Hello, below is patch which should stop all complaints from new OpenSSL by trying to initialize the PRNG at its best. It gives stunnel two new options: Choose source of random data: -R0 automatically (/dev/random and /dev/urandom) -R1 from file (-S required) -R2 use EGD (-S required) Use -S to specify pathname to the random file or EGD socket. Actually, the new procedure always tries to use /dev/random and /dev/urandom, even if -R1 or -R2 is used. The latter is available only with recent OpenSSL, which has RAND_egd() function. Please test it, comment, and don't get used to the new options too much because they may be changed if Michal decides so. diff -bruN stunnel-3.8/common.h stunnel-3.8.new/common.h --- stunnel-3.8/common.h Thu Feb 24 12:35:00 2000 +++ stunnel-3.8.new/common.h Sun Apr 2 22:53:18 2000 @@ -153,6 +153,11 @@ char *protocol; char *setuid_user; char *setgid_group; + int random_method; /* method of seeding the PRNG */ +#define OPT_RANDOM_AUTO 0 /* try to use best entropy source */ +#define OPT_RANDOM_FILE 1 /* seed from file */ +#define OPT_RANDOM_EGD 2 /* Brian Warner's ,,Entropy Gathering Daemon'' */ + char *random_file; } server_options; /* Prototypes for stunnel.c */ diff -bruN stunnel-3.8/ssl.c stunnel-3.8.new/ssl.c --- stunnel-3.8/ssl.c Fri Feb 18 16:26:48 2000 +++ stunnel-3.8.new/ssl.c Sun Apr 2 23:20:11 2000 @@ -117,6 +117,7 @@ /* SSL functions */ void context_init(); +void random_init(); void context_free(); void client(int); static int transfer(SSL *, int); @@ -147,6 +148,68 @@ /* const allowed here */ #endif +void random_init(void) /* initialize OpenSSL's PRNG */ +{ + int ret; + struct stat s; + int seeded = 0; + +#define DEV_RANDOM_BYTES 64 /* how many bytes to read */ +#define DEV_RANDOM "/dev/random" +#define DEV_URANDOM "/dev/urandom" + +#ifdef USE_WIN32 + log(LOG_DEBUG, "Seeding PRNG with screen data"); + RAND_screen(); + seeded++; +#endif + + /* Always attept to seed from good entropy sources, + first try /dev/random */ + ret = stat(DEV_RANDOM, &s); + if(!ret) { + ret = RAND_load_file(DEV_RANDOM, DEV_RANDOM_BYTES); + seeded |= (ret > 0); + if(ret>0) + log(LOG_DEBUG, "Seeded PRNG from " DEV_RANDOM); + + } + + /* And if there's not /dev/random try /dev/urandom */ + ret = stat(DEV_URANDOM, &s); + if(!ret && !seeded) { + ret = RAND_load_file(DEV_URANDOM, DEV_RANDOM_BYTES); + seeded |= (ret > 0); + if(ret>0) + log(LOG_DEBUG, "Seeded PRNG from " DEV_URANDOM); + } + +#ifdef HAVE_RANDOM_EGD + if(options.random_method == OPT_RANDOM_EGD + && options.random_file) { + ret = RAND_egd(options.random_file); + seeded |= (ret > 0); + if(ret<0) + log(LOG_WARNING, "Seeding PRNG from EGD failed"); + else + log(LOG_DEBUG, "Seeded PRNG from EGD"); + } +#endif + if(options.random_method == OPT_RANDOM_FILE + && options.random_file) { + ret = RAND_load_file(options.random_file, -1); + seeded |= (ret > 0); + if(ret<0) + log(LOG_WARNING, "Seeding PRNG from file failed"); + else + log(LOG_DEBUG, "Seeded PRNG from file"); + } + + if(!seeded) + log(LOG_WARNING, "Failed to seed PRNG with any random data"); + +} /* END random_init() */ + void context_init() /* init SSL */ { #ifndef NO_DH @@ -154,6 +217,7 @@ BIO *bio=NULL; #endif /* NO_DH */ + random_init(); SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); if(options.option&OPT_CLIENT) { diff -bruN stunnel-3.8/stunnel.c stunnel-3.8.new/stunnel.c --- stunnel-3.8/stunnel.c Thu Feb 24 12:32:27 2000 +++ stunnel-3.8.new/stunnel.c Sun Apr 2 22:58:56 2000 @@ -117,6 +117,9 @@ #ifndef USE_WIN32 static void signal_handler(int); #endif +#ifdef HAVE_GETOPT_H +# define HAVE_GETOPT 1 +#endif #ifndef HAVE_GETOPT static int getopt(int, char **, char *); #endif @@ -216,9 +219,32 @@ options.protocol=NULL; options.setuid_user=NULL; options.setgid_group=NULL; + options.random_method=OPT_RANDOM_AUTO; + options.random_file=NULL; + opterr=0; - while ((c = getopt(argc, argv, "a:cp:v:d:fTl:L:r:s:g:t:u:n:hC:D:V")) != EOF) + while ((c = getopt(argc, argv, "a:cp:v:d:fTl:L:r:s:g:t:u:n:hC:D:VR:S:")) != EOF) switch (c) { + case 'R': + switch(atoi(optarg)) { +#ifdef HAVE_RANDOM_EGD + case 2: + options.random_method = OPT_RANDOM_EGD; + break; +#endif + case 1: + options.random_method = OPT_RANDOM_FILE; + break; + case 0: + options.random_method = OPT_RANDOM_AUTO; + default: + log(LOG_ERR, "Bad random seeding method"); + print_help(); + } + break; + case 'S': + options.random_file = optarg; + break; case 'a': safecopy(options.clientdir, optarg); break; @@ -329,6 +355,12 @@ log(LOG_ERR, "INTERNAL ERROR: Illegal option: '%c'", c); print_help(); } + if( (options.random_method == OPT_RANDOM_EGD + || options.random_method == OPT_RANDOM_FILE) + && options.random_file == NULL) { + log(LOG_ERR, "Pathname (-S) needed when -R1 or -R2 used"); + print_help(); + } if (options.option & OPT_CLIENT) { if (!(options.option & OPT_REMOTE)) { log(LOG_ERR, "Remote service must be specified"); @@ -922,6 +954,16 @@ "\n -h\t\tprint this help screen" "\n -C list\tset permitted SSL ciphers" "\n -D level\tdebug level (0-7) default: 5" + "\n -R \t\trandom generator seeding method (0,1" +#ifdef HAVE_RANDOM_EGD + ",2" +#endif + ") default: 0" + "\n -S pathname\tpath to random source file (only when -R1" +#ifdef HAVE_RANDOM_EGD + " or -R2" +#endif + ")" "\n -V\t\tprint stunnel version\n"); exit(1); } diff -bruN stunnel-3.8/configure stunnel-3.8.new/configure --- stunnel-3.8/configure Thu Feb 24 12:28:45 2000 +++ stunnel-3.8.new/configure Sun Apr 2 22:51:54 2000 @@ -1,7 +1,7 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.13 +# Generated automatically using autoconf version 2.14.1 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation @@ -47,8 +47,8 @@ libdir='${exec_prefix}/lib' includedir='${prefix}/include' oldincludedir='/usr/include' -infodir='${prefix}/info' -mandir='${prefix}/man' +infodir='${prefix}/share/info' +mandir='${prefix}/share/man' # Initialize some other variables. subdirs= @@ -337,7 +337,7 @@ verbose=yes ;; -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.13" + echo "configure generated by autoconf version 2.14.1" exit 0 ;; -with-* | --with-*) @@ -385,7 +385,7 @@ *) if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then - echo "configure: warning: $ac_option: invalid host type" 1>&2 + echo "configure: WARNING: $ac_option: invalid host type" 1>&2 fi if test "x$nonopt" != xNONE; then { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } @@ -438,6 +438,9 @@ esac done +# Support of DJGPP port of bash. +if test -n "$COMSPEC$ComSpec"; then ac_x=-x; else ac_x=-f; fi + # NLS nuisances. # Only set these to C if already set. These must not be set unconditionally # because not all systems understand e.g. LANG=C (notably SCO). @@ -497,7 +500,7 @@ if test -r "$cache_file"; then echo "loading cache $cache_file" - . $cache_file + test -f "$cache_file" && . $cache_file else echo "creating cache $cache_file" > $cache_file @@ -541,42 +544,56 @@ if test -z "$ac_aux_dir"; then { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } fi -ac_config_guess=$ac_aux_dir/config.guess -ac_config_sub=$ac_aux_dir/config.sub -ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. - +ac_config_guess="$SHELL $ac_aux_dir/config.guess" +ac_config_sub="$SHELL $ac_aux_dir/config.sub" +ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. -# Make sure we can run config.sub. -if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : -else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } -fi echo $ac_n "checking host system type""... $ac_c" 1>&6 -echo "configure:556: checking host system type" >&5 +echo "configure:554: checking host system type" >&5 +if test "x$ac_cv_host" = "x" || (test "x$host" != "xNONE" && test "x$host" != "x$ac_cv_host_alias"); then -host_alias=$host -case "$host_alias" in -NONE) +# Make sure we can run config.sub. + if $ac_config_sub sun4 >/dev/null 2>&1; then : + else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } + fi + + ac_cv_host_alias=$host + case "$ac_cv_host_alias" in + NONE) case $nonopt in NONE) - if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : + if ac_cv_host_alias=`$ac_config_guess`; then : else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } fi ;; - *) host_alias=$nonopt ;; + *) ac_cv_host_alias=$nonopt ;; esac ;; -esac + esac + + ac_cv_host=`$ac_config_sub $ac_cv_host_alias` + ac_cv_host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` + ac_cv_host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` + ac_cv_host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +else + echo $ac_n "(cached) $ac_c" 1>&6 +fi + +echo "$ac_t""$ac_cv_host" 1>&6 + +host=$ac_cv_host +host_alias=$ac_cv_host_alias +host_cpu=$ac_cv_host_cpu +host_vendor=$ac_cv_host_vendor +host_os=$ac_cv_host_os + + -host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` -host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` -host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` -host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$ac_t""$host" 1>&6 # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:579: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then +echo "configure:596: checking for $ac_word" >&5 +if eval "test \"\${ac_cv_prog_CC+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then @@ -586,7 +603,7 @@ ac_dummy="$PATH" for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then + if test $ac_x $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" break fi @@ -605,8 +622,8 @@ # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:609: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then +echo "configure:626: checking for $ac_word" >&5 +if eval "test \"\${ac_cv_prog_CC+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then @@ -617,7 +634,7 @@ ac_dummy="$PATH" for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then + if test $ac_x $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue @@ -652,12 +669,12 @@ if test -z "$CC"; then case "`uname -s`" in - *win32* | *WIN32*) + *win32* | *WIN32* | *CYGWIN*) # Extract the first word of "cl", so it can be a program name with args. set dummy cl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:660: checking for $ac_word" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then +echo "configure:677: checking for $ac_word" >&5 +if eval "test \"\${ac_cv_prog_CC+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then @@ -667,7 +684,7 @@ ac_dummy="$PATH" for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. - if test -f $ac_dir/$ac_word; then + if test $ac_x $ac_dir/$ac_word; then ac_cv_prog_CC="cl" break fi @@ -687,8 +704,8 @@ test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:692: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $CPPFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:709: checking whether the C compiler ($CC $CFLAGS $CPPFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. @@ -699,12 +716,12 @@ cat > conftest.$ac_ext << EOF -#line 703 "configure" +#line 720 "configure" #include "confdefs.h" main(){return(0);} EOF -if { (eval echo configure:708: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:725: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -729,14 +746,14 @@ if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi -echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:734: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $CPPFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:751: checking whether the C compiler ($CC $CFLAGS $CPPFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:739: checking whether we are using GNU C" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then +echo "configure:756: checking whether we are using GNU C" >&5 +if eval "test \"\${ac_cv_prog_gcc+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:765: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -763,8 +780,8 @@ ac_save_CFLAGS="$CFLAGS" CFLAGS= echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:767: checking whether ${CC-cc} accepts -g" >&5 -if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then +echo "configure:784: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"\${ac_cv_prog_cc_g+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else echo 'void f(){}' > conftest.c @@ -807,9 +824,9 @@ # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 -echo "configure:811: checking for a BSD compatible install" >&5 +echo "configure:828: checking for a BSD compatible install" >&5 if test -z "$INSTALL"; then -if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then +if eval "test \"\${ac_cv_path_install+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" @@ -822,11 +839,15 @@ # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do - if test -f $ac_dir/$ac_prog; then + if test $ac_x $ac_dir/$ac_prog; then if test $ac_prog = install && grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : + elif test $ac_prog = install && + grep pwplus $ac_dir/$ac_prog >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : else ac_cv_path_install="$ac_dir/$ac_prog -c" break 2 @@ -855,14 +876,14 @@ # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' -test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 -echo "configure:864: checking whether ${MAKE-make} sets \${MAKE}" >&5 +echo "configure:885: checking whether ${MAKE-make} sets \${MAKE}" >&5 set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then +if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftestmake <<\EOF @@ -903,8 +924,8 @@ ac_safe=`echo ""/dev/urandom"" | sed 'y%./+-%__p_%'` echo $ac_n "checking for "/dev/urandom"""... $ac_c" 1>&6 -echo "configure:907: checking for "/dev/urandom"" >&5 -if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then +echo "configure:928: checking for "/dev/urandom"" >&5 +if eval "test \"\${ac_cv_file_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then @@ -935,7 +956,7 @@ checkssldir() { : - if test -d "$1/certs"; then +# if test -d "$1/certs"; then if test -f "$1/include/openssl/ssl.h"; then cat >> confdefs.h <<\EOF #define HAVE_OPENSSL 1 @@ -948,12 +969,12 @@ ssldir="$1" return 0 fi - fi +# fi return 1 } echo $ac_n "checking for SSL directory""... $ac_c" 1>&6 -echo "configure:957: checking for SSL directory" >&5 +echo "configure:978: checking for SSL directory" >&5 # Check whether --with-ssl or --without-ssl was given. if test "${with_ssl+set}" = set; then withval="$with_ssl" @@ -993,15 +1014,15 @@ echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 -echo "configure:997: checking for gethostbyname in -lnsl" >&5 +echo "configure:1018: checking for gethostbyname in -lnsl" >&5 ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1037: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1040,15 +1061,15 @@ fi echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:1044: checking for socket in -lsocket" >&5 +echo "configure:1065: checking for socket in -lsocket" >&5 ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1084: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1087,15 +1108,15 @@ fi echo $ac_n "checking for pthread_create in -lpthread""... $ac_c" 1>&6 -echo "configure:1091: checking for pthread_create in -lpthread" >&5 +echo "configure:1112: checking for pthread_create in -lpthread" >&5 ac_lib_var=`echo pthread'_'pthread_create | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lpthread $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1131: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1134,15 +1155,15 @@ fi echo $ac_n "checking for pthread_create in -lc_r""... $ac_c" 1>&6 -echo "configure:1138: checking for pthread_create in -lc_r" >&5 +echo "configure:1159: checking for pthread_create in -lc_r" >&5 ac_lib_var=`echo c_r'_'pthread_create | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lc_r $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1178: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1181,15 +1202,15 @@ fi echo $ac_n "checking for openpty in -lutil""... $ac_c" 1>&6 -echo "configure:1185: checking for openpty in -lutil" >&5 +echo "configure:1206: checking for openpty in -lutil" >&5 ac_lib_var=`echo util'_'openpty | sed 'y%./+-%__p_%'` -if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then +if eval "test \"\${ac_cv_lib_$ac_lib_var+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else ac_save_LIBS="$LIBS" LIBS="-lutil $LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1225: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1228,19 +1249,82 @@ fi + +echo $ac_n "checking for library containing RAND_egd""... $ac_c" 1>&6 +echo "configure:1255: checking for library containing RAND_egd" >&5 +if eval "test \"\${ac_cv_search_RAND_egd+set}\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_func_search_save_LIBS="$LIBS" +ac_cv_search_RAND_egd="no" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_search_RAND_egd="none required" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +test "$ac_cv_search_RAND_egd" = "no" && for i in crypto; do +LIBS="-l$i $ac_func_search_save_LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_search_RAND_egd="-l$i" +break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done +LIBS="$ac_func_search_save_LIBS" +fi + +echo "$ac_t""$ac_cv_search_RAND_egd" 1>&6 +if test "$ac_cv_search_RAND_egd" != "no"; then + test "$ac_cv_search_RAND_egd" = "none required" || LIBS="$ac_cv_search_RAND_egd $LIBS" + CFLAGS="$CFLAGS -DHAVE_RANDOM_EGD" +else : + +fi + echo $ac_n "checking for hosts_access in -lwrap""... $ac_c" 1>&6 -echo "configure:1233: checking for hosts_access in -lwrap" >&5 +echo "configure:1317: checking for hosts_access in -lwrap" >&5 saved_LIBS="$LIBS" LIBS="-lwrap $saved_LIBS" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1328: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* echo "$ac_t""yes" 1>&6; cat >> confdefs.h <<\EOF #define HAVE_LIBWRAP 1 @@ -1258,18 +1342,18 @@ LIBS="$LIBS -L$ssldir/lib -lssl -lcrypto" echo $ac_n "checking for RSAref library""... $ac_c" 1>&6 -echo "configure:1262: checking for RSAref library" >&5 +echo "configure:1346: checking for RSAref library" >&5 saved_LIBS="$LIBS" LIBS="$saved_LIBS -lRSAglue -lrsaref" cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1357: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* echo "$ac_t""yes" 1>&6; else @@ -1281,10 +1365,11 @@ rm -f conftest* + ac_safe=`echo ""/dev/ptmx"" | sed 'y%./+-%__p_%'` echo $ac_n "checking for "/dev/ptmx"""... $ac_c" 1>&6 -echo "configure:1287: checking for "/dev/ptmx"" >&5 -if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then +echo "configure:1372: checking for "/dev/ptmx"" >&5 +if eval "test \"\${ac_cv_file_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then @@ -1311,8 +1396,8 @@ ac_safe=`echo ""/dev/ptc"" | sed 'y%./+-%__p_%'` echo $ac_n "checking for "/dev/ptc"""... $ac_c" 1>&6 -echo "configure:1315: checking for "/dev/ptc"" >&5 -if eval "test \"`echo '$''{'ac_cv_file_$ac_safe'+set}'`\" = set"; then +echo "configure:1400: checking for "/dev/ptc"" >&5 +if eval "test \"\${ac_cv_file_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test "$cross_compiling" = yes; then @@ -1341,13 +1426,13 @@ # AC_HEADER_STDC # AC_HEADER_SYS_WAIT echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:1345: checking how to run the C preprocessor" >&5 +echo "configure:1430: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then -if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then +if eval "test \"\${ac_cv_prog_CPP+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else # This must be in double quotes, not single quotes, because CPP may get @@ -1356,13 +1441,13 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1366: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1451: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1373,13 +1458,13 @@ rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1468: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1390,13 +1475,13 @@ rm -rf conftest* CPP="${CC-cc} -nologo -E" cat > conftest.$ac_ext < Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1400: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1485: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : @@ -1424,17 +1509,17 @@ do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:1428: checking for $ac_hdr" >&5 -if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then +echo "configure:1513: checking for $ac_hdr" >&5 +if eval "test \"\${ac_cv_header_$ac_safe+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext < EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1438: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +{ (eval echo configure:1523: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* @@ -1471,12 +1556,12 @@ for ac_func in getopt snprintf vsnprintf openpty _getpty do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:1475: checking for $ac_func" >&5 -if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then +echo "configure:1560: checking for $ac_func" >&5 +if eval "test \"\${ac_cv_func_$ac_func+set}\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then +if { (eval echo configure:1589: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -1591,7 +1677,7 @@ # Protect against shell expansion while executing Makefile rules. # Protect against Makefile macro expansion. cat > conftest.defs <<\EOF -s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g +s%#define \([^ ][^ ]*\) *\(.*\)%-D\1=\2%g s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g s%\[%\\&%g s%\]%\\&%g @@ -1626,7 +1712,7 @@ echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.13" + echo "$CONFIG_STATUS generated by autoconf version 2.14.1" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; @@ -1753,14 +1839,15 @@ .) srcdir=. if test -z "$ac_dots"; then top_srcdir=. else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; - /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + /*|[A-z]:/*) + srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; *) # Relative path. srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" top_srcdir="$ac_dots$ac_given_srcdir" ;; esac case "$ac_given_INSTALL" in - [/$]*) INSTALL="$ac_given_INSTALL" ;; + [/$]*|[A-z]:/*) INSTALL="$ac_given_INSTALL" ;; *) INSTALL="$ac_dots$ac_given_INSTALL" ;; esac @@ -1773,7 +1860,7 @@ *) ac_comsub= ;; esac - ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + ac_file_inputs=`echo $ac_file_in|sed -e "s%:% $ac_given_srcdir/%g" -e "s%^%$ac_given_srcdir/%"` sed -e "$ac_comsub s%@configure_input@%$configure_input%g s%@srcdir@%$srcdir%g @@ -1793,6 +1880,6 @@ EOF chmod +x $CONFIG_STATUS rm -fr confdefs* $ac_clean_files -test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 +test "$no_create" = yes || $SHELL $CONFIG_STATUS || exit 1 diff -bruN stunnel-3.8/configure.in stunnel-3.8.new/configure.in --- stunnel-3.8/configure.in Tue Feb 22 14:19:04 2000 +++ stunnel-3.8.new/configure.in Sun Apr 2 22:51:52 2000 @@ -28,7 +28,7 @@ ) checkssldir() { : - if test -d "$1/certs"; then +# if test -d "$1/certs"; then if test -f "$1/include/openssl/ssl.h"; then AC_DEFINE(HAVE_OPENSSL) ssldir="$1" @@ -38,7 +38,7 @@ ssldir="$1" return 0 fi - fi +# fi return 1 } @@ -82,6 +82,9 @@ AC_CHECK_LIB(c_r, pthread_create) AC_CHECK_LIB(util, openpty) +dnl Check for EGD support in libcrypto +AC_SEARCH_LIBS(RAND_egd, crypto, [ CFLAGS="$CFLAGS -DHAVE_RANDOM_EGD" ]) + dnl Check for libwrap library. AC_MSG_CHECKING([for hosts_access in -lwrap]) saved_LIBS="$LIBS" @@ -102,6 +105,7 @@ AC_TRY_LINK([], [], [AC_MSG_RESULT(yes); ], [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") + dnl Check PTY device files. AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)) -- Pawel Krawczyk, CETI internet, Krakow. http://ceti.pl/~kravietz/