Overview
Comment: | Fixed check for SSL_set_tlsext_host_name and added support for forcing options that were manually specified |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | tls-1-7 |
Files: | files | file ages | folders |
SHA1: |
4aedc3e20115c4287c0496bd52787221 |
User & Date: | rkeene on 2016-12-07 16:20:16 |
Other Links: | branch diff | manifest | tags |
Context
2016-12-07
| ||
16:20 | Updated from latest remote tcl.m4 check-in: 7231dd89c8 user: rkeene tags: tls-1-7 | |
16:20 | Fixed check for SSL_set_tlsext_host_name and added support for forcing options that were manually specified check-in: 4aedc3e201 user: rkeene tags: tls-1-7 | |
15:34 | More specific check for non-BIO failures check-in: e10ce6579d user: rkeene tags: tls-1-7 | |
Changes
Modified aclocal/tcltls_openssl.m4
from [488956d001]
to [0c6bf71444].
1 2 3 4 5 6 7 | AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' AC_ARG_WITH([ssl-dir], AS_HELP_STRING( [--with-ssl-dir=<dir>], [deprecated, use --with-openssl-dir -- currently has the same meaning] ), [ | > > > > > > > > > > > > > > > > > > > > > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | dnl $1 = Name of variable dnl $2 = Name of function to check for dnl $3 = Name of protocol dnl $4 = Name of CPP macro to define AC_DEFUN([TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER], [ dnl Determine if particular SSL version is enabled if test "[$]$1" = "true" -o "[$]$1" = "force"; then AC_CHECK_FUNC($2,, [ if test "[$]$1" = "force"; then AC_MSG_ERROR([Unable to enable $3]) fi $1='false' ]) fi if test "[$]$1" = "false" -o "[$]$1" = "force_off"; then AC_DEFINE($4, [1], [Define this to disable $3 in OpenSSL support]) fi ]) AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' AC_ARG_WITH([ssl-dir], AS_HELP_STRING( [--with-ssl-dir=<dir>], [deprecated, use --with-openssl-dir -- currently has the same meaning] ), [ |
︙ | ︙ | |||
68 69 70 71 72 73 74 | AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) | < | < | < < | < < < | < < < | < < | < < | < < < < < < | < < < | < < < < < < | < < < | < < < < < < | < < | | < | > > < > > > > > > > | 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 | AC_MSG_RESULT([yes]) ], [ AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2]) TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3]) TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1]) TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1]) TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2]) AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [ AC_LANG_PUSH(C) AC_MSG_CHECKING([for SSL_set_tlsext_host_name]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include <openssl/ssl.h> #if (SSLEAY_VERSION_NUMBER >= 0x0907000L) # include <openssl/conf.h> #endif ], [ (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0); ])], [ AC_MSG_RESULT([yes]) tcltls_cv_func_tlsext_hostname='yes' tcltls_cv_func_tlsext_hostname='no' ], [ AC_MSG_RESULT([no]) ]) AC_LANG_POP([C]) dnl AC_CHECK_FUNC(SSL_set_tlsext_host_name, [ dnl ], [ dnl ]) ]) if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI]) fi dnl Restore compile-altering variables LIBS="${SAVE_LIBS}" CFLAGS="${SAVE_CFLAGS}" CPPFLAGS="${SAVE_CPPFLAGS}" ]) |
Modified configure.in
from [ae6ebb71ab]
to [03168d0f5d].
︙ | ︙ | |||
59 60 61 62 63 64 65 | AC_SUBST(GEN_DH_PARAMS_ARGS) dnl Allow the user to manually disable protocols dnl ## SSLv2: Disabled by default tcltls_ssl_ssl2='false' AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [ if test "$enableval" = "yes"; then | | | | | | | 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | AC_SUBST(GEN_DH_PARAMS_ARGS) dnl Allow the user to manually disable protocols dnl ## SSLv2: Disabled by default tcltls_ssl_ssl2='false' AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [ if test "$enableval" = "yes"; then tcltls_ssl_ssl2='force' fi ]) dnl ## SSLv3: Disabled by default tcltls_ssl_ssl3='false' AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [ if test "$enableval" = "yes"; then tcltls_ssl_ssl3='force' fi ]) dnl ## TLSv1.0: Enabled by default tcltls_ssl_tls1_0='true' AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [ if test "$enableval" = "no"; then tcltls_ssl_tls1_0='force_off' fi ]) dnl ## TLSv1.1: Enabled by default tcltls_ssl_tls1_1='true' AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [ if test "$enableval" = "no"; then tcltls_ssl_tls1_1='force_off' fi ]) dnl ## TLSv1.1: Enabled by default tcltls_ssl_tls1_2='true' AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [ if test "$enableval" = "no"; then tcltls_ssl_tls1_2='force_off' fi ]) dnl Enable support for a debugging build tcltls_debug='false' AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [ if test "$enableval" = "yes"; then |
︙ | ︙ |