Index: acinclude.m4 ================================================================== --- acinclude.m4 +++ acinclude.m4 @@ -82,54 +82,10 @@ $5 fi ]) -AC_DEFUN([TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER], [ - dnl Determine if particular SSL version is enabled - if test "[$]$1" = "true" -o "[$]$1" = "force"; then - proto_check='true' - ifelse($5,, [ - AC_CHECK_FUNC($2,, [ - proto_check='false' - ]) - ], [ - AC_LANG_PUSH(C) - AC_MSG_CHECKING([for $3 protocol support]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ -#include -#include -#if (SSLEAY_VERSION_NUMBER >= 0x0907000L) -# include -#endif - ], [ -int x = $5; - ])], [ - AC_MSG_RESULT([yes]) - ], [ - AC_MSG_RESULT([no]) - - proto_check='false' - ]) - AC_LANG_POP([C]) - ]) - - if test "$proto_check" = 'false'; then - if test "[$]$1" = "force"; then - AC_MSG_ERROR([Unable to enable $3]) - fi - - $1='false' - fi - fi - - if test "[$]$1" = "false"; then - AC_DEFINE($4, [1], [Define this to disable $3 in OpenSSL support]) - fi - -]) - AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' opensslpkgconfigdir='' AC_ARG_WITH([openssl-dir], AS_HELP_STRING( @@ -222,69 +178,6 @@ done SHOBJ_DO_STATIC_LINK_LIB([OpenSSL], [$new_TCLTLS_SSL_LIBS_static], [new_TCLTLS_SSL_LIBS_static]) TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" fi fi - - dnl Save compile-altering variables we are changing - SAVE_LIBS="${LIBS}" - SAVE_CFLAGS="${CFLAGS}" - SAVE_CPPFLAGS="${CPPFLAGS}" - - dnl Update compile-altering variables to include the OpenSSL libraries - LIBS="${TCLTLS_SSL_LIBS} ${SAVE_LIBS} ${TCLTLS_SSL_LIBS}" - CFLAGS="${TCLTLS_SSL_CFLAGS} ${SAVE_CFLAGS} ${TCLTLS_SSL_CFLAGS}" - CPPFLAGS="${TCLTLS_SSL_CPPFLAGS} ${SAVE_CPPFLAGS} ${TCLTLS_SSL_CPPFLAGS}" - - dnl Verify that basic functionality is there - AC_LANG_PUSH(C) - AC_MSG_CHECKING([if a basic OpenSSL program works]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ -#include -#include -#include - ], [ - SSL_library_init(); - SSL_load_error_strings(); - ])], [ - AC_MSG_RESULT([yes]) - ], [ - AC_MSG_RESULT([no]) - AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) - ]) - AC_LANG_POP([C]) - - AC_CHECK_FUNCS([TLS_method]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2]) - TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_3], [], [tlsv1.3], [NO_TLS1_3], [SSL_OP_NO_TLSv1_3]) - - AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [ - AC_LANG_PUSH(C) - AC_MSG_CHECKING([for SSL_set_tlsext_host_name]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([ -#include -#include - ], [ - (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0); - ])], [ - AC_MSG_RESULT([yes]) - tcltls_cv_func_tlsext_hostname='yes' - ], [ - AC_MSG_RESULT([no]) - tcltls_cv_func_tlsext_hostname='no' - ]) - AC_LANG_POP([C]) - ]) - - if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then - AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI]) - fi - - dnl Restore compile-altering variables - LIBS="${SAVE_LIBS}" - CFLAGS="${SAVE_CFLAGS}" - CPPFLAGS="${SAVE_CPPFLAGS}" ]) Index: configure ================================================================== --- configure +++ configure @@ -784,10 +784,14 @@ enable_64bit_vis enable_rpath enable_symbols with_openssl_dir with_openssl_pkgconfig +enable_tls1 +enable_tls1_1 +enable_tls1_2 +enable_tls1_3 enable_deterministic with_builtin_dh_params_size enable_ssl_fastpath enable_static_ssl enable_hardening @@ -1428,10 +1432,14 @@ shared builds (default: on) --enable-64bit enable 64bit support (default: off) --enable-64bit-vis enable 64bit Sparc VIS support (default: off) --disable-rpath disable rpath support (default: on) --enable-symbols build with debugging symbols (default: off) + --disable-tls1 disable TLS1 support + --disable-tls1_1 disable TLS1.1 support + --disable-tls1_2 disable TLS1.2 support + --disable-tls1_3 disable TLS1.3 support --enable-deterministic enable deterministic parameters --enable-ssl-fastpath enable using the underlying file descriptor for talking directly to the SSL library --enable-static-ssl enable statically linking to the specified SSL library @@ -5365,13 +5373,11 @@ printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) - -printf "%s\n" "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h - + # ;; #( *) as_fn_error $? "unknown endianness presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac @@ -8914,10 +8920,12 @@ # libraries. If it is not set, then we will use RSA BSAFE SSL-C # libraries instead of the default OpenSSL libaries. #-------------------------------------------------------------------- OPENSSL="1" +OPENSSL="1" + openssldir='' opensslpkgconfigdir='' @@ -9006,322 +9014,147 @@ if test "$TCLEXT_BUILD" = "static"; then rm -f tcltls.${AREXT}.linkadd printf "%s\n" "$TCLTLS_SSL_LIBS" > tcltls.${AREXT}.linkadd fi - -rm -f core conftest.err conftest.$ac_objext conftest.beam \ - conftest$ac_exeext conftest.$ac_ext - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - ac_fn_c_check_func "$LINENO" "TLS_method" "ac_cv_func_TLS_method" -if test "x$ac_cv_func_TLS_method" = xyes -then : - printf "%s\n" "#define HAVE_TLS_METHOD 1" >>confdefs.h - -fi - - - if test "$tcltls_ssl_ssl2" = "true" -o "$tcltls_ssl_ssl2" = "force"; then - proto_check='true' - - ac_fn_c_check_func "$LINENO" "SSLv2_method" "ac_cv_func_SSLv2_method" -if test "x$ac_cv_func_SSLv2_method" = xyes -then : - -else $as_nop - - proto_check='false' - -fi - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_ssl2" = "force"; then - as_fn_error $? "Unable to enable sslv2" "$LINENO" 5 - fi - - tcltls_ssl_ssl2='false' - fi - fi - - if test "$tcltls_ssl_ssl2" = "false"; then - -printf "%s\n" "#define NO_SSL2 1" >>confdefs.h - - fi - - - - if test "$tcltls_ssl_ssl3" = "true" -o "$tcltls_ssl_ssl3" = "force"; then - proto_check='true' - - ac_fn_c_check_func "$LINENO" "SSLv3_method" "ac_cv_func_SSLv3_method" -if test "x$ac_cv_func_SSLv3_method" = xyes -then : - -else $as_nop - - proto_check='false' - -fi - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_ssl3" = "force"; then - as_fn_error $? "Unable to enable sslv3" "$LINENO" 5 - fi - - tcltls_ssl_ssl3='false' - fi - fi - - if test "$tcltls_ssl_ssl3" = "false"; then - -printf "%s\n" "#define NO_SSL3 1" >>confdefs.h - - fi - - - - if test "$tcltls_ssl_tls1_0" = "true" -o "$tcltls_ssl_tls1_0" = "force"; then - proto_check='true' - - ac_fn_c_check_func "$LINENO" "TLSv1_method" "ac_cv_func_TLSv1_method" -if test "x$ac_cv_func_TLSv1_method" = xyes -then : - -else $as_nop - - proto_check='false' - -fi - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_tls1_0" = "force"; then - as_fn_error $? "Unable to enable tlsv1.0" "$LINENO" 5 - fi - - tcltls_ssl_tls1_0='false' - fi - fi - - if test "$tcltls_ssl_tls1_0" = "false"; then - -printf "%s\n" "#define NO_TLS1 1" >>confdefs.h - - fi - - - - if test "$tcltls_ssl_tls1_1" = "true" -o "$tcltls_ssl_tls1_1" = "force"; then - proto_check='true' - - ac_fn_c_check_func "$LINENO" "TLSv1_1_method" "ac_cv_func_TLSv1_1_method" -if test "x$ac_cv_func_TLSv1_1_method" = xyes -then : - -else $as_nop - - proto_check='false' - -fi - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_tls1_1" = "force"; then - as_fn_error $? "Unable to enable tlsv1.1" "$LINENO" 5 - fi - - tcltls_ssl_tls1_1='false' - fi - fi - - if test "$tcltls_ssl_tls1_1" = "false"; then - -printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h - - fi - - - - if test "$tcltls_ssl_tls1_2" = "true" -o "$tcltls_ssl_tls1_2" = "force"; then - proto_check='true' - - ac_fn_c_check_func "$LINENO" "TLSv1_2_method" "ac_cv_func_TLSv1_2_method" -if test "x$ac_cv_func_TLSv1_2_method" = xyes -then : - -else $as_nop - - proto_check='false' - -fi - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_tls1_2" = "force"; then - as_fn_error $? "Unable to enable tlsv1.2" "$LINENO" 5 - fi - - tcltls_ssl_tls1_2='false' - fi - fi - - if test "$tcltls_ssl_tls1_2" = "false"; then - -printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h - - fi - - - - if test "$tcltls_ssl_tls1_3" = "true" -o "$tcltls_ssl_tls1_3" = "force"; then - proto_check='true' - + if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then + if test "$TCLEXT_BUILD" != "static"; then + new_TCLTLS_SSL_LIBS_normal='' + new_TCLTLS_SSL_LIBS_static='' + for arg in $TCLTLS_SSL_LIBS; do + case "${arg}" in + -L*) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" + ;; + -ldl|-lrt|-lc|-lpthread|-lm|-lcrypt|-lidn|-lresolv|-lgcc|-lgcc_s) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + ;; + -l*) + new_TCLTLS_SSL_LIBS_static="${new_TCLTLS_SSL_LIBS_static} ${arg}" + ;; + *) + new_TCLTLS_SSL_LIBS_normal="${new_TCLTLS_SSL_LIBS_normal} ${arg}" + ;; + esac + done + + + + + + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for how to statically link to OpenSSL" >&5 +printf %s "checking for how to statically link to OpenSSL... " >&6; } + + trylink_ADD_LDFLAGS='' + for arg in $new_TCLTLS_SSL_LIBS_static; do + case "${arg}" in + -L*) + trylink_ADD_LDFLAGS="${arg}" + ;; + esac + done + + SAVELIBS="$LIBS" + staticlib="" + found="0" ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tlsv1.3 protocol support" >&5 -printf %s "checking for tlsv1.3 protocol support... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include -#if (SSLEAY_VERSION_NUMBER >= 0x0907000L) -# include -#endif - -int -main (void) -{ - -int x = SSL_OP_NO_TLSv1_3; - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO" -then : - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } - -else $as_nop - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - - proto_check='false' - -fi -rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - - - if test "$proto_check" = 'false'; then - if test "$tcltls_ssl_tls1_3" = "force"; then - as_fn_error $? "Unable to enable tlsv1.3" "$LINENO" 5 - fi - - tcltls_ssl_tls1_3='false' - fi - fi - - if test "$tcltls_ssl_tls1_3" = "false"; then - -printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h - - fi - - - - if test ${tcltls_cv_func_tlsext_hostname+y} -then : - printf %s "(cached) " >&6 -else $as_nop - - ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SSL_set_tlsext_host_name" >&5 -printf %s "checking for SSL_set_tlsext_host_name... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -#include -#include - -int -main (void) -{ - - (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0); + for trylink in "-Wl,-a,archive $new_TCLTLS_SSL_LIBS_static -Wl,-a,shared_archive" "-Wl,-Bstatic $new_TCLTLS_SSL_LIBS_static -Wl,-Bdynamic" "$new_TCLTLS_SSL_LIBS_static"; do + if echo " ${LDFLAGS} " | grep ' -static ' >/dev/null; then + if test "${trylink}" != "$new_TCLTLS_SSL_LIBS_static"; then + continue + fi + fi + + LIBS="${SAVELIBS} ${trylink_ADD_LDFLAGS} ${trylink}" + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO" then : - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -printf "%s\n" "yes" >&6; } - tcltls_cv_func_tlsext_hostname='yes' - -else $as_nop - - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 -printf "%s\n" "no" >&6; } - tcltls_cv_func_tlsext_hostname='no' + staticlib="${trylink}" + found="1" + + break fi rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - ac_ext=c + done + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu + LIBS="${SAVELIBS}" -fi + if test "${found}" = "1"; then + new_RESULT='' + SAVERESULT="$new_TCLTLS_SSL_LIBS_static" + for lib in ${SAVERESULT}; do + addlib='1' + for removelib in $new_TCLTLS_SSL_LIBS_static; do + if test "${lib}" = "${removelib}"; then + addlib='0' + break + fi + done + + if test "$addlib" = '1'; then + new_RESULT="${new_RESULT} ${lib}" + fi + done + new_TCLTLS_SSL_LIBS_static="${new_RESULT} ${staticlib}" + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${staticlib}" >&5 +printf "%s\n" "${staticlib}" >&6; } - if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: cant" >&5 +printf "%s\n" "cant" >&6; } -printf "%s\n" "#define OPENSSL_NO_TLSEXT 1" >>confdefs.h fi + + TCLTLS_SSL_LIBS="${new_TCLTLS_SSL_LIBS_normal} ${new_TCLTLS_SSL_LIBS_static}" + fi + fi - LIBS="${SAVE_LIBS}" - CFLAGS="${SAVE_CFLAGS}" - CPPFLAGS="${SAVE_CPPFLAGS}" +#TLS_CHECK_SSL + +#AC_CHECK_LIB(crypto, main, [LIBS="$LIBS -lcrypto"]) +#AC_CHECK_LIB(ssl, main, [LIBS="$LIBS -lssl"]) + + SSL_DIR="/usr" + SSL_LIB_DIR=${SSL_DIR}/lib64 + SSL_INCLUDE_DIR=${SSL_DIR}/include/openssl + + + + + + SSL_INCLUDE_DIR_NATIVE=\"`${CYGPATH} ${SSL_INCLUDE_DIR}`\" + SSL_LIB_DIR_NATIVE=\"`${CYGPATH} ${SSL_LIB_DIR}`\" + #-------------------------------------------------------------------- # Shared libraries and static libraries have different names. # Also, windows libraries and unix libraries have different names. @@ -9375,12 +9208,13 @@ # Convert foo.lib to -lfoo for GCC. No-op if not *.lib i=`echo "$i" | sed -e 's/^\([^-].*\)\.[lL][iI][bB]$/-l\1/'` fi PKG_LIBS="$PKG_LIBS $i" done - fi + + fi else # Subst runtime dir here, use -R and -L where necessary. [Bug 1742859] LIB_RUNTIME_DIR=${SSL_LIB_DIR} eval "LD_SEARCH_FLAGS=\"${LD_SEARCH_FLAGS}\"" if test -n "${OPENSSL}"; then @@ -9477,10 +9311,63 @@ #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- + +# Check whether --enable-tls1 was given. +if test ${enable_tls1+y} +then : + enableval=$enable_tls1; + if (test "${enableval}" = "no"); then + +printf "%s\n" "#define NO_TLS1 1" >>confdefs.h + + fi + +fi + + +# Check whether --enable-tls1_1 was given. +if test ${enable_tls1_1+y} +then : + enableval=$enable_tls1_1; + if (test "${enableval}" = "no"); then + +printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h + + fi + +fi + + +# Check whether --enable-tls1_2 was given. +if test ${enable_tls1_2+y} +then : + enableval=$enable_tls1_2; + if (test "${enableval}" = "no"); then + +printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h + + fi + +fi + + +# Check whether --enable-tls1_3 was given. +if test ${enable_tls1_3+y} +then : + enableval=$enable_tls1_3; + if (test "${enableval}" = "no"); then + +printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h + + fi + +fi + + tcltls_deterministic='false' # Check whether --enable-deterministic was given. if test ${enable_deterministic+y} then : @@ -9505,14 +9392,11 @@ withval=$with_builtin_dh_params_size; case $withval in #( 2048|4096|8192) : ;; #( *) : - - as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 - - ;; + as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;; esac GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" fi @@ -9810,11 +9694,10 @@ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs - CFLAGS="${CFLAGS} ${CPPFLAGS}"; CPPFLAGS="" : "${CONFIG_STATUS=./config.status}" Index: configure.ac ================================================================== --- configure.ac +++ configure.ac @@ -245,10 +245,38 @@ #-------------------------------------------------------------------- # Custom #-------------------------------------------------------------------- + +dnl Disable support for TLS 1.0 +AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 support]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1], [1], [Disable TLS1 support]) + fi +]) + +dnl Disable support for TLS 1.1 +AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 support]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 support]) + fi +]) + +dnl Disable support for TLS 1.2 +AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 support]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 support]) + fi +]) + +dnl Disable support for TLS 1.3 +AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 support]), [ + if test "${enableval}" = "no"; then + AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 support]) + fi +]) dnl Enable support for building the same library every time tcltls_deterministic='false' AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic parameters]), [ if test "$enableval" = "yes"; then @@ -262,16 +290,11 @@ fi dnl Enable support for specifying pre-computed DH params size AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=], [specify the size of the built-in, precomputed, DH params]), [ - AS_CASE([$withval], - [2048|4096|8192],, - [ - AC_MSG_ERROR([Unsupported DH params size: $withval]) - ] - ) + AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])]) GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval" ]) AC_SUBST(GEN_DH_PARAMS_ARGS)