Index: aclocal/tcltls_openssl.m4 ================================================================== --- aclocal/tcltls_openssl.m4 +++ aclocal/tcltls_openssl.m4 @@ -33,33 +33,63 @@ AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) dnl Determine if SSLv2 is supported - AC_CHECK_FUNC(SSLv2_method,, [ + if test "$tcltls_ssl_ssl2" = "true"; then + AC_CHECK_FUNC(SSLv2_method,, [ + tcltls_ssl_ssl2='false' + ]) + fi + + if test "$tcltls_ssl_ssl2" = "false"; then AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support]) - ]) + fi dnl Determine if SSLv3 is supported - AC_CHECK_FUNC(SSLv3_method,, [ + if test "$tcltls_ssl_ssl3" = "true"; then + AC_CHECK_FUNC(SSLv3_method,, [ + tcltls_ssl_ssl3='false' + ]) + fi + + if test "$tcltls_ssl_ssl3" = "false"; then AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support]) - ]) + fi dnl Determine if TLSv1.0 is supported - AC_CHECK_FUNC(TLSv1_method,, [ + if test "$tcltls_ssl_tls1_0" = "true"; then + AC_CHECK_FUNC(TLSv1_method,, [ + tcltls_ssl_tls1_0='false' + ]) + fi + + if test "$tcltls_ssl_tls1_0" = "false"; then AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support]) - ]) + fi dnl Determine if TLSv1.1 is supported - AC_CHECK_FUNC(TLSv1_1_method,, [ + if test "$tcltls_ssl_tls1_1" = "true"; then + AC_CHECK_FUNC(TLSv1_1_method,, [ + tcltls_ssl_tls1_1='false' + ]) + fi + + if test "$tcltls_ssl_tls1_1" = "false"; then AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support]) - ]) + fi dnl Determine if TLSv1.2 is supported - AC_CHECK_FUNC(TLSv1_2_method,, [ + if test "$tcltls_ssl_tls1_2" = "true"; then + AC_CHECK_FUNC(TLSv1_2_method,, [ + tcltls_ssl_tls1_2='false' + ]) + fi + + if test "$tcltls_ssl_tls1_2" = "false"; then AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support]) - ]) + fi dnl Restore compile-altering variables LIBS="${SAVE_LIBS}" CFLAGS="${SAVE_CFLAGS}" CPPFLAGS="${SAVE_CPPFLAGS}" Index: configure.in ================================================================== --- configure.in +++ configure.in @@ -55,10 +55,51 @@ GEN_DH_PARAMS_ARGS='fallback' else GEN_DH_PARAMS_ARGS='' fi AC_SUBST(GEN_DH_PARAMS_ARGS) + +dnl Allow the user to manually disable protocols +dnl ## SSLv2: Disabled by default +tcltls_ssl_ssl2='false' +AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [ + if test "$enableval" = "yes"; then + tcltls_ssl_ssl2='true' + fi +]) + +dnl ## SSLv3: Disabled by default +tcltls_ssl_ssl3='false' +AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [ + if test "$enableval" = "yes"; then + tcltls_ssl_ssl3='true' + fi +]) + +dnl ## TLSv1.0: Enabled by default +tcltls_ssl_tls1_0='true' +AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [ + if test "$enableval" = "no"; then + tcltls_ssl_tls1_0='false' + fi +]) + +dnl ## TLSv1.1: Enabled by default +tcltls_ssl_tls1_1='true' +AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [ + if test "$enableval" = "no"; then + tcltls_ssl_tls1_1='false' + fi +]) + +dnl ## TLSv1.1: Enabled by default +tcltls_ssl_tls1_2='true' +AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [ + if test "$enableval" = "no"; then + tcltls_ssl_tls1_2='false' + fi +]) dnl Enable support for a debugging build tcltls_debug='false' AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [ if test "$enableval" = "yes"; then