Index: autogen.sh
==================================================================
--- autogen.sh
+++ autogen.sh
@@ -11,10 +11,11 @@
 
 urls=(
 	http://chiselapp.com/user/rkeene/repository/autoconf/doc/trunk/tcl.m4
 	http://chiselapp.com/user/rkeene/repository/autoconf/doc/trunk/shobj.m4
 	http://chiselapp.com/user/rkeene/repository/autoconf/doc/trunk/versionscript.m4
+	'http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=blob_plain;f=m4/ax_check_compile_flag.m4'
 )
 
 localFiles=(
 	aclocal/tcltls_openssl.m4
 )

Index: configure.in
==================================================================
--- configure.in
+++ configure.in
@@ -106,10 +106,13 @@
 		tcltls_debug='true'
 	fi
 ])
 if test "$tcltls_debug" = 'true'; then
 	AC_DEFINE(TCLEXT_TCLTLS_DEBUG, [1], [Enable debugging build])
+	AX_CHECK_COMPILE_FLAG([-fcheck-pointer-bounds], [CFLAGS="$CFLAGS -fcheck-pointer-bounds"])
+	AX_CHECK_COMPILE_FLAG([-fsanitize=address], [CFLAGS="$CFLAGS -fsanitize=address"])
+	AX_CHECK_COMPILE_FLAG([-fsanitize=undefined], [CFLAGS="$CFLAGS -fsanitize=undefined"])
 fi
 
 dnl Find "xxd" so we can build the tls.tcl.h file
 AC_CHECK_PROG([XXD], [xxd], [xxd], [__xxd__not__found])
 
@@ -122,10 +125,15 @@
 	if test "$enableval" = 'yes'; then
 		TCLEXT_TLS_STATIC_SSL='yes'
 	fi
 ])
 
+dnl Enable hardening
+AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"])
+AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
+AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])
+
 dnl XXX:TODO: Automatically determine the SSL library to use
 dnl           defaulting to OpenSSL for compatibility reasons
 if test "$tcltls_ssl_lib" = 'auto'; then
 	tcltls_ssl_lib='openssl'
 fi