diff options
author | Ben Pfaff <blp@ovn.org> | 2019-03-20 17:38:53 -0700 |
---|---|---|
committer | Ben Pfaff <blp@ovn.org> | 2019-04-16 14:27:58 -0700 |
commit | b291eb69d33880bf4664fd2078050418becb5739 (patch) | |
tree | 2433b770d9c66bb9aef4a5afb3c2c306e045fde1 /m4 | |
parent | f72469405eec9505cf99b1fa599ed0cf0fc595b0 (diff) | |
download | openvswitch-b291eb69d33880bf4664fd2078050418becb5739.tar.gz |
stream-ssl: Add support for TLS SNI (Server Name Indication).
This TLS extension, introduced in RFC 3546, allows the server to know what
host the client believes it is contacting, the TLS equivalent of the Host:
header in HTTP.
Tested-by: Yifeng Sun <pkusunyifeng@gmail.com>
Reviewed-by: Yifeng Sun <pkusunyifeng@gmail.com>
Requested-by: Shivaram Mysore <smysore@servicefractal.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
Diffstat (limited to 'm4')
-rw-r--r-- | m4/openvswitch.m4 | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4 index 41042c98e..b599f17d7 100644 --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 @@ -1,6 +1,6 @@ # -*- autoconf -*- -# Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016 Nicira, Inc. +# Copyright (c) 2008-2016, 2019 Nicira, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -285,7 +285,24 @@ OpenFlow connections over SSL will not be supported. AM_CONDITIONAL([HAVE_OPENSSL], [test "$HAVE_OPENSSL" = yes]) if test "$HAVE_OPENSSL" = yes; then AC_DEFINE([HAVE_OPENSSL], [1], [Define to 1 if OpenSSL is installed.]) - fi]) + fi + + OPENSSL_SUPPORTS_SNI=no + if test $HAVE_OPENSSL = yes; then + save_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS $SSL_INCLUDES" + AC_CHECK_DECL([SSL_set_tlsext_host_name], [OPENSSL_SUPPORTS_SNI=yes], + [], [#include <openssl/ssl.h> +]) + if test $OPENSSL_SUPPORTS_SNI = yes; then + AC_DEFINE( + [OPENSSL_SUPPORTS_SNI], [1], + [Define to 1 if OpenSSL supports Server Name Indication (SNI).]) + fi + CPPFLAGS=$save_CPPFLAGS + fi + AC_SUBST([OPENSSL_SUPPORTS_SNI]) +]) dnl Checks for libraries needed by lib/socket-util.c. AC_DEFUN([OVS_CHECK_SOCKET_LIBS], @@ -691,7 +708,7 @@ AC_DEFUN([OVS_CHECK_CXX], dnl Checks for unbound library. AC_DEFUN([OVS_CHECK_UNBOUND], - [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes]) + [AC_CHECK_LIB(unbound, ub_ctx_create, [HAVE_UNBOUND=yes], [HAVE_UNBOUND=no]) if test "$HAVE_UNBOUND" = yes; then AC_DEFINE([HAVE_UNBOUND], [1], [Define to 1 if unbound is detected.]) LIBS="$LIBS -lunbound" |