This is an automated email from the ASF dual-hosted git repository. maskit pushed a commit to branch quic-latest in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit b82fd38bb5408eefc6351780a88ed86940e28685 Author: Masakazu Kitajo <mas...@apache.org> AuthorDate: Tue Aug 15 12:27:10 2017 +0900 Make TLS 1.3 support optional --- build/crypto.m4 | 28 ++++++++++++++++++++++++++++ cmd/traffic_layout/traffic_layout.cc | 1 + configure.ac | 16 +++------------- lib/ts/ink_config.h.in | 1 + 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/build/crypto.m4 b/build/crypto.m4 index 3a3b03b..dea1c59 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -230,3 +230,31 @@ AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [ TS_ARG_ENABLE_VAR([use], [dh_get_2048_256]) AC_SUBST(use_dh_get_2048_256) ]) + +AC_DEFUN([TS_CHECK_CRYPTO_TLS13], [ + enable_tls13=yes + _tls13_saved_LIBS=$LIBS + TS_ADDTO(LIBS, [$OPENSSL_LIBS]) + AC_MSG_CHECKING([whether TLS 1.3 is supported]) + AC_LINK_IFELSE( + [ + AC_LANG_PROGRAM([[ +#include <openssl/ssl.h> + ]], + [[ +#ifndef TLS1_3_VERSION +# error no TLS1_3 support +#endif + ]]) + ], + [ + AC_MSG_RESULT([yes]) + ], + [ + AC_MSG_RESULT([no]) + enable_tls13=no + ]) + LIBS=$_tls13_saved_LIBS + TS_ARG_ENABLE_VAR([use], [tls13]) + AC_SUBST(use_tls13) +]) diff --git a/cmd/traffic_layout/traffic_layout.cc b/cmd/traffic_layout/traffic_layout.cc index 82a33c8..e959c54 100644 --- a/cmd/traffic_layout/traffic_layout.cc +++ b/cmd/traffic_layout/traffic_layout.cc @@ -108,6 +108,7 @@ produce_features(bool json) print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json); print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json); print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json); + print_feature("TS_USE_TLS13", TS_USE_TLS13, json); print_feature("TS_USE_LINUX_NATIVE_AIO", TS_USE_LINUX_NATIVE_AIO, json); print_feature("TS_HAS_SO_PEERCRED", TS_HAS_SO_PEERCRED, json); print_feature("TS_USE_REMOTE_UNWINDING", TS_USE_REMOTE_UNWINDING, json); diff --git a/configure.ac b/configure.ac index 4e1692d..a0e80d6 100644 --- a/configure.ac +++ b/configure.ac @@ -1140,6 +1140,9 @@ TS_CHECK_CRYPTO_SET_RBIO # Check for DH_get_2048_256 TS_CHECK_CRYPTO_DH_GET_2048_256 +# Check for TLS 1.3 support +TS_CHECK_CRYPTO_TLS13 + saved_LIBS="$LIBS" TS_ADDTO([LIBS], ["$OPENSSL_LIBS"]) @@ -1174,19 +1177,6 @@ AC_CHECK_FUNC([EVP_MD_CTX_reset], [], AC_CHECK_FUNC([EVP_MD_CTX_free], [], [AC_DEFINE([EVP_MD_CTX_free], [EVP_MD_CTX_destroy], [Renamed in OpenSSL 1.1])]) -AC_MSG_CHECKING([for TLS 1.3 is supported]) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>]], - [[ - #ifndef TLS1_3_VERSION - # error no TLS1_3 support - #endif - ]]) - ], - [AC_MSG_RESULT([yes])], - [AC_ERROR(OpenSSL 1.1.1+ or BoringSSL is required); - AC_MSG_RESULT([no])]) - - AC_MSG_CHECKING([for OpenSSL is BoringSSL]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/base.h>]], [[ diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in index 79b2c00..1bb3875 100644 --- a/lib/ts/ink_config.h.in +++ b/lib/ts/ink_config.h.in @@ -75,6 +75,7 @@ #define TS_USE_SET_RBIO @use_set_rbio@ #define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@ #define TS_USE_TLS_ECKEY @use_tls_eckey@ +#define TS_USE_TLS13 @use_tls13@ #define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@ #define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@ #define TS_USE_SSLV3_CLIENT @use_sslv3_client@ -- To stop receiving notification emails like this one, please contact "commits@trafficserver.apache.org" <commits@trafficserver.apache.org>.