1 files changed, 42 insertions, 92 deletions

diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index 39543f30b5..14daae9786 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -19,12 +19,15 @@ dir_config("kerberos")
 
 Logging::message "=== OpenSSL for Ruby configurator ===\n"
 
+# Add -Werror=deprecated-declarations to $warnflags if available
+OpenSSL.deprecated_warning_flag
+
 ##
 # Adds -DOSSL_DEBUG for compilation and some more targets when GCC is used
 # To turn it on, use: --with-debug or --enable-debug
 #
 if with_config("debug") or enable_config("debug")
-  $defs.push("-DOSSL_DEBUG") unless $defs.include? "-DOSSL_DEBUG"
+  $defs.push("-DOSSL_DEBUG")
 end
 
 Logging::message "=== Checking for system dependent stuff... ===\n"
@@ -39,7 +42,6 @@ if $mingw
 end
 
 result = pkg_config("openssl") && have_header("openssl/ssl.h")
-
 unless result
   result = have_header("openssl/ssl.h")
   result &&= %w[crypto libeay32].any? {|lib| have_library(lib, "OpenSSL_add_all_digests")}
@@ -51,111 +53,59 @@ unless result
   end
 end
 
-unless have_header("openssl/conf_api.h")
-  raise "OpenSSL 0.9.6 or later required."
+result = checking_for("OpenSSL version is 0.9.8 or later") {
+  try_static_assert("OPENSSL_VERSION_NUMBER >= 0x00908000L", "openssl/opensslv.h")
+}
+unless result
+  raise "OpenSSL 0.9.8 or later required."
 end
+
 unless OpenSSL.check_func("SSL_library_init()", "openssl/ssl.h")
   raise "Ignore OpenSSL broken by Apple.\nPlease use another openssl. (e.g. using `configure --with-openssl-dir=/path/to/openssl')"
 end
 
 Logging::message "=== Checking for OpenSSL features... ===\n"
-have_func("ERR_peek_last_error")
-have_func("ASN1_put_eoc")
-have_func("BN_mod_add")
-have_func("BN_mod_sqr")
-have_func("BN_mod_sub")
-have_func("BN_pseudo_rand_range")
-have_func("BN_rand_range")
-have_func("CONF_get1_default_config_file")
-have_func("EVP_CIPHER_CTX_copy")
-have_func("EVP_CIPHER_CTX_set_padding")
-have_func("EVP_CipherFinal_ex")
-have_func("EVP_CipherInit_ex")
-have_func("EVP_DigestFinal_ex")
-have_func("EVP_DigestInit_ex")
-have_func("EVP_MD_CTX_cleanup")
-have_func("EVP_MD_CTX_create")
-have_func("EVP_MD_CTX_destroy")
-have_func("EVP_MD_CTX_init")
-have_func("HMAC_CTX_cleanup")
-have_func("HMAC_CTX_copy")
-have_func("HMAC_CTX_init")
-have_func("PEM_def_callback")
-have_func("PKCS5_PBKDF2_HMAC")
-have_func("PKCS5_PBKDF2_HMAC_SHA1")
-have_func("RAND_egd")
-have_func("X509V3_set_nconf")
-have_func("X509V3_EXT_nconf_nid")
-have_func("X509_CRL_add0_revoked")
-have_func("X509_CRL_set_issuer_name")
-have_func("X509_CRL_set_version")
-have_func("X509_CRL_sort")
-have_func("X509_NAME_hash_old")
-have_func("X509_STORE_get_ex_data")
-have_func("X509_STORE_set_ex_data")
-have_func("OBJ_NAME_do_all_sorted")
-have_func("SSL_SESSION_get_id")
-have_func("SSL_SESSION_cmp")
-have_func("OPENSSL_cleanse")
-unless have_macro("OPENSSL_NO_SSL2","openssl/opensslconf.h")
+# compile options
+
+# check OPENSSL_NO_{SSL2,SSL3_METHOD} macro: on some environment, these symbols
+# exist even if compiled with no-ssl2 or no-ssl3-method.
+unless have_macro("OPENSSL_NO_SSL2", "openssl/opensslconf.h")
   have_func("SSLv2_method")
-  have_func("SSLv2_server_method")
-  have_func("SSLv2_client_method")
 end
-unless have_macro("OPENSSL_NO_SSL3_METHOD","openssl/opensslconf.h")
+unless have_macro("OPENSSL_NO_SSL3_METHOD", "openssl/opensslconf.h")
   have_func("SSLv3_method")
-  have_func("SSLv3_server_method")
-  have_func("SSLv3_client_method")
 end
 have_func("TLSv1_1_method")
-have_func("TLSv1_1_server_method")
-have_func("TLSv1_1_client_method")
 have_func("TLSv1_2_method")
-have_func("TLSv1_2_server_method")
-have_func("TLSv1_2_client_method")
-have_func("SSL_CTX_set_alpn_select_cb")
-have_func("SSL_CTX_set_next_proto_select_cb")
-have_macro("SSL_get_server_tmp_key", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_GET_SERVER_TMP_KEY")
-unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h'])
-  have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME")
-end
-if have_header("openssl/engine.h")
-  have_func("ENGINE_add")
-  have_func("ENGINE_load_builtin_engines")
-  have_func("ENGINE_load_openbsd_dev_crypto")
-  have_func("ENGINE_get_digest")
-  have_func("ENGINE_get_cipher")
-  have_func("ENGINE_cleanup")
-  have_func("ENGINE_load_dynamic")
-  have_func("ENGINE_load_4758cca")
-  have_func("ENGINE_load_aep")
-  have_func("ENGINE_load_atalla")
-  have_func("ENGINE_load_chil")
-  have_func("ENGINE_load_cswift")
-  have_func("ENGINE_load_nuron")
-  have_func("ENGINE_load_sureware")
-  have_func("ENGINE_load_ubsec")
-  have_func("ENGINE_load_padlock")
-  have_func("ENGINE_load_capi")
-  have_func("ENGINE_load_gmp")
-  have_func("ENGINE_load_gost")
-  have_func("ENGINE_load_cryptodev")
-  have_func("ENGINE_load_aesni")
-end
-have_func("DH_generate_parameters_ex")
-have_func("DSA_generate_parameters_ex")
-have_func("RSA_generate_key_ex")
-if checking_for('OpenSSL version is 0.9.7 or later') {
-    try_static_assert('OPENSSL_VERSION_NUMBER >= 0x00907000L', 'openssl/opensslv.h')
-  }
-  have_header("openssl/ocsp.h")
-end
+have_func("RAND_egd")
+engines = %w{builtin_engines openbsd_dev_crypto dynamic 4758cca aep atalla chil
+             cswift nuron sureware ubsec padlock capi gmp gost cryptodev aesni}
+engines.each { |name|
+  OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
+}
+
+# added in 1.0.0
+have_func("EVP_CIPHER_CTX_copy")
+have_func("HMAC_CTX_copy")
+have_func("PKCS5_PBKDF2_HMAC")
+have_func("X509_NAME_hash_old")
+have_func("SSL_SESSION_cmp") # removed
+OpenSSL.check_func_or_macro("SSL_set_tlsext_host_name", "openssl/ssl.h")
 have_struct_member("CRYPTO_THREADID", "ptr", "openssl/crypto.h")
-have_struct_member("EVP_CIPHER_CTX", "flags", "openssl/evp.h")
-have_struct_member("EVP_CIPHER_CTX", "engine", "openssl/evp.h")
-have_struct_member("X509_ATTRIBUTE", "single", "openssl/x509.h")
+
+# added in 1.0.1
+have_func("SSL_CTX_set_next_proto_select_cb")
 have_macro("EVP_CTRL_GCM_GET_TAG", ['openssl/evp.h']) && $defs.push("-DHAVE_AUTHENTICATED_ENCRYPTION")
 
+# added in 1.0.2
+have_func("X509_REVOKED_dup")
+have_func("SSL_CTX_set_alpn_select_cb")
+OpenSSL.check_func_or_macro("SSL_get_server_tmp_key", "openssl/ssl.h")
+
+# added in 1.1.0
+have_func("X509_STORE_get_ex_data")
+have_func("X509_STORE_set_ex_data")
+
 Logging::message "=== Checking done. ===\n"
 
 create_header