diff --git a/build/pkgs/openssl/spkg-configure.m4 b/build/pkgs/openssl/spkg-configure.m4 index 2862d7ebec0..fd2d257d721 100644 --- a/build/pkgs/openssl/spkg-configure.m4 +++ b/build/pkgs/openssl/spkg-configure.m4 @@ -1,6 +1,6 @@ SAGE_SPKG_CONFIGURE([openssl], [ AX_CHECK_OPENSSL([ - AC_MSG_CHECKING([whether OpenSSL >= 1.1.1, as required by PEP 644]) + AC_MSG_CHECKING([whether OpenSSL >= 1.1.1, as required by PEP 644, and provides required APIs]) AC_COMPILE_IFELSE( dnl Trac #32580: Need OpenSSL >= 1.1.1 for PEP 644 dnl From https://www.openssl.org/docs/man3.0/man3/OPENSSL_VERSION_NUMBER.html: @@ -12,12 +12,33 @@ SAGE_SPKG_CONFIGURE([openssl], [ dnl FF is "fix" dnl S is "status" (f = release) dnl -> OPENSSL_VERSION_NUMBER is 0xMNNFFPPSL + dnl + dnl Trac #34273: Test program from ​https://github.com/python/cpython/blob/3.10/configure.ac#L5845 [AC_LANG_PROGRAM([[ + #include + #include #include #if OPENSSL_VERSION_NUMBER < 0x10101000L - # error OpenSSL >= 1.1.1 is required according to PEP 644 + #error OpenSSL >= 1.1.1 is required according to PEP 644 #endif - ]], [])], [ + static void keylog_cb(const SSL *ssl, const char *line) {} + ]], [[ + /* SSL APIs */ + SSL_CTX *ctx = SSL_CTX_new(TLS_client_method()); + SSL_CTX_set_keylog_callback(ctx, keylog_cb); + SSL *ssl = SSL_new(ctx); + X509_VERIFY_PARAM *param = SSL_get0_param(ssl); + X509_VERIFY_PARAM_set1_host(param, "python.org", 0); + SSL_free(ssl); + SSL_CTX_free(ctx); + /* hashlib APIs */ + OBJ_nid2sn(NID_md5); + OBJ_nid2sn(NID_sha1); + OBJ_nid2sn(NID_sha3_512); + OBJ_nid2sn(NID_blake2b512); + EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 8, 1, 0, NULL, 0); + ]]) + ], [ AC_MSG_RESULT([yes]) sage_spkg_install_openssl=no ], [