Check-in [c75c1f1d50]
Overview
Comment:Updated to support configure options to disable/enable specific protocols
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | tls-1-7
Files: files | file ages | folders
SHA1: c75c1f1d509c1c7eab8b5e62dda4d6c6e104f94e
User & Date: rkeene on 2016-12-05 16:57:56
Other Links: branch diff | manifest | tags
Context
2016-12-05
16:58
Enforce socket in blocking mode during test where "gets" is expected to wait for a reply check-in: dc7bbc6de6 user: rkeene tags: tls-1-7
16:57
Updated to support configure options to disable/enable specific protocols check-in: c75c1f1d50 user: rkeene tags: tls-1-7
16:44
Moved OpenSSL and LibreSSL checks to an external file check-in: 07852b1ee9 user: rkeene tags: tls-1-7
Changes

Modified aclocal/tcltls_openssl.m4 from [01c1c3f418] to [dc9bb37a5d].

31
32
33
34
35
36
37

38

39
40



41




42

43

44
45



46




47

48

49
50



51




52

53

54
55



56




57

58

59
60







61
62
63
64
65
66
31
32
33
34
35
36
37
38

39


40
41
42
43
44
45
46
47
48
49

50


51
52
53
54
55
56
57
58
59
60

61


62
63
64
65
66
67
68
69
70
71

72


73
74
75
76
77
78
79
80
81
82

83


84
85
86
87
88
89
90
91
92
93
94
95
96







+
-
+
-
-
+
+
+

+
+
+
+

+
-
+
-
-
+
+
+

+
+
+
+

+
-
+
-
-
+
+
+

+
+
+
+

+
-
+
-
-
+
+
+

+
+
+
+

+
-
+
-
-
+
+
+
+
+
+
+






	], [
		AC_MSG_RESULT([no])
		AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
	])
	AC_LANG_POP([C])

	dnl Determine if SSLv2 is supported
	if test "$tcltls_ssl_ssl2" = "true"; then
	AC_CHECK_FUNC(SSLv2_method,, [
		AC_CHECK_FUNC(SSLv2_method,, [
		AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])
	])
			tcltls_ssl_ssl2='false'
		])
	fi

	if test "$tcltls_ssl_ssl2" = "false"; then
		AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])
	fi

	dnl Determine if SSLv3 is supported
	if test "$tcltls_ssl_ssl3" = "true"; then
	AC_CHECK_FUNC(SSLv3_method,, [
		AC_CHECK_FUNC(SSLv3_method,, [
		AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])
	])
			tcltls_ssl_ssl3='false'
		])
	fi

	if test "$tcltls_ssl_ssl3" = "false"; then
		AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])
	fi

	dnl Determine if TLSv1.0 is supported
	if test "$tcltls_ssl_tls1_0" = "true"; then
	AC_CHECK_FUNC(TLSv1_method,, [
		AC_CHECK_FUNC(TLSv1_method,, [
		AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])
	])
			tcltls_ssl_tls1_0='false'
		])
	fi

	if test "$tcltls_ssl_tls1_0" = "false"; then
		AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])
	fi

	dnl Determine if TLSv1.1 is supported
	if test "$tcltls_ssl_tls1_1" = "true"; then
	AC_CHECK_FUNC(TLSv1_1_method,, [
		AC_CHECK_FUNC(TLSv1_1_method,, [
		AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])
	])
			tcltls_ssl_tls1_1='false'
		])
	fi

	if test "$tcltls_ssl_tls1_1" = "false"; then
		AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])
	fi

	dnl Determine if TLSv1.2 is supported
	if test "$tcltls_ssl_tls1_2" = "true"; then
	AC_CHECK_FUNC(TLSv1_2_method,, [
		AC_CHECK_FUNC(TLSv1_2_method,, [
		AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])
	])
			tcltls_ssl_tls1_2='false'
		])
	fi

	if test "$tcltls_ssl_tls1_2" = "false"; then
		AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])
	fi

	dnl Restore compile-altering variables
	LIBS="${SAVE_LIBS}"
	CFLAGS="${SAVE_CFLAGS}"
	CPPFLAGS="${SAVE_CPPFLAGS}"
])

Modified configure.in from [4546434d3f] to [9220961356].

53
54
55
56
57
58
59









































60
61
62
63
64
65
66
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107







+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+







])
if test "$tcltls_deterministic" = 'true'; then
	GEN_DH_PARAMS_ARGS='fallback'
else
	GEN_DH_PARAMS_ARGS=''
fi
AC_SUBST(GEN_DH_PARAMS_ARGS)

dnl Allow the user to manually disable protocols
dnl ## SSLv2: Disabled by default
tcltls_ssl_ssl2='false'
AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [
	if test "$enableval" = "yes"; then
		tcltls_ssl_ssl2='true'
	fi
])

dnl ## SSLv3: Disabled by default
tcltls_ssl_ssl3='false'
AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [
	if test "$enableval" = "yes"; then
		tcltls_ssl_ssl3='true'
	fi
])

dnl ## TLSv1.0: Enabled by default
tcltls_ssl_tls1_0='true'
AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [
	if test "$enableval" = "no"; then
		tcltls_ssl_tls1_0='false'
	fi
])

dnl ## TLSv1.1: Enabled by default
tcltls_ssl_tls1_1='true'
AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [
	if test "$enableval" = "no"; then
		tcltls_ssl_tls1_1='false'
	fi
])

dnl ## TLSv1.1: Enabled by default
tcltls_ssl_tls1_2='true'
AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [
	if test "$enableval" = "no"; then
		tcltls_ssl_tls1_2='false'
	fi
])

dnl Enable support for a debugging build
tcltls_debug='false'
AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
	if test "$enableval" = "yes"; then
		tcltls_debug='true'
	fi