1## Copyright (C) 1996-2021 The Squid Software Foundation and contributors 2## 3## Squid software is distributed under GPLv2+ license and includes 4## contributions from numerous individuals and organizations. 5## Please see the COPYING and CONTRIBUTORS files for details. 6## 7 8dnl check whether regex works by actually compiling one 9dnl sets squid_cv_regex_works to either yes or no 10 11AC_DEFUN([SQUID_CHECK_REGEX_WORKS],[ 12 AC_CACHE_CHECK([if the system-supplied regex lib actually works],squid_cv_regex_works,[ 13 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ 14#if HAVE_SYS_TYPES_H 15#include <sys/types.h> 16#endif 17#if HAVE_REGEX_H 18#include <regex.h> 19#endif 20]], [[ 21regex_t t; regcomp(&t,"",0);]])], 22 [ squid_cv_regex_works=yes ], 23 [ squid_cv_regex_works=no ]) 24 ]) 25]) 26 27 28AC_DEFUN([SQUID_CHECK_LIBIPHLPAPI],[ 29 AC_CACHE_CHECK([for libIpHlpApi],squid_cv_have_libiphlpapi,[ 30 SQUID_STATE_SAVE(iphlpapi) 31 LIBS="$LIBS -liphlpapi" 32 AC_LINK_IFELSE([AC_LANG_PROGRAM([[ 33#include <windows.h> 34#include <winsock2.h> 35#include <iphlpapi.h> 36]], [[ 37 MIB_IPNETTABLE i; 38 unsigned long isz=sizeof(i); 39 GetIpNetTable(&i,&isz,FALSE); 40 ]])], 41 [squid_cv_have_libiphlpapi=yes 42 SQUID_STATE_COMMIT(iphlpapi)], 43 [squid_cv_have_libiphlpapi=no 44 SQUID_STATE_ROLLBACK(iphlpapi)]) 45 ]) 46 SQUID_STATE_ROLLBACK(iphlpapi) 47]) 48 49dnl Checks whether the -lssl library provides OpenSSL TLS_*_method() definitions 50AC_DEFUN([SQUID_CHECK_OPENSSL_TLS_METHODS],[ 51 AH_TEMPLATE(HAVE_OPENSSL_TLS_METHOD, "Define to 1 if the TLS_method() OpenSSL API function exists") 52 AH_TEMPLATE(HAVE_OPENSSL_TLS_CLIENT_METHOD, "Define to 1 if the TLS_client_method() OpenSSL API function exists") 53 AH_TEMPLATE(HAVE_OPENSSL_TLS_SERVER_METHOD, "Define to 1 if the TLS_server_method() OpenSSL API function exists") 54 SQUID_STATE_SAVE(check_openssl_TLS_METHODS) 55 LIBS="$LIBS $SSLLIB" 56 AC_CHECK_LIB(ssl, TLS_method, AC_DEFINE(HAVE_OPENSSL_TLS_METHOD, 1)) 57 AC_CHECK_LIB(ssl, TLS_client_method, AC_DEFINE(HAVE_OPENSSL_TLS_CLIENT_METHOD, 1)) 58 AC_CHECK_LIB(ssl, TLS_server_method, AC_DEFINE(HAVE_OPENSSL_TLS_SERVER_METHOD, 1)) 59 SQUID_STATE_ROLLBACK(check_openssl_TLS_METHODS) 60]) 61 62dnl Checks whether the -lcrypto library provides various OpenSSL API functions 63AC_DEFUN([SQUID_CHECK_LIBCRYPTO_API],[ 64 AH_TEMPLATE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, "Define to 1 if the OPENSSL_LH_strhash() OpenSSL API function exists") 65 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, "Define to 1 if the EVP_PKEY_get0_RSA() OpenSSL API function exists") 66 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_METH_NEW, "Define to 1 if the BIO_meth_new() OpenSSL API function exists") 67 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_DATA, "Define to 1 if the BIO_get_data() OpenSSL API function exists") 68 AH_TEMPLATE(HAVE_LIBCRYPTO_BIO_GET_INIT, "Define to 1 if the BIO_get_init() OpenSSL API function exists") 69 AH_TEMPLATE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, "Define to 1 if the ASN1_STRING_get0_data() OpenSSL API function exists") 70 AH_TEMPLATE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, "Define to 1 if the EVP_PKEY_up_ref() OpenSSL API function exists") 71 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, "Define to 1 if the X509_STORE_CTX_get0_cert() OpenSSL API function exists") 72 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, "Define to 1 if the X509_VERIFY_PARAM_get_depth() OpenSSL API function exists") 73 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, "Define to 1 if the X509_STORE_CTX_get0_untrusted() OpenSSL API function exists") 74 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_UP_REF, "Define to 1 if the X509_up_ref() OpenSSL API function exists") 75 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, "Define to 1 if the X509_CRL_up_ref() OpenSSL API function exists") 76 AH_TEMPLATE(HAVE_LIBCRYPTO_DH_UP_REF, "Define to 1 if the DH_up_ref() OpenSSL API function exists") 77 AH_TEMPLATE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, "Define to 1 if the X509_get0_signature() OpenSSL API function exists") 78 SQUID_STATE_SAVE(check_openssl_libcrypto_api) 79 LIBS="$LIBS $SSLLIB" 80 AC_CHECK_LIB(crypto, OPENSSL_LH_strhash, AC_DEFINE(HAVE_LIBCRYPTO_OPENSSL_LH_STRHASH, 1)) 81 AC_CHECK_LIB(crypto, EVP_PKEY_get0_RSA, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_GET0_RSA, 1)) 82 AC_CHECK_LIB(crypto, BIO_meth_new, AC_DEFINE(HAVE_LIBCRYPTO_BIO_METH_NEW, 1)) 83 AC_CHECK_LIB(crypto, BIO_get_data, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_DATA, 1)) 84 AC_CHECK_LIB(crypto, BIO_get_init, AC_DEFINE(HAVE_LIBCRYPTO_BIO_GET_INIT, 1)) 85 AC_CHECK_LIB(crypto, ASN1_STRING_get0_data, AC_DEFINE(HAVE_LIBCRYPTO_ASN1_STRING_GET0_DATA, 1)) 86 AC_CHECK_LIB(crypto, EVP_PKEY_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_EVP_PKEY_UP_REF, 1)) 87 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_cert, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_CERT, 1)) 88 AC_CHECK_LIB(crypto, X509_VERIFY_PARAM_get_depth, AC_DEFINE(HAVE_LIBCRYPTO_X509_VERIFY_PARAM_GET_DEPTH, 1)) 89 AC_CHECK_LIB(crypto, X509_STORE_CTX_get0_untrusted, AC_DEFINE(HAVE_LIBCRYPTO_X509_STORE_CTX_GET0_UNTRUSTED, 1)) 90 AC_CHECK_LIB(crypto, X509_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_UP_REF, 1)) 91 AC_CHECK_LIB(crypto, X509_CRL_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_X509_CRL_UP_REF, 1)) 92 AC_CHECK_LIB(crypto, DH_up_ref, AC_DEFINE(HAVE_LIBCRYPTO_DH_UP_REF, 1)) 93 AC_CHECK_LIB(crypto, X509_get0_signature, AC_DEFINE(HAVE_LIBCRYPTO_X509_GET0_SIGNATURE, 1), AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,)) 94 SQUID_STATE_ROLLBACK(check_openssl_libcrypto_api) 95]) 96 97dnl Checks whether the -lssl library provides various OpenSSL API functions 98AC_DEFUN([SQUID_CHECK_LIBSSL_API],[ 99 AH_TEMPLATE(HAVE_LIBSSL_OPENSSL_INIT_SSL, "Define to 1 if the OPENSSL_init_ssl() OpenSSL API function exists") 100 AH_TEMPLATE(HAVE_LIBSSL_SSL_CIPHER_FIND, "Define to 1 if the SSL_CIPHER_find() OpenSSL API function exists") 101 AH_TEMPLATE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, "Define to 1 if the SSL_CTX_set_tmp_rsa_callback() OpenSSL API function exists") 102 AH_TEMPLATE(HAVE_LIBSSL_SSL_SESSION_GET_ID, "Define to 1 if the SSL_SESSION_get_id() OpenSSL API function exists") 103 SQUID_STATE_SAVE(check_openssl_libssl_api) 104 LIBS="$LIBS $SSLLIB" 105 AC_CHECK_LIB(ssl, OPENSSL_init_ssl, AC_DEFINE(HAVE_LIBSSL_OPENSSL_INIT_SSL, 1)) 106 AC_CHECK_LIB(ssl, SSL_CIPHER_find, AC_DEFINE(HAVE_LIBSSL_SSL_CIPHER_FIND, 1)) 107 AC_CHECK_LIB(ssl, SSL_CTX_set_tmp_rsa_callback, AC_DEFINE(HAVE_LIBSSL_SSL_CTX_SET_TMP_RSA_CALLBACK, 1)) 108 AC_CHECK_LIB(ssl, SSL_SESSION_get_id, AC_DEFINE(HAVE_LIBSSL_SSL_SESSION_GET_ID, 1)) 109 SQUID_STATE_ROLLBACK(check_openssl_libssl_api) 110]) 111 112dnl Checks whether the OpenSSL SSL_get_certificate crashes squid and if a 113dnl workaround can be used instead of using the SSL_get_certificate 114AC_DEFUN([SQUID_CHECK_OPENSSL_GETCERTIFICATE_WORKS],[ 115 AH_TEMPLATE(SQUID_SSLGETCERTIFICATE_BUGGY, "Define to 1 if the SSL_get_certificate crashes squid") 116 AH_TEMPLATE(SQUID_USE_SSLGETCERTIFICATE_HACK, "Define to 1 to use squid workaround for SSL_get_certificate") 117 SQUID_STATE_SAVE(check_SSL_get_certificate) 118 LIBS="$SSLLIB $LIBS" 119 if test "x$SSLLIBDIR" != "x"; then 120 LIBS="$LIBS -Wl,-rpath -Wl,$SSLLIBDIR" 121 fi 122 123 AC_MSG_CHECKING(whether the SSL_get_certificate is buggy) 124 AC_RUN_IFELSE([ 125 AC_LANG_PROGRAM( 126 [ 127 #include <openssl/ssl.h> 128 #include <openssl/err.h> 129 ], 130 [ 131#if defined(SSLeay_add_ssl_algorithms) 132 SSLeay_add_ssl_algorithms(); 133#endif 134#if HAVE_OPENSSL_TLS_METHOD 135 SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); 136#else 137 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); 138#endif 139 SSL *ssl = SSL_new(sslContext); 140 X509* cert = SSL_get_certificate(ssl); 141 return 0; 142 ]) 143 ], 144 [ 145 AC_MSG_RESULT([no]) 146 ], 147 [ 148 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 1) 149 AC_MSG_RESULT([yes]) 150 ], 151 [ 152 AC_DEFINE(SQUID_SSLGETCERTIFICATE_BUGGY, 0) 153 AC_MSG_RESULT([cross-compile, assuming no]) 154 ]) 155 156 AC_MSG_CHECKING(whether the workaround for SSL_get_certificate works) 157 AC_RUN_IFELSE([ 158 AC_LANG_PROGRAM( 159 [ 160 #include <openssl/ssl.h> 161 #include <openssl/err.h> 162 ], 163 [ 164#if defined(SSLeay_add_ssl_algorithms) 165 SSLeay_add_ssl_algorithms(); 166#endif 167#if HAVE_OPENSSL_TLS_METHOD 168 SSL_CTX *sslContext = SSL_CTX_new(TLS_method()); 169#else 170 SSL_CTX *sslContext = SSL_CTX_new(SSLv23_method()); 171#endif 172 X509 ***pCert = (X509 ***)sslContext->cert; 173 X509 *sslCtxCert = pCert && *pCert ? **pCert : (X509 *)0x1; 174 if (sslCtxCert != NULL) 175 return 1; 176 return 0; 177 ]) 178 ], 179 [ 180 AC_MSG_RESULT([yes]) 181 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 1) 182 ], 183 [ 184 AC_MSG_RESULT([no]) 185 ], 186 [ 187 AC_DEFINE(SQUID_USE_SSLGETCERTIFICATE_HACK, 0) 188 AC_MSG_RESULT([cross-compile, assuming no]) 189 ]) 190 191SQUID_STATE_ROLLBACK(check_SSL_get_certificate) 192]) 193 194dnl Checks whether the SSL_CTX_new and similar functions require 195dnl a const 'SSL_METHOD *' argument 196AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[ 197 AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") 198 SQUID_STATE_SAVE(check_const_SSL_METHOD) 199 AC_MSG_CHECKING(whether SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'") 200 201 AC_COMPILE_IFELSE([ 202 AC_LANG_PROGRAM( 203 [ 204 #include <openssl/ssl.h> 205 #include <openssl/err.h> 206 ], 207 [ 208 const SSL_METHOD *method = NULL; 209 SSL_CTX *sslContext = SSL_CTX_new(method); 210 return (sslContext != NULL); 211 ]) 212 ], 213 [ 214 AC_DEFINE(SQUID_USE_CONST_SSL_METHOD, 1) 215 AC_MSG_RESULT([yes]) 216 ], 217 [ 218 AC_MSG_RESULT([no]) 219 ], 220 []) 221 222SQUID_STATE_ROLLBACK(check_const_SSL_METHOD) 223]) 224 225dnl Checks whether the CRYPTO_EX_DATA duplication callback for SSL_get_ex_new_index() has a const argument 226AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_CRYPTO_EX_DATA],[ 227 AH_TEMPLATE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, "Define to 1 if the SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") 228 SQUID_STATE_SAVE(check_const_CRYPTO_EX_DATA) 229 AC_MSG_CHECKING(whether SSL_get_new_ex_index() dup callback accepts 'const CRYPTO_EX_DATA *'") 230 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 231#include <openssl/ssl.h> 232 233int const_dup_func(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *, int, long, void *) { 234 return 0; 235} 236 ],[ 237return SSL_get_ex_new_index(0, (void*)"foo", NULL, &const_dup_func, NULL); 238 ]) 239 ],[ 240 AC_DEFINE(SQUID_USE_CONST_CRYPTO_EX_DATA_DUP, 1) 241 AC_MSG_RESULT([yes]) 242 ],[ 243 AC_MSG_RESULT([no]) 244 ]) 245 SQUID_STATE_ROLLBACK(check_const_CRYPTO_EX_DATA) 246]) 247 248dnl Checks whether the callback for SSL_CTX_sess_set_get_cb() accepts a const ID argument 249AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_SESSION_CB_ARG],[ 250 AH_TEMPLATE(SQUID_USE_CONST_SSL_SESSION_CBID, "Define to 1 if the SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") 251 SQUID_STATE_SAVE(check_const_SSL_CTX_sess_set_get_cb) 252 AC_MSG_CHECKING(whether SSL_CTX_sess_set_get_cb() callback accepts a const ID argument") 253 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 254#include <openssl/ssl.h> 255 256SSL_SESSION *get_session_cb(SSL *, const unsigned char *ID, int, int *) { 257 return NULL; 258} 259 ],[ 260SSL_CTX_sess_set_get_cb(NULL, get_session_cb); 261return 0; 262 ]) 263 ],[ 264 AC_DEFINE(SQUID_USE_CONST_SSL_SESSION_CBID, 1) 265 AC_MSG_RESULT([yes]) 266 ],[ 267 AC_MSG_RESULT([no]) 268 ]) 269 SQUID_STATE_ROLLBACK(check_const_SSL_CTX_sess_set_get_cb) 270]) 271 272dnl Checks whether the X509_get0_signature() has const arguments 273AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_X509_GET0_SIGNATURE_ARGS],[ 274 AH_TEMPLATE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, Define to const if X509_get0_signature() accepts const parameters; define as empty otherwise. Don't leave it undefined!) 275 SQUID_STATE_SAVE(check_const_X509_get0_signature_args) 276 AC_MSG_CHECKING("whether X509_get0_signature() accepts const parameters") 277 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 278#include <openssl/ssl.h> 279 ],[ 280#if HAVE_LIBCRYPTO_X509_GET0_SIGNATURE 281 const ASN1_BIT_STRING *sig = nullptr; 282 const X509_ALGOR *sig_alg; 283 X509_get0_signature(&sig, &sig_alg, nullptr); 284#else 285#error Missing X509_get0_signature() 286#endif 287 ]) 288 ],[ 289 AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS, const) 290 AC_MSG_RESULT([yes]) 291 ],[ 292 AC_DEFINE(SQUID_CONST_X509_GET0_SIGNATURE_ARGS,) 293 AC_MSG_RESULT([no]) 294 ]) 295 SQUID_STATE_ROLLBACK(check_const_X509_get0_signature_args) 296]) 297 298dnl Try to handle TXT_DB related problems: 299dnl 1) The type of TXT_DB::data member changed in openSSL-1.0.1 version 300dnl 2) The IMPLEMENT_LHASH_* openSSL macros in openSSL-1.0.1 and later releases is not 301dnl implemented correctly and causes type conversion errors while compiling squid 302 303AC_DEFUN([SQUID_CHECK_OPENSSL_TXTDB],[ 304 AH_TEMPLATE(SQUID_SSLTXTDB_PSTRINGDATA, "Define to 1 if the TXT_DB uses OPENSSL_PSTRING data member") 305 AH_TEMPLATE(SQUID_STACKOF_PSTRINGDATA_HACK, "Define to 1 to use squid workaround for buggy versions of sk_OPENSSL_PSTRING_value") 306 AH_TEMPLATE(SQUID_USE_SSLLHASH_HACK, "Define to 1 to use squid workaround for openssl IMPLEMENT_LHASH_* type conversion errors") 307 308 SQUID_STATE_SAVE(check_TXTDB) 309 310 LIBS="$LIBS $SSLLIB" 311 squid_cv_check_openssl_pstring="no" 312 AC_MSG_CHECKING(whether the TXT_DB use OPENSSL_PSTRING data member) 313 AC_COMPILE_IFELSE([ 314 AC_LANG_PROGRAM( 315 [ 316 #include <openssl/txt_db.h> 317 ], 318 [ 319 TXT_DB *db = NULL; 320 int i = sk_OPENSSL_PSTRING_num(db->data); 321 return 0; 322 ]) 323 ], 324 [ 325 AC_DEFINE(SQUID_SSLTXTDB_PSTRINGDATA, 1) 326 AC_MSG_RESULT([yes]) 327 squid_cv_check_openssl_pstring="yes" 328 ], 329 [ 330 AC_MSG_RESULT([no]) 331 ], 332 []) 333 334 if test x"$squid_cv_check_openssl_pstring" = "xyes"; then 335 AC_MSG_CHECKING(whether the squid workaround for buggy versions of sk_OPENSSL_PSTRING_value should used) 336 AC_COMPILE_IFELSE([ 337 AC_LANG_PROGRAM( 338 [ 339 #include <openssl/txt_db.h> 340 ], 341 [ 342 TXT_DB *db = NULL; 343 const char ** current_row = ((const char **)sk_OPENSSL_PSTRING_value(db->data, 0)); 344 return (current_row != NULL); 345 ]) 346 ], 347 [ 348 AC_MSG_RESULT([no]) 349 ], 350 [ 351 AC_DEFINE(SQUID_STACKOF_PSTRINGDATA_HACK, 1) 352 AC_MSG_RESULT([yes]) 353 ], 354 []) 355 fi 356 357 AC_MSG_CHECKING(whether the workaround for OpenSSL IMPLEMENT_LHASH_ macros should used) 358 AC_COMPILE_IFELSE([ 359 AC_LANG_PROGRAM( 360 [ 361 #include <openssl/txt_db.h> 362 363 static unsigned long index_serial_hash(const char **a){} 364 static int index_serial_cmp(const char **a, const char **b){} 365 static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **) 366 static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **) 367 ], 368 [ 369 TXT_DB *db = NULL; 370 TXT_DB_create_index(db, 1, NULL, LHASH_HASH_FN(index_serial_hash), LHASH_COMP_FN(index_serial_cmp)); 371 ]) 372 ], 373 [ 374 AC_MSG_RESULT([no]) 375 ], 376 [ 377 AC_MSG_RESULT([yes]) 378 AC_DEFINE(SQUID_USE_SSLLHASH_HACK, 1) 379 ], 380[]) 381 382SQUID_STATE_ROLLBACK(check_TXTDB) 383]) 384 385dnl Check if we can rewrite the hello message stored in an SSL object. 386dnl The tests are very basic, just check if the required members exist in 387dnl SSL structure. 388AC_DEFUN([SQUID_CHECK_OPENSSL_HELLO_OVERWRITE_HACK],[ 389 AH_TEMPLATE(SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK, "Define to 1 if hello message can be overwritten in SSL struct") 390 SQUID_STATE_SAVE(check_openSSL_overwrite_hack) 391 AC_MSG_CHECKING(whether hello message can be overwritten in SSL struct) 392 393 AC_COMPILE_IFELSE([ 394 AC_LANG_PROGRAM( 395 [ 396 #include <openssl/ssl.h> 397 #include <openssl/err.h> 398 #include <assert.h> 399 ], 400 [ 401 SSL *ssl; 402 char *random, *msg; 403 memcpy(ssl->s3->client_random, random, SSL3_RANDOM_SIZE); 404 SSL3_BUFFER *wb=&(ssl->s3->wbuf); 405 assert(wb->len == 0); 406 memcpy(wb->buf, msg, 0); 407 assert(wb->left == 0); 408 memcpy(ssl->init_buf->data, msg, 0); 409 ssl->init_num = 0; 410 ssl->s3->wpend_ret = 0; 411 ssl->s3->wpend_tot = 0; 412 SSL_CIPHER *cipher = 0; 413 assert(SSL_CIPHER_get_id(cipher)); 414 ]) 415 ], 416 [ 417 AC_MSG_RESULT([possibly; to try, set SQUID_USE_OPENSSL_HELLO_OVERWRITE_HACK macro value to 1]) 418 ], 419 [ 420 AC_MSG_RESULT([no]) 421 ], 422 []) 423 424SQUID_STATE_ROLLBACK(check_openSSL_overwrite_hack) 425] 426) 427