From 043d05b196327affebdb8a8da7b4d9e9fc25788f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 16 Mar 2020 00:00:33 +0100
Subject: configure: check for OpenSSL flavor with thread-unsafe init

Defines 'HAVE_OPENSSL_THREADSAFE' if found true.

Closes #5018
---
 configure.ac       |  3 +++
 m4/curl-openssl.m4 | 28 +++++++++++++++++++++++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 973394bce..4cc6ca431 100755
--- a/configure.ac
+++ b/configure.ac
@@ -163,6 +163,7 @@ curl_verbose_msg="enabled (--disable-verbose)"
    curl_rtmp_msg="no      (--with-librtmp)"
   curl_mtlnk_msg="no      (--with-libmetalink)"
     curl_psl_msg="no      (--with-libpsl)"
+ curl_ssl_threadsafe="yes"
 
     ssl_backends=
 
@@ -1887,6 +1888,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
        fi
     fi
     CURL_CHECK_OPENSSL_API
+    CURL_CHECK_OPENSSL_THREADSAFE
     check_for_ca_bundle=1
   fi
 
@@ -4910,6 +4912,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
   HTTP2:            ${curl_h2_msg}
   HTTP3:            ${curl_h3_msg}
   ESNI:             ${curl_esni_msg}
+  SSL thread-safe:  ${curl_ssl_threadsafe}
   Protocols:        ${SUPPORT_PROTOCOLS}
   Features:         ${SUPPORT_FEATURES}
 ])
diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4
index d55827861..a4ef36455 100644
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -5,7 +5,7 @@
 #                            | (__| |_| |  _ <| |___
 #                             \___|\___/|_| \_\_____|
 #
-# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+# Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
 #
 # This software is licensed as described in the file COPYING, which
 # you should have received as part of this distribution. The terms
@@ -276,3 +276,29 @@ AC_DEFUN([CURL_CHECK_OPENSSL_API], [
     AC_MSG_WARN([$tst_warns])
   fi
 ])
+
+dnl CURL_CHECK_OPENSSL_THREADSAFE
+dnl OpenSSL >= 1.1.0 and BoringSSL have thread-safe init
+dnl -----------------------------------------------------
+
+AC_DEFUN([CURL_CHECK_OPENSSL_THREADSAFE], [
+  AC_MSG_CHECKING([for thread-safe OpenSSL flavor])
+  AC_COMPILE_IFELSE([
+    AC_LANG_PROGRAM([[
+      #include <openssl/opensslv.h>
+    ]],[[
+      #if ((OPENSSL_VERSION_NUMBER < 0x10100000L) || \
+        defined(LIBRESSL_VERSION_NUMBER)) && \
+        !defined(OPENSSL_IS_BORINGSSL)
+      #error "not thread-safe"
+      #endif
+    ]])
+  ],[
+    AC_MSG_RESULT([yes])
+    AC_DEFINE_UNQUOTED(HAVE_OPENSSL_THREADSAFE, 1,
+      [Define to 1 if using a thread-safe OpenSSL flavor])
+  ],[
+    AC_MSG_RESULT([no])
+    curl_ssl_threadsafe="no"
+ ])
+])
-- 
cgit v1.2.1