diff options
Diffstat (limited to 'contrib/bind9/configure.in')
-rw-r--r-- | contrib/bind9/configure.in | 80 |
1 files changed, 46 insertions, 34 deletions
diff --git a/contrib/bind9/configure.in b/contrib/bind9/configure.in index b14b489..cf7517b 100644 --- a/contrib/bind9/configure.in +++ b/contrib/bind9/configure.in @@ -1,4 +1,4 @@ -# Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 1998-2003 Internet Software Consortium. # # Permission to use, copy, modify, and distribute this software for any @@ -18,7 +18,7 @@ AC_DIVERT_PUSH(1)dnl esyscmd([sed "s/^/# /" COPYRIGHT])dnl AC_DIVERT_POP()dnl -AC_REVISION($Revision: 1.294.2.23.2.51 $) +AC_REVISION($Revision: 1.294.2.23.2.51.4.3 $) AC_INIT(lib/dns/name.c) AC_PREREQ(2.13) @@ -357,6 +357,7 @@ AC_C_BIGENDIAN # # was --with-openssl specified? # +OPENSSL_WARNING= AC_MSG_CHECKING(for OpenSSL library) AC_ARG_WITH(openssl, [ --with-openssl[=PATH] Build with OpenSSL [yes|no|path]. @@ -462,51 +463,38 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)], [AC_MSG_RESULT(assuming it does work on target platform)] ) -# -# OpenSSLDie is new with CERT CS-2002-23. If we see it we have may -# have a patched library otherwise check that we are greater than -# the fixed versions -# - AC_CHECK_FUNC(OpenSSLDie, +AC_ARG_ENABLE(openssl-version-check, +[AC_HELP_STRING([--enable-openssl-version-check], + [Check OpenSSL Version @<:@default=yes@:>@])]) +case "$enable_openssl_version_check" in +yes|'') AC_MSG_CHECKING(OpenSSL library version) AC_TRY_RUN([ #include <stdio.h> #include <openssl/opensslv.h> int main() { - if (OPENSSL_VERSION_NUMBER >= 0x0090581fL) + if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && + OPENSSL_VERSION_NUMBER < 0x009080000L) || + OPENSSL_VERSION_NUMBER >= 0x0090804fL) return (0); printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", OPENSSL_VERSION_NUMBER); - printf("Require OPENSSL_VERSION_NUMBER 0x0090581f or greater\n\n"); + printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" + "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n"); return (1); } -], + ], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(not compatible) - AC_MSG_ERROR(you need OpenSSL 0.9.5a or newer)], + OPENSSL_WARNING=yes + ], [AC_MSG_RESULT(assuming target platform has compatible version)]) - , - AC_MSG_RESULT(did not find fixes for CERT CA-2002-23) - AC_MSG_CHECKING(OpenSSL library version) - AC_TRY_RUN([ -#include <stdio.h> -#include <openssl/opensslv.h> -int main() { - if ((OPENSSL_VERSION_NUMBER >= 0x0090605fL && - OPENSSL_VERSION_NUMBER < 0x009070000L) || - OPENSSL_VERSION_NUMBER >= 0x00907003L) - return (0); - printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", - OPENSSL_VERSION_NUMBER); - printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater (0.9.6e)\n" - "Require OPENSSL_VERSION_NUMBER 0x00907003 or greater (0.9.7-beta2)\n\n"); - return (1); -} -], - [AC_MSG_RESULT(ok)], - [AC_MSG_RESULT(not compatible) - AC_MSG_ERROR(you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23)], - [AC_MSG_RESULT(assuming target platform has compatible version)])) +;; +no) + AC_MSG_RESULT(Skipped OpenSSL version check) +;; +esac + AC_MSG_CHECKING(for OpenSSL DSA support) if test -f $use_openssl/include/openssl/dsa.h then @@ -2116,6 +2104,30 @@ AC_OUTPUT( ) chmod a+x isc-config.sh +if test "X$OPENSSL_WARNING" != "X"; then +cat << \EOF +WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +WARNING WARNING +WARNING Your OpenSSL crypto library may be vulnerable to WARNING +WARNING one or more of the the following known security WARNING +WARNING flaws: WARNING +WARNING WARNING +WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING +WARNING CVE-2006-2940. WARNING +WARNING WARNING +WARNING It is recommended that you upgrade to OpenSSL WARNING +WARNING version 0.9.8d/0.9.7l (or greater). WARNING +WARNING WARNING +WARNING You can disable this warning by specifying: WARNING +WARNING WARNING +WARNING --disable-openssl-version-check WARNING +WARNING WARNING +WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +EOF +fi + # Tell Emacs to edit this file in shell mode. # Local Variables: # mode: sh |