build: disable TLS heartbeat extension by default

The heartbeat extension in TLS (RFC 6520) is not widely used given
other implementations dropped support for it. This makes it disabled
by default, though the users are able to enable it back with the
--enable-heartbeat-support configure option.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

diff --git a/NEWS b/NEWS
index b769566ba3ee575a655f0454cd6c8ecacf53c849..cc5a064843732cd4b89f9ea67a74169005fe3a7f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,12 @@ and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
 
+** libgnutls: TLS heartbeat is disabled by default.
+   The heartbeat extension in TLS (RFC 6520) is not widely used given
+   other implementations dropped support for it. To enable back
+   support for it, supply --enable-heartbeat-support to configure
+   script.
+
 ** minitasn1: Upgraded to libtasn1 version 4.19.
 
 ** API and ABI modifications:

diff --git a/m4/hooks.m4 b/m4/hooks.m4
index f3cdaa858668deaddfee6ecb4f1dbeb7cd80bb60..10e23afc547ccc78c05bafa31ef33bed90e0737a 100644 (file)
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -232,11 +232,11 @@ LIBTASN1_MINIMUM=4.9
   fi
   AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no")
 
-  ac_enable_heartbeat=yes
+  ac_enable_heartbeat=no
   AC_MSG_CHECKING([whether to enable TLS heartbeat support])
   AC_ARG_ENABLE(heartbeat-support,
-    AS_HELP_STRING([--disable-heartbeat-support],
-                   [disable support for the heartbeat extension]),
+    AS_HELP_STRING([--enable-heartbeat-support],
+                   [enable support for the heartbeat extension]),
     ac_enable_heartbeat=$enableval)
   if test x$ac_enable_heartbeat != xno; then
    AC_MSG_RESULT(yes)