From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Tue, 8 Jun 2021 21:45:38 +0000 (-0500)
Subject: Enable ssl-trace by default
X-Git-Tag: openssl-3.0.0-beta1~109
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=726f92e016bac53175ed5d5321bce1ddf6b207d6;p=thirdparty%2Fopenssl.git

Enable ssl-trace by default

There doesn't appear to be a good reason to omit protocol message tracing by default.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15665)
---

diff --git a/Configure b/Configure
index f6951bbb188..c6e85b3e48a 100755
--- a/Configure
+++ b/Configure
@@ -548,7 +548,6 @@ our %disabled = ( # "what"         => "comment"
                   "msan"                => "default",
                   "rc5"                 => "default",
                   "sctp"                => "default",
-                  "ssl-trace"           => "default",
                   "ssl3"                => "default",
                   "ssl3-method"         => "default",
                   "trace"               => "default",
@@ -575,7 +574,7 @@ my @disable_cascades = (
                              "rc2", "rc4", "rmd160",
                              "seed", "siphash", "siv",
                              "sm3", "sm4", "srp",
-                             "srtp", "ssl3-method",
+                             "srtp", "ssl3-method", "ssl-trace",
                              "ts", "ui-console", "whirlpool",
                              "fips-securitychecks" ],
     sub { $config{processor} eq "386" }
diff --git a/INSTALL.md b/INSTALL.md
index 1855dcd1287..202a66885e4 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -850,11 +850,14 @@ disengage SSE2 code paths upon application start-up, but if you aim for wider
 "audience" running such kernel, consider `no-sse2`.  Both the `386` and `no-asm`
 options imply `no-sse2`.
 
-### enable-ssl-trace
+### no-ssl-trace
 
-Build with the SSL Trace capabilities.
+Don't build with SSL Trace capabilities.
 
-This adds the `-trace` option to `s_client` and `s_server`.
+This removes the `-trace` option from `s_client` and `s_server`, and omits the
+`SSL_trace()` function from libssl.
+
+Disabling `ssl-trace` may provide a small reduction in libssl binary size.
 
 ### no-static-engine
 
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 985ca4125dd..144e367d4ec 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -460,8 +460,7 @@ Show all protocol messages with hex dump.
 
 =item B<-trace>
 
-Show verbose trace output of protocol messages. OpenSSL needs to be compiled
-with B<enable-ssl-trace> for this option to work.
+Show verbose trace output of protocol messages.
 
 =item B<-msgfile> I<filename>
 
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
index 27522fc04be..97852ae7bff 100644
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@@ -536,8 +536,7 @@ Configure SSL_CTX using the given configuration value.
 
 =item B<-trace>
 
-Show verbose trace output of protocol messages. OpenSSL needs to be compiled
-with B<enable-ssl-trace> for this option to work.
+Show verbose trace output of protocol messages.
 
 =item B<-brief>