tlscheck should only be built when SSL/TLS is available/enabled.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12652 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/cups/tlscheck.c b/cups/tlscheck.c
index a17d73104dfadb50c1bea412f89c96b126c34fa0..352c3344d106b05195594bd7363cfc7ba4c8461b 100644 (file)
--- a/cups/tlscheck.c
+++ b/cups/tlscheck.c
@@ -22,6 +22,10 @@
 #include "cups-private.h"
 
 
+#ifndef HAVE_SSL
+int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
+#else
+
 /*
  * Local functions...
  */
@@ -727,6 +731,7 @@ usage(void)
 
   exit(1);
 }
+#endif /* !HAVE_SSL */
 
 
 /*

diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html
index 06093fb77a8adcb73484aa7c46512c833c0430ff..edf4470b612cfccb5ea8fab3885679905646eeea 100644 (file)
--- a/doc/help/man-client.conf.html
+++ b/doc/help/man-client.conf.html
@@ -12,7 +12,7 @@ client.conf - client configuration file for cups (deprecated)
 <h2 class="title"><a name="DESCRIPTION">Description</a></h2>
 The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
 Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
-<p><b>Note:</b> Starting with OS X 10.7, this file is only used by command-line and X11 applications.
+<p><b>Note:</b> Starting with OS X 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
 The <b>ServerName</b> directive is not supported on OS X at all.
 <h3><a name="DIRECTIVES">Directives</a></h3>
 The following directives are understood by the client. Consult the online help for detailed descriptions:
@@ -38,12 +38,14 @@ CUPS adds the remote hostname ("name@server.example.com") for you. The default n
 <b>Note: This directive it not supported on OS X 10.7 or later.</b>
 <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
 <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
 The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
 The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><b>User </b><i>name</i>
 <dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
 <dt><b>ValidateCerts Yes</b>
@@ -57,7 +59,7 @@ The <b>client.conf</b> file is deprecated and will no longer be supported in a f
 <a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
 CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
 <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright &copy; 2007-2014 by Apple Inc.
+Copyright &copy; 2007-2015 by Apple Inc.
 
 </body>
 </html>