Overview
Comment: | Added options to disable TLS protocols |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | TEA |
Files: | files | file ages | folders |
SHA3-256: |
124d881bb04fc507e5916f6a9fabdea1 |
User & Date: | bohagan on 2023-05-07 17:48:19 |
Other Links: | branch diff | manifest | tags |
Context
2023-05-07
| ||
19:09 | Fixed detect shared library in pkgIndex.tcl file check-in: 515e670c81 user: bohagan tags: TEA | |
17:48 | Added options to disable TLS protocols check-in: 124d881bb0 user: bohagan tags: TEA | |
16:51 | Fixed make dist check-in: a8bd1bb16d user: bohagan tags: TEA | |
Changes
Modified acinclude.m4
from [e14d0ef841]
to [5705bd6f8e].
︙ | ︙ | |||
80 81 82 83 84 85 86 | else AC_MSG_RESULT([cant]) $5 fi ]) | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 80 81 82 83 84 85 86 87 88 89 90 91 92 93 | else AC_MSG_RESULT([cant]) $5 fi ]) AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' opensslpkgconfigdir='' AC_ARG_WITH([openssl-dir], AS_HELP_STRING( [--with-openssl-dir=<dir>], [path to root directory of OpenSSL or LibreSSL installation] |
︙ | ︙ | |||
220 221 222 223 224 225 226 | ;; esac done SHOBJ_DO_STATIC_LINK_LIB([OpenSSL], [$new_TCLTLS_SSL_LIBS_static], [new_TCLTLS_SSL_LIBS_static]) TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" fi fi | < < < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | 176 177 178 179 180 181 182 183 | ;; esac done SHOBJ_DO_STATIC_LINK_LIB([OpenSSL], [$new_TCLTLS_SSL_LIBS_static], [new_TCLTLS_SSL_LIBS_static]) TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" fi fi ]) |
Modified configure
from [bffda83e56]
to [60bb9afd54].
︙ | ︙ | |||
782 783 784 785 786 787 788 789 790 791 792 793 794 795 | enable_stubs enable_64bit enable_64bit_vis enable_rpath enable_symbols with_openssl_dir with_openssl_pkgconfig enable_deterministic with_builtin_dh_params_size enable_ssl_fastpath enable_static_ssl enable_hardening ' ac_precious_vars='build_alias | > > > > | 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 | enable_stubs enable_64bit enable_64bit_vis enable_rpath enable_symbols with_openssl_dir with_openssl_pkgconfig enable_tls1 enable_tls1_1 enable_tls1_2 enable_tls1_3 enable_deterministic with_builtin_dh_params_size enable_ssl_fastpath enable_static_ssl enable_hardening ' ac_precious_vars='build_alias |
︙ | ︙ | |||
1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 | --enable-shared build and link with shared libraries (default: on) --enable-stubs build and link with stub libraries. Always true for shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) --enable-deterministic enable deterministic parameters --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-static-ssl enable statically linking to the specified SSL library --disable-hardening disable hardening attempts | > > > > | 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 | --enable-shared build and link with shared libraries (default: on) --enable-stubs build and link with stub libraries. Always true for shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) --disable-tls1 disable TLS1 support --disable-tls1_1 disable TLS1.1 support --disable-tls1_2 disable TLS1.2 support --disable-tls1_3 disable TLS1.3 support --enable-deterministic enable deterministic parameters --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-static-ssl enable statically linking to the specified SSL library --disable-hardening disable hardening attempts |
︙ | ︙ | |||
5363 5364 5365 5366 5367 5368 5369 | case $ac_cv_c_bigendian in #( yes) printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) | | < < | 5371 5372 5373 5374 5375 5376 5377 5378 5379 5380 5381 5382 5383 5384 5385 | case $ac_cv_c_bigendian in #( yes) printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) # ;; #( *) as_fn_error $? "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac |
︙ | ︙ | |||
8912 8913 8914 8915 8916 8917 8918 8919 8920 8921 8922 8923 8924 8925 | #-------------------------------------------------------------------- # If the variable OPENSSL is set, we will build with the OpenSSL # libraries. If it is not set, then we will use RSA BSAFE SSL-C # libraries instead of the default OpenSSL libaries. #-------------------------------------------------------------------- OPENSSL="1" openssldir='' opensslpkgconfigdir='' # Check whether --with-openssl-dir was given. if test ${with_openssl_dir+y} | > > | 8918 8919 8920 8921 8922 8923 8924 8925 8926 8927 8928 8929 8930 8931 8932 8933 | #-------------------------------------------------------------------- # If the variable OPENSSL is set, we will build with the OpenSSL # libraries. If it is not set, then we will use RSA BSAFE SSL-C # libraries instead of the default OpenSSL libaries. #-------------------------------------------------------------------- OPENSSL="1" OPENSSL="1" openssldir='' opensslpkgconfigdir='' # Check whether --with-openssl-dir was given. if test ${with_openssl_dir+y} |
︙ | ︙ | |||
9004 9005 9006 9007 9008 9009 9010 | PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" if test "$TCLEXT_BUILD" = "static"; then rm -f tcltls.${AREXT}.linkadd printf "%s\n" "$TCLTLS_SSL_LIBS" > tcltls.${AREXT}.linkadd fi | | < < < < < < < | | < < < < | < | | < < | < < < | < | < | < < < < < < < < < < < < < < < < | < | | | < < | < < < | < | < | < | | | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | < | < | | | < < | < < < | < | < < | | | < < < < < < < < < < < < < < < < < < < < < < < < | < < < < < | < < < | < | < < < < < < | < < < < < < < < < < | < < < < < < < | < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < < | | < < | < < < > | > > > > > > > > > > | > > > > > > > > | > > | > > > > | > | > > | > > > > > > > > > > > | 9012 9013 9014 9015 9016 9017 9018 9019 9020 9021 9022 9023 9024 9025 9026 9027 9028 9029 9030 9031 9032 9033 9034 9035 9036 9037 9038 9039 9040 9041 9042 9043 9044 9045 9046 9047 9048 9049 9050 9051 9052 9053 9054 9055 9056 9057 9058 9059 9060 9061 9062 9063 9064 9065 9066 9067 9068 9069 9070 9071 9072 9073 9074 9075 9076 9077 9078 9079 9080 9081 9082 9083 9084 9085 9086 9087 9088 9089 9090 9091 9092 9093 9094 9095 9096 9097 9098 9099 9100 9101 9102 9103 9104 9105 9106 9107 9108 9109 9110 9111 9112 9113 9114 9115 9116 9117 9118 9119 9120 9121 9122 9123 9124 9125 9126 9127 9128 9129 9130 9131 9132 9133 9134 9135 9136 9137 9138 9139 9140 9141 9142 9143 9144 9145 9146 9147 9148 9149 9150 9151 9152 9153 9154 9155 9156 9157 9158 9159 9160 9161 9162 | PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}" if test "$TCLEXT_BUILD" = "static"; then rm -f tcltls.${AREXT}.linkadd printf "%s\n" "$TCLTLS_SSL_LIBS" > tcltls.${AREXT}.linkadd fi if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then if test "$TCLEXT_BUILD" != "static"; then new_TCLTLS_SSL_LIBS_normal='' new_TCLTLS_SSL_LIBS_static='' for arg in $TCLTLS_SSL_LIBS; do case "${arg}" in -L*) new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" ;; -ldl|-lrt|-lc|-lpthread|-lm|-lcrypt|-lidn|-lresolv|-lgcc|-lgcc_s) new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" ;; -l*) new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" ;; *) new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" ;; esac done { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for how to statically link to OpenSSL" >&5 printf %s "checking for how to statically link to OpenSSL... " >&6; } trylink_ADD_LDFLAGS='' for arg in $new_TCLTLS_SSL_LIBS_static; do case "${arg}" in -L*) trylink_ADD_LDFLAGS="${arg}" ;; esac done SAVELIBS="$LIBS" staticlib="" found="0" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu for trylink in "-Wl,-a,archive $new_TCLTLS_SSL_LIBS_static -Wl,-a,shared_archive" "-Wl,-Bstatic $new_TCLTLS_SSL_LIBS_static -Wl,-Bdynamic" "$new_TCLTLS_SSL_LIBS_static"; do if echo " ${LDFLAGS} " | grep ' -static ' >/dev/null; then if test "${trylink}" != "$new_TCLTLS_SSL_LIBS_static"; then continue fi fi LIBS="${SAVELIBS} ${trylink_ADD_LDFLAGS} ${trylink}" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main (void) { ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO" then : staticlib="${trylink}" found="1" break fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu LIBS="${SAVELIBS}" if test "${found}" = "1"; then new_RESULT='' SAVERESULT="$new_TCLTLS_SSL_LIBS_static" for lib in ${SAVERESULT}; do addlib='1' for removelib in $new_TCLTLS_SSL_LIBS_static; do if test "${lib}" = "${removelib}"; then addlib='0' break fi done if test "$addlib" = '1'; then new_RESULT="${new_RESULT} ${lib}" fi done new_TCLTLS_SSL_LIBS_static="${new_RESULT} ${staticlib}" { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${staticlib}" >&5 printf "%s\n" "${staticlib}" >&6; } else { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cant" >&5 printf "%s\n" "cant" >&6; } fi TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" fi fi #TLS_CHECK_SSL #AC_CHECK_LIB(crypto, main, [LIBS="$LIBS -lcrypto"]) #AC_CHECK_LIB(ssl, main, [LIBS="$LIBS -lssl"]) SSL_DIR="/usr" SSL_LIB_DIR=${SSL_DIR}/lib64 SSL_INCLUDE_DIR=${SSL_DIR}/include/openssl SSL_INCLUDE_DIR_NATIVE=\"`${CYGPATH} ${SSL_INCLUDE_DIR}`\" SSL_LIB_DIR_NATIVE=\"`${CYGPATH} ${SSL_LIB_DIR}`\" #-------------------------------------------------------------------- # Shared libraries and static libraries have different names. # Also, windows libraries and unix libraries have different names. # For the OpenSSL version, I chose to use the same library names that # OpenSSL uses as its default names. |
︙ | ︙ | |||
9373 9374 9375 9376 9377 9378 9379 | for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib i=`echo "$i" | sed -e 's/^\([^-].*\)\.[lL][iI][bB]$/-l\1/'` fi PKG_LIBS="$PKG_LIBS $i" done | | > | 9206 9207 9208 9209 9210 9211 9212 9213 9214 9215 9216 9217 9218 9219 9220 9221 9222 | for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib i=`echo "$i" | sed -e 's/^\([^-].*\)\.[lL][iI][bB]$/-l\1/'` fi PKG_LIBS="$PKG_LIBS $i" done fi else # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859] LIB_RUNTIME_DIR=${SSL_LIB_DIR} eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\"" if test -n "${OPENSSL}"; then vars="${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}" |
︙ | ︙ | |||
9475 9476 9477 9478 9479 9480 9481 9482 9483 9484 9485 9486 9487 9488 | #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- tcltls_deterministic='false' # Check whether --enable-deterministic was given. if test ${enable_deterministic+y} then : enableval=$enable_deterministic; if test "$enableval" = "yes"; then | > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > | 9309 9310 9311 9312 9313 9314 9315 9316 9317 9318 9319 9320 9321 9322 9323 9324 9325 9326 9327 9328 9329 9330 9331 9332 9333 9334 9335 9336 9337 9338 9339 9340 9341 9342 9343 9344 9345 9346 9347 9348 9349 9350 9351 9352 9353 9354 9355 9356 9357 9358 9359 9360 9361 9362 9363 9364 9365 9366 9367 9368 9369 9370 9371 9372 9373 9374 9375 | #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- # Check whether --enable-tls1 was given. if test ${enable_tls1+y} then : enableval=$enable_tls1; if (test "${enableval}" = "no"); then printf "%s\n" "#define NO_TLS1 1" >>confdefs.h fi fi # Check whether --enable-tls1_1 was given. if test ${enable_tls1_1+y} then : enableval=$enable_tls1_1; if (test "${enableval}" = "no"); then printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h fi fi # Check whether --enable-tls1_2 was given. if test ${enable_tls1_2+y} then : enableval=$enable_tls1_2; if (test "${enableval}" = "no"); then printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h fi fi # Check whether --enable-tls1_3 was given. if test ${enable_tls1_3+y} then : enableval=$enable_tls1_3; if (test "${enableval}" = "no"); then printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h fi fi tcltls_deterministic='false' # Check whether --enable-deterministic was given. if test ${enable_deterministic+y} then : enableval=$enable_deterministic; if test "$enableval" = "yes"; then |
︙ | ︙ | |||
9503 9504 9505 9506 9507 9508 9509 | if test ${with_builtin_dh_params_size+y} then : withval=$with_builtin_dh_params_size; case $withval in #( 2048|4096|8192) : ;; #( *) : | < | < < | 9390 9391 9392 9393 9394 9395 9396 9397 9398 9399 9400 9401 9402 9403 9404 | if test ${with_builtin_dh_params_size+y} then : withval=$with_builtin_dh_params_size; case $withval in #( 2048|4096|8192) : ;; #( *) : as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;; esac GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" fi |
︙ | ︙ | |||
9808 9809 9810 9811 9812 9813 9814 | # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs | < | 9692 9693 9694 9695 9696 9697 9698 9699 9700 9701 9702 9703 9704 9705 | # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs CFLAGS="${CFLAGS} ${CPPFLAGS}"; CPPFLAGS="" : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files |
︙ | ︙ |
Modified configure.ac
from [3b0f7b8ea0]
to [ebda080a59].
︙ | ︙ | |||
243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 | #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- dnl Enable support for building the same library every time tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ if test "$enableval" = "yes"; then tcltls_deterministic='true' fi ]) if test "$tcltls_deterministic" = 'true'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi dnl Enable support for specifying pre-computed DH params size AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=<bits>], [specify the size of the built-in, precomputed, DH params]), [ | > > > > > > > > > > > > > > > > > > > > > > > > > > > > < < < | < < | 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 | #TEA_EXPORT_CONFIG([tls]) #AC_SUBST(SAMPLE_VAR) #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- dnl Disable support for TLS 1.0 AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 support]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1], [1], [Disable TLS1 support]) fi ]) dnl Disable support for TLS 1.1 AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 support]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 support]) fi ]) dnl Disable support for TLS 1.2 AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 support]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 support]) fi ]) dnl Disable support for TLS 1.3 AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 support]), [ if test "${enableval}" = "no"; then AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 support]) fi ]) dnl Enable support for building the same library every time tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ if test "$enableval" = "yes"; then tcltls_deterministic='true' fi ]) if test "$tcltls_deterministic" = 'true'; then GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi dnl Enable support for specifying pre-computed DH params size AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=<bits>], [specify the size of the built-in, precomputed, DH params]), [ AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])]) GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" ]) AC_SUBST(GEN_DH_PARAMS_ARGS) dnl Determine if we have been asked to use a fast path if possible tcltls_ssl_fastpath='no' |
︙ | ︙ |