Re: check for RAND_egd at configure time
On 16.04.2015 22:57, Stefan Sperling wrote: On Wed, Apr 15, 2015 at 08:43:04PM +0200, Stefan Sperling wrote: LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Updated version following Kaspar Brand's suggestion to move into acinclude.m4. Index: acinclude.m4 === --- acinclude.m4 (revision 1673798) +++ acinclude.m4 (working copy) @@ -598,6 +598,11 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ if test x$liberrors != x; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi + have_rand_egd=no + AC_CHECK_LIB(crypto, RAND_egd, [have_rand_egd=yes]) + if test $have_rand_egd = yes; then +AC_DEFINE([HAVE_RAND_EGD], [1], [Define if RAND_egd exists.]) + fi else AC_MSG_WARN([OpenSSL version is too old]) fi I was actually thinking about Index: acinclude.m4 === --- acinclude.m4(revision 1673835) +++ acinclude.m4(working copy) @@ -594,7 +594,7 @@ liberrors= AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors=yes]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) if test x$liberrors != x; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi ... or does that not fit in this case? Kaspar
Re: check for RAND_egd at configure time
On Fri, Apr 17, 2015 at 07:02:21AM +0200, Kaspar Brand wrote: I was actually thinking about Index: acinclude.m4 === --- acinclude.m4(revision 1673835) +++ acinclude.m4(working copy) @@ -594,7 +594,7 @@ liberrors= AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors=yes]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) if test x$liberrors != x; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi ... or does that not fit in this case? Kaspar Thanks, this work fine. Tested on OpenBSD and Debian. Index: acinclude.m4 === --- acinclude.m4(revision 1673798) +++ acinclude.m4(working copy) @@ -594,7 +594,7 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ liberrors= AC_CHECK_HEADERS([openssl/engine.h]) AC_CHECK_FUNCS([SSLeay_version SSL_CTX_new], [], [liberrors=yes]) - AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines]) + AC_CHECK_FUNCS([ENGINE_init ENGINE_load_builtin_engines RAND_egd]) if test x$liberrors != x; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi Index: modules/ssl/ssl_engine_rand.c === --- modules/ssl/ssl_engine_rand.c (revision 1673798) +++ modules/ssl/ssl_engine_rand.c (working copy) @@ -86,6 +86,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ss nDone += ssl_rand_feedfp(p, fp, pRandSeed-nBytes); ssl_util_ppclose(s, p, fp); } +#ifdef HAVE_RAND_EGD else if (pRandSeed-nSrc == SSL_RSSRC_EGD) { /* * seed in contents provided by the external @@ -95,6 +96,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ss continue; nDone += n; } +#endif else if (pRandSeed-nSrc == SSL_RSSRC_BUILTIN) { struct { time_t t;
Re: check for RAND_egd at configure time
On Wed, Apr 15, 2015 at 08:43:04PM +0200, Stefan Sperling wrote: LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Updated version following Kaspar Brand's suggestion to move into acinclude.m4. Index: acinclude.m4 === --- acinclude.m4(revision 1673798) +++ acinclude.m4(working copy) @@ -598,6 +598,11 @@ AC_DEFUN(APACHE_CHECK_OPENSSL,[ if test x$liberrors != x; then AC_MSG_WARN([OpenSSL libraries are unusable]) fi + have_rand_egd=no + AC_CHECK_LIB(crypto, RAND_egd, [have_rand_egd=yes]) + if test $have_rand_egd = yes; then +AC_DEFINE([HAVE_RAND_EGD], [1], [Define if RAND_egd exists.]) + fi else AC_MSG_WARN([OpenSSL version is too old]) fi Index: modules/ssl/ssl_engine_rand.c === --- modules/ssl/ssl_engine_rand.c (revision 1673798) +++ modules/ssl/ssl_engine_rand.c (working copy) @@ -86,6 +86,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ss nDone += ssl_rand_feedfp(p, fp, pRandSeed-nBytes); ssl_util_ppclose(s, p, fp); } +#ifdef HAVE_RAND_EGD else if (pRandSeed-nSrc == SSL_RSSRC_EGD) { /* * seed in contents provided by the external @@ -95,6 +96,7 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ss continue; nDone += n; } +#endif else if (pRandSeed-nSrc == SSL_RSSRC_BUILTIN) { struct { time_t t;
check for RAND_egd at configure time
LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Index: modules/ssl/config.m4 === --- modules/ssl/config.m4 (revision 1673798) +++ modules/ssl/config.m4 (working copy) @@ -44,6 +44,12 @@ # structure, so ask libtool to hide everything else: APR_ADDTO(MOD_SSL_LDADD, [-export-symbols-regex ssl_module]) fi + +have_rand_egd=no +AC_CHECK_LIB(crypto, RAND_egd, [have_rand_egd=yes]) +if test $have_rand_egd = yes; then +AC_DEFINE([HAVE_RAND_EGD], [1], [Define if RAND_egd exists.]) +fi else enable_ssl=no fi Index: modules/ssl/ssl_engine_rand.c === --- modules/ssl/ssl_engine_rand.c (revision 1673798) +++ modules/ssl/ssl_engine_rand.c (working copy) @@ -86,6 +86,7 @@ nDone += ssl_rand_feedfp(p, fp, pRandSeed-nBytes); ssl_util_ppclose(s, p, fp); } +#ifdef HAVE_RAND_EGD else if (pRandSeed-nSrc == SSL_RSSRC_EGD) { /* * seed in contents provided by the external @@ -95,6 +96,7 @@ continue; nDone += n; } +#endif else if (pRandSeed-nSrc == SSL_RSSRC_BUILTIN) { struct { time_t t;
Re: check for RAND_egd at configure time
On 15.04.2015 20:43, Stefan Sperling wrote: LibreSSL does not provide the RAND_egd() function. This patch adds a configure check to allow building mod_ssl with LibreSSL. Index: modules/ssl/config.m4 === --- modules/ssl/config.m4 (revision 1673798) +++ modules/ssl/config.m4 (working copy) @@ -44,6 +44,12 @@ # structure, so ask libtool to hide everything else: APR_ADDTO(MOD_SSL_LDADD, [-export-symbols-regex ssl_module]) fi + +have_rand_egd=no +AC_CHECK_LIB(crypto, RAND_egd, [have_rand_egd=yes]) +if test $have_rand_egd = yes; then +AC_DEFINE([HAVE_RAND_EGD], [1], [Define if RAND_egd exists.]) +fi else enable_ssl=no fi We already have a couple of OpenSSL function checks in (the top-level) acinclude.m4 - can you add it there? Kaspar