summaryrefslogtreecommitdiff
path: root/configure.ac
AgeCommit message (Collapse)Author
2019-12-14only link ssh-sk-helper against libfido2Damien Miller
2019-12-11Check if memmem is declared in system headers.Darren Tucker
If the system (or one of the dependencies) implements memmem but does not define the header, we would not declare it either resulting in compiler warnings. Check for declaration explicitly. bz#3102.
2019-11-29compile sk-dummy.so with no-PIE version of LDFLAGSDamien Miller
This lets it pick up the -L path to libcrypto for example.
2019-11-29(yet) another x-platform fix for sk-dummy.soDamien Miller
Check for -fPIC support from compiler Compile libopenbsd-compat -fPIC Don't mix -fPIE and -fPIC when compiling
2019-11-18Enable -Wimplicit-fallthrough if supportedDarren Tucker
Suggested by djm.
2019-11-15Add wrappers for other ultrix headers.Darren Tucker
Wrappers protect against multiple inclusions for headers that don't do it themselves.
2019-11-15Remove ultrix realpath hack.Darren Tucker
2019-11-15configure flag to built-in security key supportDamien Miller
Require --with-security-key-builtin before enabling the built-in security key support (and consequent dependency on libfido2).
2019-11-15don't fatal if libfido2 not foundDamien Miller
spotted by dtucker@
2019-11-15upstream: directly support U2F/FIDO2 security keys in OpenSSH bydjm@openbsd.org
linking against the (previously external) USB HID middleware. The dlopen() capability still exists for alternate middlewares, e.g. for Bluetooth, NFC and test/debugging. OpenBSD-Commit-ID: 14446cf170ac0351f0d4792ba0bca53024930069
2019-11-03statfs might be defined in sys/mount.h.Darren Tucker
eg on old NetBSDs.
2019-11-02Only enable U2F if OpenSSL supports ECC.Darren Tucker
This requires moving the U2F bits to below the OpenSSL parts so we have the required information. ok djm@
2019-11-01Add flags needed to build and work on Ultrix.Darren Tucker
2019-11-01Hook up fnmatch for platforms that don't have it.Darren Tucker
2019-11-01Use sftp_realpath if no native realpath.Darren Tucker
2019-11-01Configure flags for haiku from haikuports.Darren Tucker
Should build with the default flags with ./configure
2019-11-01autoconf pieces for U2F supportDamien Miller
Mostly following existing logic for PKCS#11 - turning off support when either libcrypto or dlopen(3) are unavailable.
2019-10-29Add implementation of localtime_r.Darren Tucker
2019-10-28Make sure we have struct statfs before using.Darren Tucker
2019-10-28Define UINT32_MAX if needed.Darren Tucker
2019-10-24Add a function call stackprotector tests.Darren Tucker
Including a function call in the test programs for the gcc stack protector flag tests exercises more of the compiler and makes it more likely it'll detect problems.
2019-08-30tweak warning flagsDamien Miller
Enable -Wextra if compiler supports it Set -Wno-error=format-truncation if available to prevent expected string truncations in openbsd-compat from breaking -Werror builds
2019-08-30proc_pidinfo()-based closefrom() for OS XDamien Miller
Refactor closefrom() to use a single brute-force close() loop fallback. Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
2019-07-23Re-apply portability changes to current sha2.{c,h}.Darren Tucker
Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2 I imported the current versions directly then re-applied the portability changes. This also allowed re-syncing digest-libc.c against upstream.
2019-07-16Hook memmem compat code into build.Darren Tucker
This fixes builds on platforms that don't have it (at least old DragonFly, probably others).
2019-07-10fix typo that prevented detection of Linux VRFDamien Miller
Reported by hexiaowen AT huawei.com
2019-07-08remove realpath() compat replacementDamien Miller
We shipped a BSD implementation of realpath() because sftp-server depended on its behaviour. OpenBSD is now moving to a more strictly POSIX-compliant realpath(2), so sftp-server now unconditionally requires its own BSD-style realpath implementation. As such, there is no need to carry another independant implementation in openbsd-compat. ok dtucker@
2019-05-15Fix typo in man page formatter selector.Darren Tucker
2019-05-10Use "doc" man page format if mandoc present.Darren Tucker
Previously configure would not select the "doc" man page format if mandoc was present but nroff was not. This checks for mandoc first and removes a now-superflous AC_PATH_PROG. Based on a patch from vehk at vehk.de and feedback from schwarze at usta.de.
2019-04-30Remove unused variables from RLIMIT_NOFILE test.Darren Tucker
2019-01-22Allow building against OpenSSL dev (3.x) version.Darren Tucker
2019-01-21Make --with-rpath take a flag instead of yes/no.Darren Tucker
Linkers need various flags for -rpath and similar, so make --with-rpath take an optional flag argument which is passed to the linker. ok djm@
2019-01-21conditionalise ECDSA PKCS#11 supportDamien Miller
Require EC_KEY_METHOD support in libcrypto, evidenced by presence of EC_KEY_METHOD_new() function.
2019-01-21Check for cc before gcc.Darren Tucker
If cc is something other than gcc and is the system compiler prefer using that, unless otherwise told via $CC. ok djm@
2019-01-18Add minimal fchownat and fchmodat implementations.Darren Tucker
Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
2019-01-18Add a minimal implementation of utimensat().Darren Tucker
Some systems (eg older OS X) do not have utimensat, so provide minimal implementation in compat layer. Fixes build on at least El Capitan.
2018-11-25Improve OpenSSL_add_all_algorithms check.Darren Tucker
OpenSSL_add_all_algorithms() may be a macro so check for that too.
2018-11-23fix configure test for OpenSSL versionDamien Miller
square brackets in case statements may be eaten by autoconf. Report and fix from Filipp Gunbin; tweaked by naddy@
2018-11-23refactor libcrypto initialisationDamien Miller
Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually supports it. Move all libcrypto initialisation to a single function, and call that from seed_rng() that is called early in each tool's main(). Prompted by patch from Rosen Penev
2018-11-16Test for OPENSSL_init_crypto before using.Darren Tucker
Check for the presence of OPENSSL_init_crypto and all the flags we want before trying to use it (bz#2931).
2018-11-16Remove fallback check for /usr/local/ssl.Darren Tucker
If configure could not find a working OpenSSL installation it would fall back to checking in /usr/local/ssl. This made sense back when systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't use that as a default any more. The fallback behaviour also meant that if you pointed --with-ssl-dir at a specific directory and it didn't work, it would silently use either the system libs or the ones in /usr/local/ssl. If you want to use /usr/local/ssl you'll need to pass configure --with-ssl-dir=/usr/local/ssl. ok djm@
2018-11-10AC_CHECK_SIZEOF() no longer needs a second argument.Dag-Erling Smørgrav
2018-11-08Simplify OpenSSL 1.1 function checks.Darren Tucker
Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single AC_CHECK_FUNCS. ok djm@
2018-11-05Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV.Darren Tucker
Prevents unnecessary redefinition. Patch from mforney at mforney.org.
2018-10-27Check for the existence of openssl version funcs.Darren Tucker
Check for the existence of openssl version functions and use the ones detected instead of trying to guess based on the int32 version identifier. Fixes builds with LibreSSL.
2018-10-26fix builds on OpenSSL <= 1.0.xDamien Miller
I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API to obtain version number, but they don't.
2018-10-23remove remaining references to SSLeayDamien Miller
Prompted by Rosen Penev
2018-10-17Require OpenSSL 1.1.x series 1.1.0g or greaterDamien Miller
Previous versions have a bug with EVP_CipherInit() when passed a NULL EVP_CIPHER, per https://github.com/openssl/openssl/pull/4613 ok dtucker@
2018-10-16Remove gcc spectre mitigation flags.Darren Tucker
Current impementions of the gcc spectre mitigation flags cause miscompilations when combined with other flags and do not provide much protection. Found by fweimer at redhat.com, ok djm@
2018-10-12Check if snprintf understands %zu.Darren Tucker
If the platforms snprintf and friends don't understand %zu, use the compat replacement. Prevents segfaults on those platforms.