summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--configure.ac183
2 files changed, 39 insertions, 151 deletions
diff --git a/ChangeLog b/ChangeLog
index 768814f02..c8dbc70c5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
120020511
2 - (tim) [configure.ac] applied a rework of djm's OpenSSL search cleanup patch.
3 Now only searches system and /usr/local/ssl (OpenSSL's default install path)
4 Others must use --with-ssl-dir=....
5
120020510 620020510
2 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now 7 - (stevesk) [auth.c] Shadow account and expiration cleanup. Now
3 check for root forced expire. Still don't check for inactive. 8 check for root forced expire. Still don't check for inactive.
@@ -559,4 +564,4 @@
559 - (stevesk) entropy.c: typo in debug message 564 - (stevesk) entropy.c: typo in debug message
560 - (djm) ssh-keygen -i needs seeded RNG; report from markus@ 565 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
561 566
562$Id: ChangeLog,v 1.2104 2002/05/10 15:48:52 stevesk Exp $ 567$Id: ChangeLog,v 1.2105 2002/05/11 20:17:42 tim Exp $
diff --git a/configure.ac b/configure.ac
index 6f2f9baf8..637b14e40 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.55 2002/05/08 23:04:14 tim Exp $ 1# $Id: configure.ac,v 1.56 2002/05/11 20:17:44 tim Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
@@ -703,169 +703,52 @@ if test "x$PAM_MSG" = "xyes" ; then
703 ) 703 )
704fi 704fi
705 705
706# The big search for OpenSSL 706# Search for OpenSSL
707saved_CPPFLAGS="$CPPFLAGS"
708saved_LDFLAGS="$LDFLAGS"
707AC_ARG_WITH(ssl-dir, 709AC_ARG_WITH(ssl-dir,
708 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], 710 [ --with-ssl-dir=PATH Specify path to OpenSSL installation ],
709 [ 711 [
710 if test "x$withval" != "xno" ; then 712 if test "x$withval" != "xno" ; then
711 tryssldir=$withval 713 if test -d "$withval/lib"; then
712 fi 714 if test -n "${need_dash_r}"; then
713 ] 715 LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
714) 716 else
715 717 LDFLAGS="-L${withval}/lib ${LDFLAGS}"
716saved_LIBS="$LIBS"
717saved_LDFLAGS="$LDFLAGS"
718saved_CPPFLAGS="$CPPFLAGS"
719if test "x$prefix" != "xNONE" ; then
720 tryssldir="$tryssldir $prefix"
721fi
722AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
723 for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
724 CPPFLAGS="$saved_CPPFLAGS"
725 LDFLAGS="$saved_LDFLAGS"
726 LIBS="$saved_LIBS -lcrypto"
727
728 # Skip directories if they don't exist
729 if test ! -z "$ssldir" -a ! -d "$ssldir" ; then
730 continue;
731 fi
732 if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
733 # Try to use $ssldir/lib if it exists, otherwise
734 # $ssldir
735 if test -d "$ssldir/lib" ; then
736 LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
737 if test ! -z "$need_dash_r" ; then
738 LDFLAGS="-R$ssldir/lib $LDFLAGS"
739 fi 718 fi
740 else 719 else
741 LDFLAGS="-L$ssldir $saved_LDFLAGS" 720 if test -n "${need_dash_r}"; then
742 if test ! -z "$need_dash_r" ; then 721 LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
743 LDFLAGS="-R$ssldir $LDFLAGS" 722 else
723 LDFLAGS="-L${withval} ${LDFLAGS}"
744 fi 724 fi
745 fi 725 fi
746 # Try to use $ssldir/include if it exists, otherwise 726 if test -d "$withval/include"; then
747 # $ssldir 727 CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
748 if test -d "$ssldir/include" ; then
749 CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
750 else 728 else
751 CPPFLAGS="-I$ssldir $saved_CPPFLAGS" 729 CPPFLAGS="-I${withval} ${CPPFLAGS}"
752 fi 730 fi
753 fi 731 fi
754 732 ]
755 # Basic test to check for compatible version and correct linking 733)
756 # *does not* test for RSA - that comes later. 734LIBS="$LIBS -lcrypto"
757 AC_TRY_RUN( 735AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
758 [
759#include <string.h>
760#include <openssl/rand.h>
761int main(void)
762{
763 char a[2048];
764 memset(a, 0, sizeof(a));
765 RAND_add(a, sizeof(a), sizeof(a));
766 return(RAND_status() <= 0);
767}
768 ],
769 [
770 found_crypto=1
771 break;
772 ], []
773 )
774
775 if test ! -z "$found_crypto" ; then
776 break;
777 fi
778 done
779
780 if test -z "$found_crypto" ; then
781 AC_MSG_ERROR([Could not find working OpenSSL library, please install or check config.log])
782 fi
783 if test -z "$ssldir" ; then
784 ssldir="(system)"
785 fi
786
787 ac_cv_openssldir=$ssldir
788])
789
790if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; then
791 AC_DEFINE(HAVE_OPENSSL)
792 dnl Need to recover ssldir - test above runs in subshell
793 ssldir=$ac_cv_openssldir
794 if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
795 # Try to use $ssldir/lib if it exists, otherwise
796 # $ssldir
797 if test -d "$ssldir/lib" ; then
798 LDFLAGS="-L$ssldir/lib $saved_LDFLAGS"
799 if test ! -z "$need_dash_r" ; then
800 LDFLAGS="-R$ssldir/lib $LDFLAGS"
801 fi
802 else
803 LDFLAGS="-L$ssldir $saved_LDFLAGS"
804 if test ! -z "$need_dash_r" ; then
805 LDFLAGS="-R$ssldir $LDFLAGS"
806 fi
807 fi
808 # Try to use $ssldir/include if it exists, otherwise
809 # $ssldir
810 if test -d "$ssldir/include" ; then
811 CPPFLAGS="-I$ssldir/include $saved_CPPFLAGS"
812 else
813 CPPFLAGS="-I$ssldir $saved_CPPFLAGS"
814 fi
815 fi
816fi
817LIBS="$saved_LIBS -lcrypto"
818
819# Now test RSA support
820saved_LIBS="$LIBS"
821AC_MSG_CHECKING([for RSA support])
822for WANTS_RSAREF in "" 1 ; do
823 if test -z "$WANTS_RSAREF" ; then
824 LIBS="$saved_LIBS"
825 else
826 LIBS="$saved_LIBS -lRSAglue -lrsaref"
827 fi
828 AC_TRY_RUN([
829#include <string.h>
830#include <openssl/rand.h>
831#include <openssl/rsa.h>
832#include <openssl/bn.h>
833#include <openssl/sha.h>
834int main(void)
835{
836 int num; RSA *key; static unsigned char p_in[] = "blahblah";
837 unsigned char c[256], p[256];
838 memset(c, 0, sizeof(c)); RAND_add(c, sizeof(c), sizeof(c));
839 if ((key=RSA_generate_key(512, 3, NULL, NULL))==NULL) return(1);
840 num = RSA_public_encrypt(sizeof(p_in) - 1, p_in, c, key, RSA_PKCS1_PADDING);
841 return(-1 == RSA_private_decrypt(num, c, p, key, RSA_PKCS1_PADDING));
842}
843 ],
844 [ 736 [
845 rsa_works=1 737 dnl Check default openssl install dir
846 break; 738 if test -n "${need_dash_r}"; then
847 ], []) 739 LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
848done
849LIBS="$saved_LIBS"
850
851if test ! -z "$no_rsa" ; then
852 AC_MSG_RESULT(disabled)
853 RSA_MSG="disabled"
854else
855 if test -z "$rsa_works" ; then
856 AC_MSG_WARN([*** No RSA support found *** ])
857 RSA_MSG="no"
858 else
859 if test -z "$WANTS_RSAREF" ; then
860 AC_MSG_RESULT(yes)
861 RSA_MSG="yes"
862 else 740 else
863 RSA_MSG="yes (using RSAref)" 741 LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
864 AC_MSG_RESULT(using RSAref)
865 LIBS="$LIBS -lcrypto -lRSAglue -lrsaref"
866 fi 742 fi
867 fi 743 CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
868fi 744 AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL),
745 [
746 AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
747 ]
748 )
749 ]
750)
751
869 752
870# Sanity check OpenSSL headers 753# Sanity check OpenSSL headers
871AC_MSG_CHECKING([whether OpenSSL's headers match the library]) 754AC_MSG_CHECKING([whether OpenSSL's headers match the library])