Index: Makefile.in ================================================================== --- Makefile.in +++ Makefile.in @@ -71,11 +71,11 @@ PKG_LIB_FILE8 = @PKG_LIB_FILE8@ PKG_LIB_FILE9 = @PKG_LIB_FILE9@ PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ lib_BINARIES = $(PKG_LIB_FILE) -BINARIES = $(lib_BINARIES) pkgIndex.tcl +BINARIES = dh_params.h tls.tcl.h $(lib_BINARIES) pkgIndex.tcl SHELL = @SHELL@ srcdir = @srcdir@ prefix = @prefix@ @@ -168,11 +168,11 @@ # compiled with. #DEFS = $(TCL_DEFS) @DEFS@ $(PKG_CFLAGS) DEFS = @DEFS@ $(PKG_CFLAGS) # Move pkgIndex.tcl to 'BINARIES' var if it is generated in the Makefile -CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl +CONFIG_CLEAN_FILES = Makefile pkgIndex.tcl generic/dh_params.h generic/tls.tcl.h CLEANFILES = @CLEANFILES@ CPPFLAGS = @CPPFLAGS@ LIBS = @PKG_LIBS@ @LIBS@ AR = @AR@ Index: configure ================================================================== --- configure +++ configure @@ -654,11 +654,10 @@ SSL_LIB_DIR SSL_DIR TCLTLS_SSL_CPPFLAGS TCLTLS_SSL_CFLAGS TCLTLS_SSL_LIBS -OPENSSL VC_MANIFEST_EMBED_EXE VC_MANIFEST_EMBED_DLL RANLIB_STUB MAKE_STUB_LIB MAKE_STATIC_LIB @@ -1431,15 +1430,15 @@ shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) - --disable-tls1 disable TLS1 support - --disable-tls1_1 disable TLS1.1 support - --disable-tls1_2 disable TLS1.2 support - --disable-tls1_3 disable TLS1.3 support - --enable-deterministic enable deterministic parameters + --disable-tls1 disable TLS1 protocol + --disable-tls1_1 disable TLS1.1 protocol + --disable-tls1_2 disable TLS1.2 protocol + --disable-tls1_3 disable TLS1.3 protocol + --enable-deterministic enable deterministic DH parameters --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-static-ssl enable statically linking to the specified SSL library --disable-hardening disable hardening attempts @@ -8913,18 +8912,14 @@ #-------------------------------------------------------------------- -# If the variable OPENSSL is set, we will build with the OpenSSL -# libraries. If it is not set, then we will use RSA BSAFE SSL-C -# libraries instead of the default OpenSSL libaries. +# This marco includes the TCL TLS specific functions to set the +# OpenSSL or LibreSSL config. #-------------------------------------------------------------------- -OPENSSL="1" -OPENSSL="1" - openssldir='' opensslpkgconfigdir='' @@ -9156,10 +9151,17 @@ # OpenSSL uses as its default names. #-------------------------------------------------------------------- if test "${TEA_PLATFORM}" = "windows" ; then if test "$GCC" = "yes"; then + + vars="-I${SSL_INCLUDE_DIR_NATIVE}" + for i in $vars; do + PKG_INCLUDES="$PKG_INCLUDES $i" + done + + vars="-L${SSL_LIB_DIR_NATIVE}" for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib @@ -9168,10 +9170,17 @@ PKG_LIBS="$PKG_LIBS $i" done else + + vars="-include:${SSL_INCLUDE_DIR_NATIVE}" + for i in $vars; do + PKG_INCLUDES="$PKG_INCLUDES $i" + done + + vars="-libpath:${SSL_LIB_DIR_NATIVE}" for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib @@ -9180,11 +9189,10 @@ PKG_LIBS="$PKG_LIBS $i" done fi - if test -n "${OPENSSL}"; then vars="libcrypto.lib libssl.lib" for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib @@ -9192,28 +9200,21 @@ fi PKG_LIBS="$PKG_LIBS $i" done - else - - vars="sslc32.lib" - for i in $vars; do - if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then - # Convert foo.lib to -lfoo for GCC. No-op if not *.lib - i=`echo "$i" | sed -e 's/^\([^-].*\)\.[lL][iI][bB]$/-l\1/'` - fi - PKG_LIBS="$PKG_LIBS $i" - done - - - fi else # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859] LIB_RUNTIME_DIR=${SSL_LIB_DIR} eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\"" - if test -n "${OPENSSL}"; then + + vars="-I${SSL_INCLUDE_DIR}" + for i in $vars; do + PKG_INCLUDES="$PKG_INCLUDES $i" + done + + vars="${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}" for i in $vars; do if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then # Convert foo.lib to -lfoo for GCC. No-op if not *.lib @@ -9221,23 +9222,10 @@ fi PKG_LIBS="$PKG_LIBS $i" done - else - - vars="${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lsslc" - for i in $vars; do - if test "${TEA_PLATFORM}" = "windows" -a "$GCC" = "yes" ; then - # Convert foo.lib to -lfoo for GCC. No-op if not *.lib - i=`echo "$i" | sed -e 's/^\([^-].*\)\.[lL][iI][bB]$/-l\1/'` - fi - PKG_LIBS="$PKG_LIBS $i" - done - - - fi fi #-------------------------------------------------------------------- # Determine the name of the tclsh and/or wish executables in the # Tcl and Tk build directories or the location they were installed Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -160,18 +160,14 @@ #-------------------------------------------------------------------- TEA_MAKE_LIB #-------------------------------------------------------------------- -# If the variable OPENSSL is set, we will build with the OpenSSL -# libraries. If it is not set, then we will use RSA BSAFE SSL-C -# libraries instead of the default OpenSSL libaries. +# This marco includes the TCL TLS specific functions to set the +# OpenSSL or LibreSSL config. #-------------------------------------------------------------------- -OPENSSL="1" -AC_SUBST(OPENSSL,"1") - TCLTLS_SSL_OPENSSL # Temp work-around SSL_DIR="/usr" SSL_LIB_DIR=${SSL_DIR}/lib64 @@ -199,26 +195,17 @@ TEA_ADD_LIBS([-L${SSL_LIB_DIR_NATIVE}]) else TEA_ADD_INCLUDES([-include:${SSL_INCLUDE_DIR_NATIVE}]) TEA_ADD_LIBS([-libpath:${SSL_LIB_DIR_NATIVE}]) fi - if test -n "${OPENSSL}"; then - TEA_ADD_LIBS([libcrypto.lib libssl.lib]) - else - TEA_ADD_LIBS([sslc32.lib]) - fi + TEA_ADD_LIBS([libcrypto.lib libssl.lib]) else # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859] LIB_RUNTIME_DIR=${SSL_LIB_DIR} eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\"" - if test -n "${OPENSSL}"; then - TEA_ADD_INCLUDES([-I${SSL_INCLUDE_DIR}]) - TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}]) - else - TEA_ADD_INCLUDES([-I${SSL_INCLUDE_DIR}]) - TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lsslc]) - fi + TEA_ADD_INCLUDES([-I${SSL_INCLUDE_DIR}]) + TEA_ADD_LIBS([${LD_SEARCH_FLAGS} -L${SSL_LIB_DIR} -lssl -lcrypto ${GCCPATH} ${GCCLIB}]) fi #-------------------------------------------------------------------- # Determine the name of the tclsh and/or wish executables in the # Tcl and Tk build directories or the location they were installed @@ -240,41 +227,41 @@ #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- -dnl Disable support for TLS 1.0 -AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 support]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1], [1], [Disable TLS1 support]) - fi -]) - -dnl Disable support for TLS 1.1 -AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 support]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 support]) - fi -]) - -dnl Disable support for TLS 1.2 -AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 support]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 support]) - fi -]) - -dnl Disable support for TLS 1.3 -AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 support]), [ - if test "${enableval}" = "no"; then - AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 support]) +dnl Disable support for TLS 1.0 protocol +AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol]) + fi +]) + +dnl Disable support for TLS 1.1 protocol +AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol]) + fi +]) + +dnl Disable support for TLS 1.2 protocol +AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol]) + fi +]) + +dnl Disable support for TLS 1.3 protocol +AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol]) fi ]) dnl Enable support for building the same library every time tcltls_deterministic='false' -AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ +AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [ if test "$enableval" = "yes"; then tcltls_deterministic='true' fi ]) if test "$tcltls_deterministic" = 'true'; then