krb5 commit [krb5-1.13]: Autodetect OpenSSL CMS for LibreSSL compatibility
Tom Yu
tlyu at mit.edu
Thu Aug 21 18:11:03 EDT 2014
https://github.com/krb5/krb5/commit/d300093bc0b3d7a996094c02d86c6058cd0c5045
commit d300093bc0b3d7a996094c02d86c6058cd0c5045
Author: maurerpe <junk4me46806 at yahoo.com>
Date: Thu Aug 14 17:43:55 2014 -0400
Autodetect OpenSSL CMS for LibreSSL compatibility
LibreSSL currently does not support CMS, so checking for CMS via
OPENSSL_VERSION_NUMBER isn't reliable. Detect CMS support via
autoconf instead.
[ghudson at mit.edu: clarified commit message; minor style changes]
(cherry picked from commit a7a8e3186a21c15132cd8fb6c141afcf25a1fb74)
ticket: 7993
version_fixed: 1.13
status: resolved
src/configure.in | 3 +++
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 4 ++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/configure.in b/src/configure.in
index 621f105..58e6e54 100644
--- a/src/configure.in
+++ b/src/configure.in
@@ -242,6 +242,9 @@ case "$withval" in
builtin|openssl)
AC_CHECK_LIB(crypto, PKCS7_get_signer_info, PKINIT_CRYPTO_IMPL_LIBS=-lcrypto)
PKINIT_CRYPTO_IMPL=openssl
+ AC_CHECK_LIB(crypto, CMS_get0_content,
+ [AC_DEFINE([HAVE_OPENSSL_CMS], 1,
+ [Define if OpenSSL supports cms.])])
;;
nss)
if test "${PKINIT_CRYPTO_IMPL_CFLAGS+set}" != set; then
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 4d9b5e5..0c2d173 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -156,8 +156,8 @@ static char *
pkinit_pkcs11_code_to_text(int err);
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
-/* Use CMS support present in OpenSSL 1.0 and later. */
+#ifdef HAVE_OPENSSL_CMS
+/* Use CMS support present in OpenSSL. */
#include <openssl/cms.h>
#define pkinit_CMS_get0_content_signed(_cms) CMS_get0_content(_cms)
#define pkinit_CMS_get0_content_data(_cms) CMS_get0_content(_cms)
More information about the cvs-krb5
mailing list