TclTLS: Diff

Differences From Artifact [488956d001]:

File aclocal/tcltls_openssl.m4 — part of check-in [7f86ac3e48] at 2016-12-06 16:53:46 on branch tls-1-7 — Updated to ensure that the SNI functinality was available from the SSL library (user: rkeene, size: 4248) [annotate] [blame] [check-ins using]

To Artifact [0c6bf71444]:

File aclocal/tcltls_openssl.m4 — part of check-in [4aedc3e201] at 2016-12-07 16:20:16 on branch tls-1-7 — Fixed check for SSL_set_tlsext_host_name and added support for forcing options that were manually specified (user: rkeene, size: 4222) [annotate] [blame] [check-ins using]























1 2 3 4 5 6 7	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29	+ + + + + + + + + + + + + + + + + + + + + +	dnl $1 = Name of variable dnl $2 = Name of function to check for dnl $3 = Name of protocol dnl $4 = Name of CPP macro to define AC_DEFUN([TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER], [ dnl Determine if particular SSL version is enabled if test "[$]$1" = "true" -o "[$]$1" = "force"; then AC_CHECK_FUNC($2,, [ if test "[$]$1" = "force"; then AC_MSG_ERROR([Unable to enable $3]) fi $1='false' ]) fi if test "[$]$1" = "false" -o "[$]$1" = "force_off"; then AC_DEFINE($4, [1], [Define this to disable $3 in OpenSSL support]) fi ]) AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' AC_ARG_WITH([ssl-dir], AS_HELP_STRING( [--with-ssl-dir=<dir>], [deprecated, use --with-openssl-dir -- currently has the same meaning] ), [
︙
68 69 70 71 72 73 74 ~~75 76~~ ~~77 78~~ ~~79 80 81~~ ~~82 83 84 85~~ ~~86 87 88 89~~ ~~90 91~~ 92 93 ~~94 95 96~~ ~~97 98 99 100 101 102 103~~ ~~104 105 106 107~~ ~~108 109 110 111 112 113 114~~ ~~115 116 117 118~~ ~~119 120 121 122 123 124 125~~ ~~126 127 128 129~~ ~~130 131~~ 132 ~~133~~ 134 135 136 137 138 139 140 141 142 143 144 145 146	90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135	- - + - - + - - - + - - - - + - - - - + - - - + - - - + - - - - - - - + - - - - + - - - - - - - + - - - - + - - - - - - - + - - - - + + - - + + + - + + + + + + +	AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) ~~~~dnl Determine if SSLv2 is supported~~ ~~if test "$~~tcltls_ssl_ssl2" ~~= "tru~~e"; then~~ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2]) ~~AC_CHECK_FUNC(SSLv2_method,, [~~ tcltls_ssl_ssl~~2='fa~~l~~se'~~ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3]) ~~]) fi~~ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1]) ~~~~if test "$tcltls_ssl_ssl2" = "false"; then~~ ~~AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])~~ fi~~ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1]) ~~~~dnl Determine if SSLv3 is supported~~ ~~if test "$tcltls_ssl_ssl3" = "true"; then~~ ~~AC_CHECK_FUNC(SSLv3_method,, [~~ tcltls_ssl_~~ssl3='fa~~lse'~~ TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2]) ~~]) fi~~ ~~if test "$~~tcltls_~~ssl~~_~~ssl3" = "~~false"; ~~then~~ AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [ ~~~~AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])~~ fi~~ AC_LANG_PUSH(C) ~~~~dnl Determine if TLSv1.0 is supported~~ ~~if test "$tcltls_ssl_tls1_0" = "true"; then~~ ~~AC_CHECK_FUNC(TLSv1_method,, [~~ ~~tcltls_ssl_tls1_0='false'~~ ]) fi~~ AC_MSG_CHECKING([for SSL_set_tlsext_host_name]) ~~~~if test "$tcltls_ssl_tls1_0" = "false"; then~~ ~~AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])~~ fi~~ AC_LINK_IFELSE([AC_LANG_PROGRAM([ ~~~~dnl Determine if TLSv1.1 is supported~~ ~~if test "$tcltls_ssl_tls1_1" = "true"; then~~ ~~AC_CHECK_FUNC(TLSv1_1_method,, [~~ ~~tcltls_ssl_tls1_1='false'~~ ]) fi~~ #include <openssl/ssl.h> ~~~~if test "$tcltls_ssl_tls1_1" = "false"; then~~ ~~AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])~~ fi~~ #if (SSLEAY_VERSION_NUMBER >= 0x0907000L) ~~~~dnl Determine if TLSv1.2 is supported~~ ~~if test "$tcltls_ssl_tls1_2" = "true"; then~~ ~~AC_CHECK_FUNC(TLSv1_2_method,, [~~ ~~tcltls_ssl_tls1_2='false'~~ ]) fi~~ # include <openssl/conf.h> ~~~~if test "$tcltls_ssl_tls1_2" = "false"; then~~ ~~AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])~~ fi~~ #endif ], [ ~~AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [~~ ~~AC_CHECK_FUNC~~(SSL_set_tlsext_host_name~~, [~~ (void)SSL_set_tlsext_host_name((void ) 0, (void ) 0); ])], [ AC_MSG_RESULT([yes]) tcltls_cv_func_tlsext_hostname='yes' ~~], [~~ tcltls_cv_func_tlsext_hostname='no' ], [ AC_MSG_RESULT([no]) ]) AC_LANG_POP([C]) dnl AC_CHECK_FUNC(SSL_set_tlsext_host_name, [ dnl ], [ dnl ]) ]) if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI]) fi dnl Restore compile-altering variables LIBS="${SAVE_LIBS}" CFLAGS="${SAVE_CFLAGS}" CPPFLAGS="${SAVE_CPPFLAGS}" ])