diff options
author | Eduardo Chappa <chappa@washington.edu> | 2019-02-17 19:17:46 -0700 |
---|---|---|
committer | Eduardo Chappa <chappa@washington.edu> | 2019-02-17 19:17:46 -0700 |
commit | 08fcd1b86979b422eb586e56459d6fe15333e500 (patch) | |
tree | 27247d07d9c1063e2a2fc376155d675f54a4d4e4 /configure.ac | |
parent | 35f3426203172af028df5a6e39bc6dea2514020d (diff) | |
download | alpine-08fcd1b86979b422eb586e56459d6fe15333e500.tar.xz |
* Rewrite support for specific SSL encryption protocols, including
a. Add a new variable: encryption-protocol-range, which can be
used to specify the minimum and maximum versions of the TLS
protocol that Alpine will attempt to use to encrypt its
communication with the server.
b. Add support for the Server Name Identification (SNI) extension
needed for TLSv1.3.
c. Remove the DTLS code. It was not being used.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index f9e149c..0a67d01 100644 --- a/configure.ac +++ b/configure.ac @@ -951,6 +951,70 @@ if test "x$alpine_SSLTYPE" != "xnone" ; then fi fi +if test "x$alpine_SSLTYPE" != "xnone" ; then + alpine_default_SSLMIN="no_min" + alpine_default_SSLMAX="no_max" + alpine_default_RANGE="${alpine_default_SSLMIN},${alpine_default_SSLMAX}" + alpine_ENCRYPTION="$alpine_default_SSLMIN ssl3 tls1 tls1_1 tls1_2 tls1_3 $alpine_default_SSLMAX" + alpine_SSLMIN="$alpine_default_SSLMIN" + alpine_SSLMAX="$alpine_default_SSLMAX" + alpine_RANGE="$alpine_default_RANGE" + AC_ARG_WITH(encryption-minimum-version, + AS_HELP_STRING([--encryption-minimum-version=VERSION],[Minimum SSL encryption version. Default: no_min]), + [ + if test "x$withval" != "xno" ; then + alpine_SSLMIN=$withval + fi + ]) + AC_ARG_WITH(encryption-maximum-version, + AS_HELP_STRING([--encryption-maximum-version=VERSION],[Maximum SSL encryption version. Default: no_max]), + [ + if test "x$withval" != "xno" ; then + alpine_SSLMAX=$withval + fi + ]) + alpine_RANGE="$alpine_SSLMIN $alpine_SSLMAX" + for range in ${alpine_RANGE} ; do + for encryption in ${alpine_ENCRYPTION} ; do + if test "x$range" = "x$encryption" ; then + if test -z $alpine_min ; then + alpine_min="yes" + else + alpine_max="yes" + fi + fi + done + done + + if test -z $alpine_max ; then + AC_MSG_ERROR(Unrecognized maximum encryption version: $alpine_max) + fi + + if test -z $alpine_min ; then + AC_MSG_ERROR(Unrecognized minimum encryption version: $alpine_min) + fi + + if test "x$alpine_SSLMIN" != "x$alpine_SSLMAX" ; then + alpine_RANGE_FEASIBLE=`echo "$alpine_ENCRYPTION" | sed "s/^.*$alpine_SSLMIN//" | grep "$alpine_SSLMAX"` + if test -n "$alpine_RANGE_FEASIBLE" ; then + alpine_RANGE="${alpine_SSLMIN},${alpine_SSLMAX}" + else + AC_MSG_WARN(Reversing order of minimum and maximum encryption) + alpine_RANGE="${alpine_SSLMAX},${alpine_SSLMIN}" + fi + else + if test "x$alpine_SSLMIN" = "x$alpine_default_SSLMIN" ; then + AC_MSG_WARN(Overriding maximum encryption to default) + alpine_SSLMAX="$alpine_default_SSLMAX" + fi + if test "x$alpine_SSLMAX" = "x$alpine_default_SSLMAX" ; then + AC_MSG_WARN(Overriding minimum encryption to default) + alpine_SSLMIN="$alpine_default_SSLMIN" + fi + alpine_RANGE="${alpine_SSLMIN},${alpine_SSLMAX}" + fi +PINEVAR(encryption-range, DF_ENCRYPTION_RANGE, [$alpine_RANGE] , [Default Encryption Range]) +fi dnl Include Kerberos? dnl Set GSSDIR for c-client make |