From 58796d493272dbfe073d9ee3962b09c49fb7a081 Mon Sep 17 00:00:00 2001
From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Fri, 22 May 2015 11:09:38 +0000
Subject: [PATCH] tlscheck should only be built when SSL/TLS is
 available/enabled.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12652 a1ca3aef-8c08-0410-bb20-df032aa958be
---
 cups/tlscheck.c               | 5 +++++
 doc/help/man-client.conf.html | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/cups/tlscheck.c b/cups/tlscheck.c
index a17d73104..352c3344d 100644
--- a/cups/tlscheck.c
+++ b/cups/tlscheck.c
@@ -22,6 +22,10 @@
 #include "cups-private.h"
 
 
+#ifndef HAVE_SSL
+int main(void) { puts("Sorry, no TLS support compiled in."); return (1); }
+#else
+
 /*
  * Local functions...
  */
@@ -727,6 +731,7 @@ usage(void)
 
   exit(1);
 }
+#endif /* !HAVE_SSL */
 
 
 /*
diff --git a/doc/help/man-client.conf.html b/doc/help/man-client.conf.html
index 06093fb77..edf4470b6 100644
--- a/doc/help/man-client.conf.html
+++ b/doc/help/man-client.conf.html
@@ -12,7 +12,7 @@ client.conf - client configuration file for cups (deprecated)
 <h2 class="title"><a name="DESCRIPTION">Description</a></h2>
 The <b>client.conf</b> file configures the CUPS client and is normally located in the <i>/etc/cups</i> and/or <i>~/.cups</i> directories.
 Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character.
-<p><b>Note:</b> Starting with OS X 10.7, this file is only used by command-line and X11 applications.
+<p><b>Note:</b> Starting with OS X 10.7, this file is only used by command-line and X11 applications plus the IPP backend.
 The <b>ServerName</b> directive is not supported on OS X at all.
 <h3><a name="DIRECTIVES">Directives</a></h3>
 The following directives are understood by the client. Consult the online help for detailed descriptions:
@@ -38,12 +38,14 @@ CUPS adds the remote hostname ("name@server.example.com") for you. The default n
 <b>Note: This directive it not supported on OS X 10.7 or later.</b>
 <dt><b>ServerName </b><i>hostname-or-ip-address</i>[<i>:port</i>]<b>/version=1.1</b>
 <dd style="margin-left: 5.0em">Specifies the address and optionally the port to use when connecting to a server running CUPS 1.3.12 and earlier.
-<dt><b>SSLOptions </b>[<i>AllowRC4</i>] [<i>AllowSSL3</i>]
+<dt><b>SSLOptions </b>[<i>AllowDH</i>] [<i>AllowRC4</i>] [<i>AllowSSL3</i>] [<i>DenyTLS1.0</i>]
 <dd style="margin-left: 5.0em"><dt><b>SSLOptions None</b>
 <dd style="margin-left: 5.0em">Sets encryption options (only in /etc/cups/client.conf).
 By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The <i>AllowDH</i> option enables cipher suites using plain Diffie-Hellman key negotiation.
 The <i>AllowRC4</i> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
 The <i>AllowSSL3</i> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
+The <i>DenyTLS1.0</i> option disables TLS v1.0 support - this sets the minimum protocol version to TLS v1.1.
 <dt><b>User </b><i>name</i>
 <dd style="margin-left: 5.0em">Specifies the default user name to use for requests.
 <dt><b>ValidateCerts Yes</b>
@@ -57,7 +59,7 @@ The <b>client.conf</b> file is deprecated and will no longer be supported in a f
 <a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
 CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
 <h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
-Copyright &copy; 2007-2014 by Apple Inc.
+Copyright &copy; 2007-2015 by Apple Inc.
 
 </body>
 </html>
-- 
2.39.2