Commit 847fe929 authored Aug 26, 2016 by Matt Caswell

Fix the no-tls1 option



This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not
possible to do no-tls1_1 or no-tls1_2 in 1.0.2).

Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows
that disabling TLS1.0 should force the disabling of tlsext.

Also a few missing ifdef guards.

GitHub Iusse#935

Reviewed-by: Rich Salz <rsalz@openssl.org>

parent 3953bf53

Configure

+0 −5

Original line number	Diff line number	Diff line
		@@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) \|\| defined($disabled{"sha"})
		$disabled{"tls1"} = "forced";
		}

		if (defined($disabled{"tls1"}))
		{
		$disabled{"tlsext"} = "forced";
		}

		if (defined($disabled{"ec"}) \|\| defined($disabled{"dsa"})
		\|\| defined($disabled{"dh"}))
		{

apps/srp.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -765,4 +765,6 @@ int MAIN(int argc, char **argv)
		OPENSSL_EXIT(ret);
		}

		#else
		static void *dummy = &dummy;
		#endif

ssl/ssltest.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -3141,9 +3141,12 @@ static unsigned int psk_server_callback(SSL ssl, const char identity,

		static int do_test_cipherlist(void)
		{
		#if !defined(OPENSSL_NO_SSL2) \|\| !defined(OPENSSL_NO_SSL3) \|\| \
		!defined(OPENSSL_NO_TLS1)
		int i = 0;
		const SSL_METHOD *meth;
		const SSL_CIPHER ci, tci = NULL;
		#endif

		#ifndef OPENSSL_NO_SSL2
		fprintf(stderr, "testing SSLv2 cipher list order: ");