]> granicus.if.org Git - neomutt/commitdiff
projects / neomutt / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 13321d8)
Move the OpenSSL partial chain support check inside configure.ac. (see #3916)
authorKevin McCarthy <kevin@8t8.us>
Wed, 8 Mar 2017 02:26:06 +0000 (18:26 -0800)
committerRichard Russon <rich@flatcap.org>
Sat, 11 Mar 2017 23:36:53 +0000 (23:36 +0000)
Instead of directly checking whether X509_V_FLAG_PARTIAL_CHAIN is
defined everywhere, do it once inside configure.  This will allow
better support in the future if the test needs to change.

configure.ac patch | blob | history
doc/makedoc-defs.h patch | blob | history
init.h patch | blob | history
mutt.h patch | blob | history
mutt_ssl.c patch | blob | history

diff --git a/configure.ac b/configure.ac
index b33ae11cf6768783b6db2687447c645f6ef0571c..f4765d196d2f7c01a10b204fbe68e723dcca27f3 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -786,6 +786,10 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
                        AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
                                AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
 
+                       AC_CHECK_DECL([X509_V_FLAG_PARTIAL_CHAIN],
+                               AC_DEFINE(HAVE_SSL_PARTIAL_CHAIN,1,[ Define if OpenSSL supports partial chains. ]),,
+                               [[#include <openssl/x509_vfy.h>]])
+
                        AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
                        AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
                        LIBS="$saved_LIBS"
diff --git a/doc/makedoc-defs.h b/doc/makedoc-defs.h
index b7a001d347e9115a8e15e9595e2e5377e3a0483f..a4dab13e8d2430f115fcc88866781a4b628f4947 100644 (file)
--- a/doc/makedoc-defs.h
+++ b/doc/makedoc-defs.h
@@ -19,8 +19,8 @@
 # ifndef USE_SSL_OPENSSL
 #  define USE_SSL_OPENSSL
 # endif
-# ifndef X509_V_FLAG_PARTIAL_CHAIN
-#  define X509_V_FLAG_PARTIAL_CHAIN
+# ifndef HAVE_SSL_PARTIAL_CHAIN
+#  define HAVE_SSL_PARTIAL_CHAIN
 # endif
 # ifndef USE_SSL_GNUTLS
 #  define USE_SSL_GNUTLS
diff --git a/init.h b/init.h
index b99e56a0d4e9a5dd7d243f72cb074140468b2a43..70672a25272c1ee2f85e90690e2556aeb16c3940 100644 (file)
--- a/init.h
+++ b/init.h
@@ -59,11 +59,6 @@
 #define IS_SENSITIVE(x)        (((x).flags & F_SENSITIVE) == F_SENSITIVE)
 
 #define UL (unsigned long)
-
-#ifdef USE_SSL_OPENSSL
-/* need to check X509_V_FLAG_PARTIAL_CHAIN later */
-# include <openssl/x509_vfy.h>
-#endif
 #endif /* _MAKEDOC */
 
 #ifndef ISPELL
@@ -3808,7 +3803,7 @@ struct option_t MuttVars[] = {
   ** the \fC$<account-hook>\fP function.
   */
 # ifdef USE_SSL_OPENSSL
-#  ifdef X509_V_FLAG_PARTIAL_CHAIN
+#  ifdef HAVE_SSL_PARTIAL_CHAIN
   { "ssl_verify_partial_chains", DT_BOOL, R_NONE, OPTSSLVERIFYPARTIAL, 0 },
   /*
   ** .pp
@@ -3823,7 +3818,7 @@ struct option_t MuttVars[] = {
   ** .pp
   ** (OpenSSL 1.0.2b and newer only).
   */
-#  endif /* defined X509_V_FLAG_PARTIAL_CHAIN */
+#  endif /* defined HAVE_SSL_PARTIAL_CHAIN */
 # endif /* defined USE_SSL_OPENSSL */
   { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL 0 },
   /*
diff --git a/mutt.h b/mutt.h
index 6cbc7de85fb21a7675c759403e8b175c67c1fdf3..0c6b3b70d73d07eb1c54f5567c3edc425036b0f2 100644 (file)
--- a/mutt.h
+++ b/mutt.h
@@ -425,7 +425,7 @@ enum
   OPTSSLFORCETLS,
   OPTSSLVERIFYDATES,
   OPTSSLVERIFYHOST,
-# ifdef USE_SSL_OPENSSL
+# if defined(USE_SSL_OPENSSL) && defined(HAVE_SSL_PARTIAL_CHAIN)
   OPTSSLVERIFYPARTIAL,
 # endif /* USE_SSL_OPENSSL */
 #endif /* defined(USE_SSL) */
diff --git a/mutt_ssl.c b/mutt_ssl.c
index f815827975353d51978e86909319c91abc64fb17..f3e9ee748624d4ca413551c6341dab57b5bd312e 100644 (file)
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -146,7 +146,7 @@ static int ssl_load_certificates (SSL_CTX *ctx)
 static int ssl_set_verify_partial (SSL_CTX *ctx)
 {
   int rv = 0;
-#ifdef X509_V_FLAG_PARTIAL_CHAIN
+#ifdef HAVE_SSL_PARTIAL_CHAIN
   X509_VERIFY_PARAM *param;
 
   if (option (OPTSSLVERIFYPARTIAL))
@@ -1160,7 +1160,7 @@ static int interactive_check_cert (X509 *cert, int idx, int len, SSL *ssl)
   menu->title = title;
 
   /* The leaf/host certificate can't be skipped. */
-#ifdef X509_V_FLAG_PARTIAL_CHAIN
+#ifdef HAVE_SSL_PARTIAL_CHAIN
   if ((idx != 0) &&
       (option (OPTSSLVERIFYPARTIAL)))
     allow_skip = 1;
Unnamed repository; edit this file 'description' to name the repository.