From aeb7f9eb0b7f8c8d80906d65a60c49e0d00ce5d3 Mon Sep 17 00:00:00 2001
From: Doug MacEachern <dougm@apache.org>
Date: Wed, 27 Mar 2002 17:02:56 +0000
Subject: [PATCH] add configure checks for ssl functions: -SSL_set_state: macro
 in OpenSSL, might be a function in a patched sslc -SSL_set_cert_store: patch
 submitted to OpenSSL, might be applied to OpenSSL or sslc

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94223 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/config.m4            | 2 ++
 modules/ssl/ssl_engine_config.c  | 6 ++++++
 modules/ssl/ssl_engine_kernel.c  | 4 ++--
 modules/ssl/ssl_toolkit_compat.h | 3 +--
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules/ssl/config.m4 b/modules/ssl/config.m4
index 3841cafd56..a73c85a00f 100644
--- a/modules/ssl/config.m4
+++ b/modules/ssl/config.m4
@@ -78,6 +78,8 @@ ssl_util_table.lo dnl
 dnl #  hook module into the Autoconf mechanism (--enable-ssl option)
 APACHE_MODULE(ssl, [SSL/TLS support (mod_ssl)], $ssl_objs, , no, [
     APACHE_CHECK_SSL_TOOLKIT
+    AC_CHECK_FUNCS(SSL_set_state)
+    AC_CHECK_FUNCS(SSL_set_cert_store)
 ])
 
 dnl #  end of module specific part
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index 389ffda136..bde5b62214 100644
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -665,6 +665,12 @@ const char *ssl_cmd_SSLCertificateChainFile(cmd_parms *cmd, void *ctx,
 #define NO_PER_DIR_SSL_CA \
     "Your ssl library does not have support for per-directory CA"
 
+#ifdef HAVE_SSL_SET_CERT_STORE
+#   define MODSSL_HAVE_SSL_SET_CERT_STORE 1
+#else
+#   define MODSSL_HAVE_SSL_SET_CERT_STORE 0
+#endif
+
 #define MODSSL_SET_CA(f) \
     if (cmd->path) \
         if (MODSSL_HAVE_SSL_SET_CERT_STORE) \
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index 5e89e758e3..2f2f84dfa7 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -578,7 +578,7 @@ int ssl_hook_Access(request_rec *r)
      * used SSL_CTX_set_cert_store which is not thread safe.
      */
 
-#if MODSSL_HAVE_SSL_SET_CERT_STORE
+#ifdef HAVE_SSL_SET_CERT_STORE
     /*
      * check if per-dir and per-server config field are not the same.
      * if f is defined in per-dir and not defined in per-server
@@ -629,7 +629,7 @@ int ssl_hook_Access(request_rec *r)
                 "Changed client verification locations "
                 "will force renegotiation");
     }
-#endif /* MODSSL_HAVE_SSL_SET_CERT_STORE */
+#endif /* HAVE_SSL_SET_CERT_STORE */
 
     /* 
      * SSL renegotiations in conjunction with HTTP
diff --git a/modules/ssl/ssl_toolkit_compat.h b/modules/ssl/ssl_toolkit_compat.h
index d5652a2733..6714857c40 100644
--- a/modules/ssl/ssl_toolkit_compat.h
+++ b/modules/ssl/ssl_toolkit_compat.h
@@ -78,9 +78,8 @@
 #define modssl_PEM_read_bio_PrivateKey(b, k, cb, arg) \
    PEM_read_bio_PrivateKey(b, k, cb)
 
-/* XXX: add configure check */
 #ifndef HAVE_SSL_SET_STATE
-#define SSL_set_state(ssl, state)
+#define SSL_set_state(ssl, state) /* XXX: should throw an error */
 #endif
 
 #define modssl_set_cipher_list(ssl, l) \
-- 
2.50.1