@@ -106,10 +106,13 @@ tcltls_debug='true' fi ]) if test "$tcltls_debug" = 'true'; then AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging build]) + AX_CHECK_COMPILE_FLAG([-fcheck-pointer-bounds], [CFLAGS="$CFLAGS -fcheck-pointer-bounds"]) + AX_CHECK_COMPILE_FLAG([-fsanitize=address], [CFLAGS="$CFLAGS -fsanitize=address"]) + AX_CHECK_COMPILE_FLAG([-fsanitize=undefined], [CFLAGS="$CFLAGS -fsanitize=undefined"]) fi dnl Find "xxd" so we can build the tls.tcl.h file AC_CHECK_PROG([XXD], [xxd], [xxd], [__xxd__not__found]) @@ -122,10 +125,15 @@ if test "$enableval" = 'yes'; then TCLEXT_TLS_STATIC_SSL='yes' fi ]) +dnl Enable hardening +AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"]) +AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) +AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) + dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons if test "$tcltls_ssl_lib" = 'auto'; then tcltls_ssl_lib='openssl' fi