@@ -87,10 +87,11 @@
AC_DEFUN([TCLTLS_SSL_OPENSSL], [
AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false])
openssldir=''
opensslpkgconfigdir=''
+
AC_ARG_WITH([openssl-dir],
AS_HELP_STRING(
[--with-openssl-dir=
],
[path to root directory of OpenSSL or LibreSSL installation]
), [
@@ -156,101 +157,105 @@
dnl Disable support for TLS 1.0 protocol
AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [
if test "${enableval}" = "no"; then
AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol])
+ AC_MSG_CHECKING([for disable TLS1 protocol])
+ AC_MSG_RESULT('yes')
fi
])
dnl Disable support for TLS 1.1 protocol
AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [
if test "${enableval}" = "no"; then
AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol])
+ AC_MSG_CHECKING([for disable TLS1.1 protocol])
+ AC_MSG_RESULT('yes')
fi
])
dnl Disable support for TLS 1.2 protocol
AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [
if test "${enableval}" = "no"; then
AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol])
+ AC_MSG_CHECKING([for disable TLS1.2 protocol])
+ AC_MSG_RESULT('yes')
fi
])
dnl Disable support for TLS 1.3 protocol
AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [
if test "${enableval}" = "no"; then
AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol])
+ AC_MSG_CHECKING([for disable TLS1.3 protocol])
+ AC_MSG_RESULT('yes')
fi
])
-
dnl Enable support for building the same library every time
- tcltls_deterministic='false'
AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [
- if test "$enableval" = "yes"; then
- tcltls_deterministic='true'
- fi
+ tcltls_deterministic="$enableval"
+ ], [
+ tcltls_deterministic='no'
])
- if test "$tcltls_deterministic" = 'true'; then
+ if test "$tcltls_deterministic" = 'yes'; then
GEN_DH_PARAMS_ARGS='fallback'
else
GEN_DH_PARAMS_ARGS=''
fi
dnl Enable support for specifying pre-computed DH params size
- AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size of the built-in, precomputed, DH params]), [
+ AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size in bits of the built-in, precomputed, DH params]), [
AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])])
GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"
])
AC_SUBST(GEN_DH_PARAMS_ARGS)
-
+ AC_MSG_CHECKING([for DH params])
+ AC_MSG_RESULT([$GEN_DH_PARAMS_ARGS])
dnl Determine if we have been asked to use a fast path if possible
- tcltls_ssl_fastpath='no'
AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [
- if test "$enableval" = 'yes'; then
- tcltls_ssl_fastpath='yes'
- else
- tcltls_ssl_fastpath='no'
- fi
+ tcltls_ssl_fastpath="$enableval"
+ ], [
+ tcltls_ssl_fastpath='no'
])
-
if test "$tcltls_ssl_fastpath" = 'yes'; then
AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library])
fi
+ AC_MSG_CHECKING([for fast path])
+ AC_MSG_RESULT([$tcltls_ssl_fastpath])
dnl Enable hardening
- AC_MSG_CHECKING([enable hardening])
- tcltls_enable_hardening='yes'
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [enable hardening attempts]), [
tcltls_enable_hardening="$enableval"
+ ], [
+ tcltls_enable_hardening='yes'
])
- AC_MSG_RESULT([$tcltls_enable_hardening])
if test "$tcltls_enable_hardening" = 'yes'; then
if test "$GCC" = 'yes' -o "$CC" = 'clang'; then
TEA_ADD_CFLAGS([-fstack-protector-all])
TEA_ADD_CFLAGS([-fno-strict-overflow])
AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])
fi
fi
-
+ AC_MSG_CHECKING([for enable hardening])
+ AC_MSG_RESULT([$tcltls_enable_hardening])
dnl Determine if we have been asked to statically link to the SSL library
- TCLEXT_TLS_STATIC_SSL='no'
- AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable statically linking to the specified SSL library]), [
- if test "$enableval" = 'yes'; then
- TCLEXT_TLS_STATIC_SSL='yes'
- fi
+ AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable static linking to the SSL library]), [
+ TCLEXT_TLS_STATIC_SSL="$enableval"
+ ], [
+ TCLEXT_TLS_STATIC_SSL='no'
])
if test "${SHARED_BUILD}" != "1"; then
dnl If we are doing a static build, save the linker flags for other programs to consume
rm -f tcltls.${AREXT}.linkadd
AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd
fi
- dnl If we have been asked to statically link to the SSL library, specifically tell the linker to do so
+ dnl If we have been asked to statically link to the SSL library, tell the linker to do so
if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
dnl Don't bother doing this if we aren't actually doing the runtime linking
if test "${SHARED_BUILD}" = "1"; then
dnl Split the libraries into SSL and non-SSL libraries
new_TCLTLS_SSL_LIBS_normal=''