summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancis Dupont <fdupont@isc.org>2014-09-17 11:31:49 +0200
committerFrancis Dupont <fdupont@isc.org>2014-09-17 11:31:49 +0200
commitc779a0ef23d2092cf896276dab1fbcb190380374 (patch)
treed908bf54f9a817b896e1369cf5162edde4ab9106
parent[master] Added ChangeLog entry for #3538. (diff)
downloadkea-c779a0ef23d2092cf896276dab1fbcb190380374.tar.xz
kea-c779a0ef23d2092cf896276dab1fbcb190380374.zip
[trac3482] Check OpenSSL SHA-2 support in configure
-rw-r--r--ChangeLog6
-rw-r--r--configure.ac17
2 files changed, 23 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 8301368904..139e31defa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+835. [build] fdupont
+ The configure script checks if OpenSSL supports SHA-2, in order
+ to avoid very old (and likely subject to unfixed security bugs)
+ OpenSSL versions.
+ (Trac #3482, git xxx)
+
834. [bug] marcin
Corrected the definition of the example DHCPv4 and DHCPv6 address
pools in the default kea.conf file.
diff --git a/configure.ac b/configure.ac
index 016b024fb5..79577ea055 100644
--- a/configure.ac
+++ b/configure.ac
@@ -817,6 +817,23 @@ EOF
#CRYPTO_LDFLAGS="-ldl"
CRYPTO_LDFLAGS=""
CRYPTO_RPATH=""
+ dnl Check avaibility of SHA-2
+ AC_MSG_CHECKING([support of SHA-2])
+ LIBS_SAVED=${LIBS}
+ LIBS="$LIBS $CRYPTO_LIBS"
+ CPPFLAGS_SAVED=${CPPFLAGS}
+ CPPFLAGS="$CRYPTO_INCLUDES $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([#include <openssl/evp.h>],
+ [const EVP_MD* h224 = EVP_sha224();
+ const EVP_MD* h256 = EVP_sha256();
+ const EVP_MD* h384 = EVP_sha384();
+ const EVP_MD* h512 = EVP_sha512();
+ ])],
+ [AC_MSG_RESULT([yes])],
+ [AC_MSG_ERROR([missing EVP entry for SHA-2])])
+ LIBS=${LIBS_SAVED}
+ CPPFLAGS=${CPPFLAGS_SAVED}
fi
AM_CONDITIONAL(HAVE_BOTAN, test "$CRYPTO_NAME" = "Botan")