You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by ma...@apache.org on 2017/08/15 06:45:02 UTC
[trafficserver] 01/02: Make TLS 1.3 support optional
This is an automated email from the ASF dual-hosted git repository.
maskit pushed a commit to branch quic-latest
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit b82fd38bb5408eefc6351780a88ed86940e28685
Author: Masakazu Kitajo <ma...@apache.org>
AuthorDate: Tue Aug 15 12:27:10 2017 +0900
Make TLS 1.3 support optional
---
build/crypto.m4 | 28 ++++++++++++++++++++++++++++
cmd/traffic_layout/traffic_layout.cc | 1 +
configure.ac | 16 +++-------------
lib/ts/ink_config.h.in | 1 +
4 files changed, 33 insertions(+), 13 deletions(-)
diff --git a/build/crypto.m4 b/build/crypto.m4
index 3a3b03b..dea1c59 100644
--- a/build/crypto.m4
+++ b/build/crypto.m4
@@ -230,3 +230,31 @@ AC_DEFUN([TS_CHECK_CRYPTO_DH_GET_2048_256], [
TS_ARG_ENABLE_VAR([use], [dh_get_2048_256])
AC_SUBST(use_dh_get_2048_256)
])
+
+AC_DEFUN([TS_CHECK_CRYPTO_TLS13], [
+ enable_tls13=yes
+ _tls13_saved_LIBS=$LIBS
+ TS_ADDTO(LIBS, [$OPENSSL_LIBS])
+ AC_MSG_CHECKING([whether TLS 1.3 is supported])
+ AC_LINK_IFELSE(
+ [
+ AC_LANG_PROGRAM([[
+#include <openssl/ssl.h>
+ ]],
+ [[
+#ifndef TLS1_3_VERSION
+# error no TLS1_3 support
+#endif
+ ]])
+ ],
+ [
+ AC_MSG_RESULT([yes])
+ ],
+ [
+ AC_MSG_RESULT([no])
+ enable_tls13=no
+ ])
+ LIBS=$_tls13_saved_LIBS
+ TS_ARG_ENABLE_VAR([use], [tls13])
+ AC_SUBST(use_tls13)
+])
diff --git a/cmd/traffic_layout/traffic_layout.cc b/cmd/traffic_layout/traffic_layout.cc
index 82a33c8..e959c54 100644
--- a/cmd/traffic_layout/traffic_layout.cc
+++ b/cmd/traffic_layout/traffic_layout.cc
@@ -108,6 +108,7 @@ produce_features(bool json)
print_feature("TS_USE_CERT_CB", TS_USE_CERT_CB, json);
print_feature("TS_USE_SET_RBIO", TS_USE_SET_RBIO, json);
print_feature("TS_USE_TLS_ECKEY", TS_USE_TLS_ECKEY, json);
+ print_feature("TS_USE_TLS13", TS_USE_TLS13, json);
print_feature("TS_USE_LINUX_NATIVE_AIO", TS_USE_LINUX_NATIVE_AIO, json);
print_feature("TS_HAS_SO_PEERCRED", TS_HAS_SO_PEERCRED, json);
print_feature("TS_USE_REMOTE_UNWINDING", TS_USE_REMOTE_UNWINDING, json);
diff --git a/configure.ac b/configure.ac
index 4e1692d..a0e80d6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1140,6 +1140,9 @@ TS_CHECK_CRYPTO_SET_RBIO
# Check for DH_get_2048_256
TS_CHECK_CRYPTO_DH_GET_2048_256
+# Check for TLS 1.3 support
+TS_CHECK_CRYPTO_TLS13
+
saved_LIBS="$LIBS"
TS_ADDTO([LIBS], ["$OPENSSL_LIBS"])
@@ -1174,19 +1177,6 @@ AC_CHECK_FUNC([EVP_MD_CTX_reset], [],
AC_CHECK_FUNC([EVP_MD_CTX_free], [],
[AC_DEFINE([EVP_MD_CTX_free], [EVP_MD_CTX_destroy], [Renamed in OpenSSL 1.1])])
-AC_MSG_CHECKING([for TLS 1.3 is supported])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
- [[
- #ifndef TLS1_3_VERSION
- # error no TLS1_3 support
- #endif
- ]])
- ],
- [AC_MSG_RESULT([yes])],
- [AC_ERROR(OpenSSL 1.1.1+ or BoringSSL is required);
- AC_MSG_RESULT([no])])
-
-
AC_MSG_CHECKING([for OpenSSL is BoringSSL])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/base.h>]],
[[
diff --git a/lib/ts/ink_config.h.in b/lib/ts/ink_config.h.in
index 79b2c00..1bb3875 100644
--- a/lib/ts/ink_config.h.in
+++ b/lib/ts/ink_config.h.in
@@ -75,6 +75,7 @@
#define TS_USE_SET_RBIO @use_set_rbio@
#define TS_USE_GET_DH_2048_256 @use_dh_get_2048_256@
#define TS_USE_TLS_ECKEY @use_tls_eckey@
+#define TS_USE_TLS13 @use_tls13@
#define TS_USE_LINUX_NATIVE_AIO @use_linux_native_aio@
#define TS_USE_REMOTE_UNWINDING @use_remote_unwinding@
#define TS_USE_SSLV3_CLIENT @use_sslv3_client@
--
To stop receiving notification emails like this one, please contact
"commits@trafficserver.apache.org" <co...@trafficserver.apache.org>.