	if test -d "$ssldir/lib" ; then
798	LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
799	if test ! -z "$need_dash_r" ; then
800	LDFLAGS="-R$ssldir/lib $LDFLAGS"
801	fi
802	else
803	LDFLAGS="-L$ssldir $saved_LDFLAGS"
804	if test ! -z "$need_dash_r" ; then
805	LDFLAGS="-R$ssldir $LDFLAGS"
806	fi
807	fi
808	# Try to use $ssldir/include if it exists, otherwise
809	# $ssldir
810	if test -d "$ssldir/include" ; then
811	CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
812	else
813	CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
814	fi
815	fi
816	fi
817	LIBS="$saved_LIBS -lcrypto"
818
819	# Now test RSA support
820	saved_LIBS="$LIBS"
821	AC_MSG_CHECKING([for RSA support])
822	for WANTS_RSAREF in "" 1 ; do
823	if test -z "$WANTS_RSAREF" ; then
824	LIBS="$saved_LIBS"
825	else
826	LIBS="$saved_LIBS -lRSAglue -lrsaref"
827	fi
828	AC_TRY_RUN([
829	#include <string.h>
830	#include <openssl/rand.h>
831	#include <openssl/rsa.h>
832	#include <openssl/bn.h>
833	#include <openssl/sha.h>
834	int main(void)
835	{
836	int num; RSA *key; static unsigned char p_in[] = "blahblah";
837	unsigned char c[256], p[256];
838	memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
839	if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
840	num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
841	return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
842	}
843	],
844	[	736	[
845	rsa_works=1	737	dnl Check default openssl install dir
846	break;	738	if test -n "${need_dash_r}"; then
847	], [])	739	LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
848	done
849	LIBS="$saved_LIBS"
850
851	if test ! -z "$no_rsa" ; then
852	AC_MSG_RESULT(disabled)
853	RSA_MSG="disabled"
854	else
855	if test -z "$rsa_works" ; then
856	AC_MSG_WARN([* No RSA support found * ])
857	RSA_MSG="no"
858	else
859	if test -z "$WANTS_RSAREF" ; then
860	AC_MSG_RESULT(yes)
861	RSA_MSG="yes"
862	else	740	else
863	RSA_MSG="yes (using RSAref)"	741	LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
864	AC_MSG_RESULT(using RSAref)
865	LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
866	fi	742	fi
867	fi	743	CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
868	fi	744	AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
		745	[
		746	AC_MSG_ERROR([* Can't find recent OpenSSL libcrypto (see config.log for details) *])
		747	]
		748	)
		749	]
		750	)
		751
869		752
870	# Sanity check OpenSSL headers	753	# Sanity check OpenSSL headers
871	AC_MSG_CHECKING([whether OpenSSL's headers match the library])	754	AC_MSG_CHECKING([whether OpenSSL's headers match the library])