Index: aclocal/tcltls_openssl.m4 ================================================================== --- aclocal/tcltls_openssl.m4 +++ aclocal/tcltls_openssl.m4 @@ -1,5 +1,27 @@ +dnl $1 = Name of variable +dnl $2 = Name of function to check for +dnl $3 = Name of protocol +dnl $4 = Name of CPP macro to define +AC_DEFUN([TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER], [ + dnl Determine if particular SSL version is enabled + if test "[$]$1" = "true" -o "[$]$1" = "force"; then + AC_CHECK_FUNC($2,, [ + if test "[$]$1" = "force"; then + AC_MSG_ERROR([Unable to enable $3]) + fi + + $1='false' + ]) + fi + + if test "[$]$1" = "false" -o "[$]$1" = "force_off"; then + AC_DEFINE($4, [1], [Define this to disable $3 in OpenSSL support]) + fi + +]) + AC_DEFUN([TCLTLS_SSL_OPENSSL], [ openssldir='' AC_ARG_WITH([ssl-dir], AS_HELP_STRING( [--with-ssl-dir=], @@ -70,71 +92,38 @@ AC_MSG_RESULT([no]) AC_MSG_ERROR([Unable to compile a basic program using OpenSSL]) ]) AC_LANG_POP([C]) - dnl Determine if SSLv2 is supported - if test "$tcltls_ssl_ssl2" = "true"; then - AC_CHECK_FUNC(SSLv2_method,, [ - tcltls_ssl_ssl2='false' - ]) - fi - - if test "$tcltls_ssl_ssl2" = "false"; then - AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support]) - fi - - dnl Determine if SSLv3 is supported - if test "$tcltls_ssl_ssl3" = "true"; then - AC_CHECK_FUNC(SSLv3_method,, [ - tcltls_ssl_ssl3='false' - ]) - fi - - if test "$tcltls_ssl_ssl3" = "false"; then - AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support]) - fi - - dnl Determine if TLSv1.0 is supported - if test "$tcltls_ssl_tls1_0" = "true"; then - AC_CHECK_FUNC(TLSv1_method,, [ - tcltls_ssl_tls1_0='false' - ]) - fi - - if test "$tcltls_ssl_tls1_0" = "false"; then - AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support]) - fi - - dnl Determine if TLSv1.1 is supported - if test "$tcltls_ssl_tls1_1" = "true"; then - AC_CHECK_FUNC(TLSv1_1_method,, [ - tcltls_ssl_tls1_1='false' - ]) - fi - - if test "$tcltls_ssl_tls1_1" = "false"; then - AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support]) - fi - - dnl Determine if TLSv1.2 is supported - if test "$tcltls_ssl_tls1_2" = "true"; then - AC_CHECK_FUNC(TLSv1_2_method,, [ - tcltls_ssl_tls1_2='false' - ]) - fi - - if test "$tcltls_ssl_tls1_2" = "false"; then - AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support]) - fi + TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl2], [SSLv2_method], [sslv2], [NO_SSL2]) + TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_ssl3], [SSLv3_method], [sslv3], [NO_SSL3]) + TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_0], [TLSv1_method], [tlsv1.0], [NO_TLS1]) + TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_1], [TLSv1_1_method], [tlsv1.1], [NO_TLS1_1]) + TCLTLS_SSL_OPENSSL_CHECK_PROTO_VER([tcltls_ssl_tls1_2], [TLSv1_2_method], [tlsv1.2], [NO_TLS1_2]) AC_CACHE_VAL([tcltls_cv_func_tlsext_hostname], [ - AC_CHECK_FUNC(SSL_set_tlsext_host_name, [ + AC_LANG_PUSH(C) + AC_MSG_CHECKING([for SSL_set_tlsext_host_name]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ +#include +#if (SSLEAY_VERSION_NUMBER >= 0x0907000L) +# include +#endif + ], [ + (void)SSL_set_tlsext_host_name((void *) 0, (void *) 0); + ])], [ + AC_MSG_RESULT([yes]) tcltls_cv_func_tlsext_hostname='yes' - ], [ tcltls_cv_func_tlsext_hostname='no' + ], [ + AC_MSG_RESULT([no]) ]) + AC_LANG_POP([C]) + +dnl AC_CHECK_FUNC(SSL_set_tlsext_host_name, [ +dnl ], [ +dnl ]) ]) if test "$tcltls_cv_func_tlsext_hostname" = 'no'; then AC_DEFINE([OPENSSL_NO_TLSEXT], [1], [Define this if your OpenSSL does not support the TLS Extension for SNI]) fi Index: configure.in ================================================================== --- configure.in +++ configure.in @@ -61,43 +61,43 @@ dnl Allow the user to manually disable protocols dnl ## SSLv2: Disabled by default tcltls_ssl_ssl2='false' AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [ if test "$enableval" = "yes"; then - tcltls_ssl_ssl2='true' + tcltls_ssl_ssl2='force' fi ]) dnl ## SSLv3: Disabled by default tcltls_ssl_ssl3='false' AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [ if test "$enableval" = "yes"; then - tcltls_ssl_ssl3='true' + tcltls_ssl_ssl3='force' fi ]) dnl ## TLSv1.0: Enabled by default tcltls_ssl_tls1_0='true' AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [ if test "$enableval" = "no"; then - tcltls_ssl_tls1_0='false' + tcltls_ssl_tls1_0='force_off' fi ]) dnl ## TLSv1.1: Enabled by default tcltls_ssl_tls1_1='true' AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [ if test "$enableval" = "no"; then - tcltls_ssl_tls1_1='false' + tcltls_ssl_tls1_1='force_off' fi ]) dnl ## TLSv1.1: Enabled by default tcltls_ssl_tls1_2='true' AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [ if test "$enableval" = "no"; then - tcltls_ssl_tls1_2='false' + tcltls_ssl_tls1_2='force_off' fi ]) dnl Enable support for a debugging build tcltls_debug='false'