@@ -203,110 +203,10 @@ #-------------------------------------------------------------------- #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) - -#-------------------------------------------------------------------- -# Custom -#-------------------------------------------------------------------- - -dnl Disable support for TLS 1.0 protocol -AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) - fi -]) - -dnl Disable support for TLS 1.1 protocol -AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) - fi -]) - -dnl Disable support for TLS 1.2 protocol -AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) - fi -]) - -dnl Disable support for TLS 1.3 protocol -AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) - fi -]) - -dnl Enable support for building the same library every time -tcltls_deterministic='false' -AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [ - if test "$enableval" = "yes"; then - tcltls_deterministic='true' - fi -]) -if test "$tcltls_deterministic" = 'true'; then - GEN_DH_PARAMS_ARGS='fallback' -else - GEN_DH_PARAMS_ARGS='' -fi - - -dnl Enable support for specifying pre-computed DH params size -AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size of the built-in, precomputed, DH params]), [ - AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])]) - GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" -]) -AC_SUBST(GEN_DH_PARAMS_ARGS) - - -dnl Determine if we have been asked to use a fast path if possible -tcltls_ssl_fastpath='no' -AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [ - if test "$enableval" = 'yes'; then - tcltls_ssl_fastpath='yes' - else - tcltls_ssl_fastpath='no' - fi -]) - -if test "$tcltls_ssl_fastpath" = 'yes'; then - AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library]) -fi - - -dnl Determine if we have been asked to statically link to the SSL library -TCLEXT_TLS_STATIC_SSL='no' -AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable statically linking to the specified SSL library]), [ - if test "$enableval" = 'yes'; then - TCLEXT_TLS_STATIC_SSL='yes' - fi -]) - - -dnl Enable hardening -tcltls_enable_hardening='auto' -AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable hardening attempts]), [ - tcltls_enable_hardening="$enableval" -]) -if test "$tcltls_enable_hardening" = 'auto'; then - tcltls_enable_hardening='true' - if test "$TCLEXT_BUILD" = 'static'; then - tcltls_enable_hardening='false' - fi -elif test "$tcltls_enable_hardening" = 'yes'; then - tcltls_enable_hardening='true' -else - tcltls_enable_hardening='false' -fi -if test "$tcltls_enable_hardening" = 'true'; then - AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"]) - AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"]) - AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification]) -fi - #-------------------------------------------------------------------- # Specify files to substitute AC variables in. You may alternatively # have a special pkgIndex.tcl.in or other files which require # substituting the AC variables in. Include these here.