From: Roy T. Fielding <fielding@apache.org>
Date: Sat, 10 Aug 2002 01:03:18 +0000 (+0000)
Subject: Modified version check on openssl so that it finds the executable
X-Git-Tag: AGB_BEFORE_AAA_CHANGES~282
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=85b9759c237036d5c9efa9561c99948d5649c6b5;p=apache

Modified version check on openssl so that it finds the executable
first and then performs a check of the version, only warning the
user if they chose, or we selected, an old version of OpenSSL.
This change also allows the code to work for non-openssl libraries
selected via the --with-ssl=dir option, which can override the
automated library check in any case.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@96345 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/acinclude.m4 b/acinclude.m4
index 53a46f8143..c26a81cd66 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -409,6 +409,11 @@ if test "x$ap_ssltk_base" = "x"; then
   AC_ARG_WITH(ssl, APACHE_HELP_STRING(--with-ssl=DIR,SSL/TLS toolkit (OpenSSL)), [
     if test "x$withval" != "xyes" -a "x$withval" != "x"; then
       ap_ssltk_base="$withval"
+      if test -f "$ap_ssltk_base/bin/openssl"; then
+          ap_ssltk_version="`$ap_ssltk_base/bin/openssl version`"
+      else
+          ap_ssltk_version="unknown"
+      fi
     fi
   ])
   if test "x$ap_ssltk_base" = "x"; then
@@ -416,30 +421,16 @@ if test "x$ap_ssltk_base" = "x"; then
       #
       # shotgun approach: find all occurrences of the openssl program
       #
-      ap_ssltk_try=""
       # The IFS=... trick eliminates the colons from $PATH, without using an external program
       for p in `IFS=":$IFS"; echo $PATH` /usr/local/openssl/bin /usr/local/ssl/bin; do
         if test -f "$p/openssl"; then
-          ap_ssltk_try="$ap_ssltk_try $p"
+          ap_ssltk_version="`$p/openssl version`"
+          if test "x$ap_ssltk_version" != "x"; then
+            ap_cv_ssltk="`(cd $p/.. && pwd)`"
+            break
+          fi
         fi
       done
-      if test "x$ap_ssltk_try" = "x"; then
-        AC_MSG_ERROR(['openssl' not found in path])
-      fi
-      for p in $ap_ssltk_try; do
-        ap_ssltk_version="`$p/openssl version`"
-        case "$ap_ssltk_version" in
-            "OpenSSL "[[1-9]]* | \
-            "OpenSSL "0.9.[[6-9]][[e-z]]* | \
-            "OpenSSL "0.[[1-9]][[0-9]]* )
-                ap_cv_ssltk="`(cd $p/.. && pwd)`"
-                break
-                ;;
-            *)
-                # skip because it is too old or a bad result
-                ;;
-        esac
-      done
       if test "x$ap_cv_ssltk" = "x"; then
         AC_MSG_ERROR([requires OpenSSL 0.9.6e or higher])
       fi
@@ -453,6 +444,20 @@ if test "x$ap_ssltk_base" = "x"; then
     
   AC_MSG_CHECKING(for SSL/TLS toolkit version)
   AC_MSG_RESULT($ap_ssltk_version)
+  case "$ap_ssltk_version" in
+    "OpenSSL "[[1-9]]* | \
+    "OpenSSL "0.9.6[[e-z]]* | \
+    "OpenSSL "0.9.[[7-9]]* | \
+    "OpenSSL "0.[[1-9]][[0-9]]* )
+       # okay versions that do not have known security holes
+       ;;
+    "OpenSSL"*)
+       AC_MSG_WARN([OpenSSL versions prior to 0.9.6e have known security holes])
+       ;;
+    *)
+       # unknown version -- assume the user knows what they are doing
+       ;;
+  esac
     
   AC_MSG_CHECKING(for SSL/TLS toolkit includes)
   ap_ssltk_incdir=""