From abe21f15ca096d7bcaae7e6abfe0644f09a64ed4 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Tue, 7 Mar 2017 18:26:06 -0800
Subject: [PATCH] Move the OpenSSL partial chain support check inside
 configure.ac. (see #3916)

Instead of directly checking whether X509_V_FLAG_PARTIAL_CHAIN is
defined everywhere, do it once inside configure.  This will allow
better support in the future if the test needs to change.
---
 configure.ac       | 4 ++++
 doc/makedoc-defs.h | 4 ++--
 init.h             | 9 ++-------
 mutt.h             | 2 +-
 mutt_ssl.c         | 4 ++--
 5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/configure.ac b/configure.ac
index b33ae11cf..f4765d196 100644
--- a/configure.ac
+++ b/configure.ac
@@ -786,6 +786,10 @@ AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl@<:@=PFX@:>@],[Enable TLS support usi
 			AC_CHECK_DECLS([SSL_set_mode, SSL_MODE_AUTO_RETRY],,
 				AC_MSG_ERROR([Unable to find decent SSL header]), [[#include <openssl/ssl.h>]])
 
+			AC_CHECK_DECL([X509_V_FLAG_PARTIAL_CHAIN],
+				AC_DEFINE(HAVE_SSL_PARTIAL_CHAIN,1,[ Define if OpenSSL supports partial chains. ]),,
+				[[#include <openssl/x509_vfy.h>]])
+
 			AC_DEFINE(USE_SSL,1,[ Define if you want support for SSL. ])
 			AC_DEFINE(USE_SSL_OPENSSL,1,[ Define if you want support for SSL via OpenSSL. ])
 			LIBS="$saved_LIBS"
diff --git a/doc/makedoc-defs.h b/doc/makedoc-defs.h
index b7a001d34..a4dab13e8 100644
--- a/doc/makedoc-defs.h
+++ b/doc/makedoc-defs.h
@@ -19,8 +19,8 @@
 # ifndef USE_SSL_OPENSSL
 #  define USE_SSL_OPENSSL
 # endif
-# ifndef X509_V_FLAG_PARTIAL_CHAIN
-#  define X509_V_FLAG_PARTIAL_CHAIN
+# ifndef HAVE_SSL_PARTIAL_CHAIN
+#  define HAVE_SSL_PARTIAL_CHAIN
 # endif
 # ifndef USE_SSL_GNUTLS
 #  define USE_SSL_GNUTLS
diff --git a/init.h b/init.h
index b99e56a0d..70672a252 100644
--- a/init.h
+++ b/init.h
@@ -59,11 +59,6 @@
 #define IS_SENSITIVE(x)	(((x).flags & F_SENSITIVE) == F_SENSITIVE)
 
 #define UL (unsigned long)
-
-#ifdef USE_SSL_OPENSSL
-/* need to check X509_V_FLAG_PARTIAL_CHAIN later */
-# include <openssl/x509_vfy.h>
-#endif
 #endif /* _MAKEDOC */
 
 #ifndef ISPELL
@@ -3808,7 +3803,7 @@ struct option_t MuttVars[] = {
   ** the \fC$<account-hook>\fP function.
   */
 # ifdef USE_SSL_OPENSSL
-#  ifdef X509_V_FLAG_PARTIAL_CHAIN
+#  ifdef HAVE_SSL_PARTIAL_CHAIN
   { "ssl_verify_partial_chains", DT_BOOL, R_NONE, OPTSSLVERIFYPARTIAL, 0 },
   /*
   ** .pp
@@ -3823,7 +3818,7 @@ struct option_t MuttVars[] = {
   ** .pp
   ** (OpenSSL 1.0.2b and newer only).
   */
-#  endif /* defined X509_V_FLAG_PARTIAL_CHAIN */
+#  endif /* defined HAVE_SSL_PARTIAL_CHAIN */
 # endif /* defined USE_SSL_OPENSSL */
   { "ssl_ciphers", DT_STR, R_NONE, UL &SslCiphers, UL 0 },
   /*
diff --git a/mutt.h b/mutt.h
index 6cbc7de85..0c6b3b70d 100644
--- a/mutt.h
+++ b/mutt.h
@@ -425,7 +425,7 @@ enum
   OPTSSLFORCETLS,
   OPTSSLVERIFYDATES,
   OPTSSLVERIFYHOST,
-# ifdef USE_SSL_OPENSSL
+# if defined(USE_SSL_OPENSSL) && defined(HAVE_SSL_PARTIAL_CHAIN)
   OPTSSLVERIFYPARTIAL,
 # endif /* USE_SSL_OPENSSL */
 #endif /* defined(USE_SSL) */
diff --git a/mutt_ssl.c b/mutt_ssl.c
index f81582797..f3e9ee748 100644
--- a/mutt_ssl.c
+++ b/mutt_ssl.c
@@ -146,7 +146,7 @@ static int ssl_load_certificates (SSL_CTX *ctx)
 static int ssl_set_verify_partial (SSL_CTX *ctx)
 {
   int rv = 0;
-#ifdef X509_V_FLAG_PARTIAL_CHAIN
+#ifdef HAVE_SSL_PARTIAL_CHAIN
   X509_VERIFY_PARAM *param;
 
   if (option (OPTSSLVERIFYPARTIAL))
@@ -1160,7 +1160,7 @@ static int interactive_check_cert (X509 *cert, int idx, int len, SSL *ssl)
   menu->title = title;
 
   /* The leaf/host certificate can't be skipped. */
-#ifdef X509_V_FLAG_PARTIAL_CHAIN
+#ifdef HAVE_SSL_PARTIAL_CHAIN
   if ((idx != 0) &&
       (option (OPTSSLVERIFYPARTIAL)))
     allow_skip = 1;
-- 
2.40.0