SSL3.0 support: $ac_enable_ssl3
SSL2.0 client hello: $ac_enable_ssl2
+ Allow SHA1 sign: $ac_allow_sha1
DTLS-SRTP support: $ac_enable_srtp
ALPN support: $ac_enable_alpn
OCSP support: $ac_enable_ocsp
#define MAC_OID_SHA384 "1.2.840.113549.2.10"
#define MAC_OID_SHA512 "1.2.840.113549.2.11"
+#ifdef ALLOW_SHA1
+# define SHA1_SECURE_VAL 1
+#else
+# define SHA1_SECURE_VAL 0
+#endif
+
static const mac_entry_st hash_algorithms[] = {
- {"SHA1", HASH_OID_SHA1, MAC_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, 0, 64},
+ {"SHA1", HASH_OID_SHA1, MAC_OID_SHA1, GNUTLS_MAC_SHA1, 20, 20, 0, 0, SHA1_SECURE_VAL, 64},
{"MD5", HASH_OID_MD5, NULL, GNUTLS_MAC_MD5, 16, 16, 0, 0, 0, 64},
{"MD5+SHA1", NULL, NULL, GNUTLS_MAC_MD5_SHA1, 36, 36, 0, 0, 0, 64},
{"SHA256", HASH_OID_SHA256, MAC_OID_SHA256, GNUTLS_MAC_SHA256, 32, 32, 0, 0, 1,
AC_MSG_WARN([C99 macros not supported. This may affect compiling.])
])
+ ac_allow_sha1=no
+ AC_MSG_CHECKING([whether to allow SHA1 as an acceptable hash for digital signatures])
+ AC_ARG_ENABLE(sha1-support,
+ AS_HELP_STRING([--enable-sha1-support],
+ [allow SHA1 as an acceptable hash for digital signatures]),
+ ac_allow_sha1=$enableval)
+ if test x$ac_allow_sha1 != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ALLOW_SHA1], 1, [allow SHA1 as an acceptable hash for digital signatures])
+ else
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ALLOW_SHA1, test "$ac_allow_sha1" != "no")
+
ac_enable_ssl3=yes
AC_MSG_CHECKING([whether to disable the SSL 3.0 protocol])
AC_ARG_ENABLE(ssl3-support,
projects / thirdparty / gnutls.git / commitdiff
