summaryrefslogtreecommitdiff
path: root/configure
diff options
context:
space:
mode:
authorEduardo Chappa <chappa@washington.edu>2019-02-17 19:17:46 -0700
committerEduardo Chappa <chappa@washington.edu>2019-02-17 19:17:46 -0700
commit08fcd1b86979b422eb586e56459d6fe15333e500 (patch)
tree27247d07d9c1063e2a2fc376155d675f54a4d4e4 /configure
parent35f3426203172af028df5a6e39bc6dea2514020d (diff)
downloadalpine-08fcd1b86979b422eb586e56459d6fe15333e500.tar.xz
* Rewrite support for specific SSL encryption protocols, including
a. Add a new variable: encryption-protocol-range, which can be used to specify the minimum and maximum versions of the TLS protocol that Alpine will attempt to use to encrypt its communication with the server. b. Add support for the Server Name Identification (SNI) extension needed for TLSv1.3. c. Remove the DTLS code. It was not being used.
Diffstat (limited to 'configure')
-rwxr-xr-xconfigure99
1 files changed, 99 insertions, 0 deletions
diff --git a/configure b/configure
index 238a2ee9..0f34f07b 100755
--- a/configure
+++ b/configure
@@ -914,6 +914,9 @@ with_ssl_dir
with_ssl_certs_dir
with_ssl_include_dir
with_ssl_lib_dir
+with_encryption_minimum_version
+with_encryption_maximum_version
+with_encryption_range
with_krb5
with_krb5_dir
with_krb5_include_dir
@@ -1756,6 +1759,12 @@ Optional Packages:
--with-ssl-include-dir=DIR
SSL include file path
--with-ssl-lib-dir=DIR SSL library path
+ --encryption-minimum-version=VERSION
+ Minimum SSL encryption version. Default: no_min
+ --encryption-maximum-version=VERSION
+ Maximum SSL encryption version. Default: no_max
+ --with-encryption-range=VALUE
+ Default Encryption Range ($alpine_RANGE )
--without-krb5 Disable Kerberos support
--with-krb5-dir=DIR Root of Kerberos lib/include path
--with-krb5-include-dir=DIR
@@ -18213,6 +18222,96 @@ fi
fi
fi
+if test "x$alpine_SSLTYPE" != "xnone" ; then
+ alpine_default_SSLMIN="no_min"
+ alpine_default_SSLMAX="no_max"
+ alpine_default_RANGE="${alpine_default_SSLMIN},${alpine_default_SSLMAX}"
+ alpine_ENCRYPTION="$alpine_default_SSLMIN ssl3 tls1 tls1_1 tls1_2 tls1_3 $alpine_default_SSLMAX"
+ alpine_SSLMIN="$alpine_default_SSLMIN"
+ alpine_SSLMAX="$alpine_default_SSLMAX"
+ alpine_RANGE="$alpine_default_RANGE"
+
+# Check whether --with-encryption-minimum-version was given.
+if test "${with_encryption_minimum_version+set}" = set; then :
+ withval=$with_encryption_minimum_version;
+ if test "x$withval" != "xno" ; then
+ alpine_SSLMIN=$withval
+ fi
+
+fi
+
+
+# Check whether --with-encryption-maximum-version was given.
+if test "${with_encryption_maximum_version+set}" = set; then :
+ withval=$with_encryption_maximum_version;
+ if test "x$withval" != "xno" ; then
+ alpine_SSLMAX=$withval
+ fi
+
+fi
+
+ alpine_RANGE="$alpine_SSLMIN $alpine_SSLMAX"
+ for range in ${alpine_RANGE} ; do
+ for encryption in ${alpine_ENCRYPTION} ; do
+ if test "x$range" = "x$encryption" ; then
+ if test -z $alpine_min ; then
+ alpine_min="yes"
+ else
+ alpine_max="yes"
+ fi
+ fi
+ done
+ done
+
+ if test -z $alpine_max ; then
+ as_fn_error $? "Unrecognized maximum encryption version: $alpine_max" "$LINENO" 5
+ fi
+
+ if test -z $alpine_min ; then
+ as_fn_error $? "Unrecognized minimum encryption version: $alpine_min" "$LINENO" 5
+ fi
+
+ if test "x$alpine_SSLMIN" != "x$alpine_SSLMAX" ; then
+ alpine_RANGE_FEASIBLE=`echo "$alpine_ENCRYPTION" | sed "s/^.*$alpine_SSLMIN//" | grep "$alpine_SSLMAX"`
+ if test -n "$alpine_RANGE_FEASIBLE" ; then
+ alpine_RANGE="${alpine_SSLMIN},${alpine_SSLMAX}"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Reversing order of minimum and maximum encryption" >&5
+$as_echo "$as_me: WARNING: Reversing order of minimum and maximum encryption" >&2;}
+ alpine_RANGE="${alpine_SSLMAX},${alpine_SSLMIN}"
+ fi
+ else
+ if test "x$alpine_SSLMIN" = "x$alpine_default_SSLMIN" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Overriding maximum encryption to default" >&5
+$as_echo "$as_me: WARNING: Overriding maximum encryption to default" >&2;}
+ alpine_SSLMAX="$alpine_default_SSLMAX"
+ fi
+ if test "x$alpine_SSLMAX" = "x$alpine_default_SSLMAX" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Overriding minimum encryption to default" >&5
+$as_echo "$as_me: WARNING: Overriding minimum encryption to default" >&2;}
+ alpine_SSLMIN="$alpine_default_SSLMIN"
+ fi
+ alpine_RANGE="${alpine_SSLMIN},${alpine_SSLMAX}"
+ fi
+
+ dpv=$alpine_RANGE
+
+# Check whether --with-encryption-range was given.
+if test "${with_encryption_range+set}" = set; then :
+ withval=$with_encryption_range;
+ if test "x$withval" != "xno" ; then
+ dpv=$withval
+ fi
+
+fi
+
+
+cat >>confdefs.h <<_ACEOF
+#define DF_ENCRYPTION_RANGE "$dpv"
+_ACEOF
+
+
+fi
# Check whether --with-krb5 was given.