Commit a51d6478 authored by Kevin J. McCarthy's avatar Kevin J. McCarthy

Move the OpenSSL partial chain support check inside configure.ac. (see #3916)

Instead of directly checking whether X509_V_FLAG_PARTIAL_CHAIN is
defined everywhere, do it once inside configure.  This will allow
better support in the future if the test needs to change.
parent f4fbf0bb
......@@ -710,6 +710,11 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
AC_CHECK_DECL([X509_V_FLAG_PARTIAL_CHAIN],
AC_DEFINE(HAVE_SSL_PARTIAL_CHAIN,1,[ Define if OpenSSL supports partial chains. ]),
,
[[#include <openssl/x509_vfy.h>]])
AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
LIBS="$saved_LIBS"
......
......@@ -19,8 +19,8 @@
# ifndef USE_SSL_OPENSSL
# define USE_SSL_OPENSSL
# endif
# ifndef X509_V_FLAG_PARTIAL_CHAIN
# define X509_V_FLAG_PARTIAL_CHAIN
# ifndef HAVE_SSL_PARTIAL_CHAIN
# define HAVE_SSL_PARTIAL_CHAIN
# endif
# ifndef USE_SSL_GNUTLS
# define USE_SSL_GNUTLS
......
......@@ -78,11 +78,6 @@ struct option_t
};
#define UL (unsigned long)
#ifdef USE_SSL_OPENSSL
/* need to check X509_V_FLAG_PARTIAL_CHAIN later */
# include <openssl/x509_vfy.h>
#endif
#endif /* _MAKEDOC */
#ifndef ISPELL
......@@ -3382,7 +3377,7 @@ struct option_t MuttVars[] = {
** the \fC$<account-hook>\fP function.
*/
# ifdef USE_SSL_OPENSSL
# ifdef X509_V_FLAG_PARTIAL_CHAIN
# ifdef HAVE_SSL_PARTIAL_CHAIN
{ "ssl_verify_partial_chains", DT_BOOL, R_NONE, OPTSSLVERIFYPARTIAL, 0 },
/*
** .pp
......@@ -3397,7 +3392,7 @@ struct option_t MuttVars[] = {
** .pp
** (OpenSSL 1.0.2b and newer only).
*/
# endif /* defined X509_V_FLAG_PARTIAL_CHAIN */
# endif /* defined HAVE_SSL_PARTIAL_CHAIN */
# endif /* defined USE_SSL_OPENSSL */
{ "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL 0 },
/*
......
......@@ -396,7 +396,7 @@ enum
OPTSSLFORCETLS,
OPTSSLVERIFYDATES,
OPTSSLVERIFYHOST,
# ifdef USE_SSL_OPENSSL
# if defined(USE_SSL_OPENSSL) && defined(HAVE_SSL_PARTIAL_CHAIN)
OPTSSLVERIFYPARTIAL,
# endif /* USE_SSL_OPENSSL */
#endif /* defined(USE_SSL) */
......
......@@ -146,7 +146,7 @@ static int ssl_load_certificates (SSL_CTX *ctx)
static int ssl_set_verify_partial (SSL_CTX *ctx)
{
int rv = 0;
#ifdef X509_V_FLAG_PARTIAL_CHAIN
#ifdef HAVE_SSL_PARTIAL_CHAIN
X509_VERIFY_PARAM *param;
if (option (OPTSSLVERIFYPARTIAL))
......@@ -1148,7 +1148,7 @@ static int interactive_check_cert (X509 *cert, int idx, int len, SSL *ssl)
menu->title = title;
/* The leaf/host certificate can't be skipped. */
#ifdef X509_V_FLAG_PARTIAL_CHAIN
#ifdef HAVE_SSL_PARTIAL_CHAIN
if ((idx != 0) &&
(option (OPTSSLVERIFYPARTIAL)))
allow_skip = 1;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment