- ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older

  openssl.

git-svn-id: file:///svn/unbound/trunk@2661 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/configure b/configure
index d15dfe158292437353ef2043a0af4ee2625aa5e6..bdfb8e698073de3f957ae3d2276dbb6a26f294f3 100755 (executable)
--- a/configure
+++ b/configure
@@ -1447,7 +1447,7 @@ Optional Features:
                           purposes
   --disable-sha2          Disable SHA256 and SHA512 RRSIG support
   --disable-gost          Disable GOST support
-  --enable-ecdsa          Enable ECDSA support, experimental
+  --disable-ecdsa         Disable ECDSA support
   --enable-static-exe     enable to compile executables statically against
                           event, ldns libs, for debug purposes
   --enable-lock-checks    enable to check lock and unlock calls, for debug
@@ -16622,19 +16622,21 @@ fi
 
 use_ecdsa="no"
 case "$enable_ecdsa" in
-    yes)
+    no)
+      ;;
+    *)
       ac_fn_c_check_func "$LINENO" "ECDSA_sign" "ac_cv_func_ECDSA_sign"
 if test "x$ac_cv_func_ECDSA_sign" = xyes; then :
 
 else
-  as_fn_error $? "OpenSSL does not support ECDSA" "$LINENO" 5
+  as_fn_error $? "OpenSSL does not support ECDSA: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
       ac_fn_c_check_func "$LINENO" "SHA384_Init" "ac_cv_func_SHA384_Init"
 if test "x$ac_cv_func_SHA384_Init" = xyes; then :
 
 else
-  as_fn_error $? "OpenSSL does not support SHA384" "$LINENO" 5
+  as_fn_error $? "OpenSSL does not support SHA384: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
       ac_fn_c_check_decl "$LINENO" "NID_X9_62_prime256v1" "ac_cv_have_decl_NID_X9_62_prime256v1" "$ac_includes_default
@@ -16653,7 +16655,7 @@ _ACEOF
 if test $ac_have_decl = 1; then :
 
 else
-  as_fn_error $? "OpenSSL does not support the ECDSA curves" "$LINENO" 5
+  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 ac_fn_c_check_decl "$LINENO" "NID_secp384r1" "ac_cv_have_decl_NID_secp384r1" "$ac_includes_default
 #include <openssl/evp.h>
@@ -16671,7 +16673,7 @@ _ACEOF
 if test $ac_have_decl = 1; then :
 
 else
-  as_fn_error $? "OpenSSL does not support the ECDSA curves" "$LINENO" 5
+  as_fn_error $? "OpenSSL does not support the ECDSA curves: please upgrade or rerun with --disable-ecdsa" "$LINENO" 5
 fi
 
       # see if OPENSSL 1.0.0 or later (has EVP MD and Verify independency)
@@ -16697,10 +16699,6 @@ _ACEOF
 
       use_ecdsa="yes"
       ;;
-    no)
-      ;;
-    *)
-      ;;
 esac
 
 # check for libevent

diff --git a/configure.ac b/configure.ac
index 65729b6bf3299747361ef756875e4baea1c27bb5..b87feefd967be2f30854e5b51d39c9f932cae729 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -660,7 +660,7 @@ case "$enable_gost" in
        ;;
 esac
 
-AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--enable-ecdsa], [Enable ECDSA support]))
+AC_ARG_ENABLE(ecdsa, AC_HELP_STRING([--disable-ecdsa], [Disable ECDSA support]))
 use_ecdsa="no"
 case "$enable_ecdsa" in
     no)

diff --git a/doc/Changelog b/doc/Changelog
index a18b371a51c9dbd577317c78b24b35c82a10ec76..2815ab0107fdddf91cadf96aca9226cec9842a69 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+13 April 2012: Wouter
+       - ECDSA support (RFC 6605) by default. Use --disable-ecdsa for older
+         openssl.
+
 10 April 2012: Wouter
        - Applied patch from Daisuke HIGASHI for rrset-roundrobin and
          minimal-responses features.