curl-openssl: fix SRP check for OpenSSL 3.0

When OpenSSL 3.0 is built with `--api=3.0` and `no-deprecated`, the SRP functions exist in the library, but are disabled for user code. Check if they are actually usable instead of only if they exist. Also, check for the functions actually required for TLS-SRP. TLS-SRP support is still enabled if OpenSSL is configured with just `--api=3.0` or with `--api=1.1.1 no-deprecated`. Closes https://github.com/curl/curl/pull/8394
2025-02-17 14:59:45 +08:00 · 2022-02-06 12:26:29 +01:00 · 2022-02-06 12:26:29 +01:00 · fe9440fa72
commit fe9440fa72
parent 4028892f14
1 changed files with 15 additions and 5 deletions
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@ -384,11 +384,21 @@ dnl ---
 dnl We require OpenSSL with SRP support.
 dnl ---
 if test "$OPENSSL_ENABLED" = "1"; then
-  AC_CHECK_LIB(crypto, SRP_Calc_client_key,
-   [
-     AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key])
-     AC_SUBST(HAVE_OPENSSL_SRP, [1])
-   ])
+  AC_MSG_CHECKING([for SRP support in OpenSSL])
+  AC_LINK_IFELSE([
+    AC_LANG_PROGRAM([[
+#include <openssl/ssl.h>
+    ]],[[
+      SSL_CTX_set_srp_username(NULL, "");
+      SSL_CTX_set_srp_password(NULL, "");
+    ]])
+  ],[
+    AC_MSG_RESULT([yes])
+    AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the functions SSL_CTX_set_srp_username and SSL_CTX_set_srp_password])
+    AC_SUBST(HAVE_OPENSSL_SRP, [1])
+  ],[
+    AC_MSG_RESULT([no])
+  ])
 fi

 dnl ---