Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -35,11 +35,11 @@ xxd -i < '@srcdir@/tls.tcl' > '@srcdir@/tls.tcl.h.new' mv '@srcdir@/tls.tcl.h.new' '@srcdir@/tls.tcl.h' # Create default DH parameters dh_params.h: @srcdir@/gen_dh_params - @srcdir@/gen_dh_params > dh_params.h.new + @srcdir@/gen_dh_params @GEN_DH_PARAMS_ARGS@ > dh_params.h.new mv dh_params.h.new dh_params.h # Generic target for building files from the "srcdir" # tree -- the default target will not match paths %.o: @srcdir@/%.c Index: configure.in ================================================================== --- configure.in +++ configure.in @@ -42,10 +42,23 @@ tcltls_ssl_lib="$withval" ], [ tcltls_ssl_lib='auto' ]) +dnl Enable support for building the same library every time +tcltls_deterministic='false' +AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ + if test "$enableval" = "yes"; then + tcltls_deterministic='true' + fi +]) +if test "$tcltls_deterministic" = 'true'; then + GEN_DH_PARAMS_ARGS='fallback' +else + GEN_DH_PARAMS_ARGS='' +fi +AC_SUBST(GEN_DH_PARAMS_ARGS) AC_CHECK_TOOL([PKGCONFIG], [pkg-config], [false]) dnl XXX:TODO: Automatically determine the SSL library to use dnl defaulting to OpenSSL for compatibility reasons Index: gen_dh_params ================================================================== --- gen_dh_params +++ gen_dh_params @@ -78,10 +78,17 @@ { DH_free(dh); return(NULL); } return(dh); } _EOF_ } + +# Enable support for giving the same DH params each time +if [ "$1" = 'fallback' ]; then + gen_dh_params_fallback && exit 0 + + exit 1 +fi gen_dh_params_openssl && exit 0 gen_dh_params_remote && exit 0 gen_dh_params_fallback && exit 0