(note that included applications might not compile properly
if features are disabled)
- SSL3 support: $ac_enable_ssl3
+ SSL3.0 support: $ac_enable_ssl3
+ SSL2.0 client hello: $ac_enable_ssl2
DTLS-SRTP support: $ac_enable_srtp
ALPN support: $ac_enable_alpn
OCSP support: $ac_enable_ocsp
dataptr = _mbuffer_get_udata_ptr(bufel);
/* if reading a client hello of SSLv2 */
+#ifdef ENABLE_SSL2
if (unlikely
(!IS_DTLS(session)
&& bufel->htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)) {
hsk->sequence = 0;
hsk->start_offset = 0;
hsk->end_offset = hsk->length;
- } else { /* TLS or DTLS handshake headers */
+ } else
+#endif
+ { /* TLS or DTLS handshake headers */
hsk->htype = dataptr[0];
gnutls_handshake_description_t recvd)
{
if ((expected != GNUTLS_HANDSHAKE_CLIENT_HELLO
- || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
+#ifdef ENABLE_SSL2
+ || recvd != GNUTLS_HANDSHAKE_CLIENT_HELLO_V2
+#endif
+ )
&& (expected != recvd))
return 0;
case GNUTLS_HANDSHAKE_CLIENT_HELLO:
return "CLIENT HELLO";
break;
+#ifdef ENABLE_SSL2
case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
return "SSL2 CLIENT HELLO";
break;
+#endif
case GNUTLS_HANDSHAKE_SERVER_HELLO:
return "SERVER HELLO";
break;
case GNUTLS_HANDSHAKE_CLIENT_HELLO_V2:
case GNUTLS_HANDSHAKE_CLIENT_HELLO:
case GNUTLS_HANDSHAKE_SERVER_HELLO:
+#ifdef ENABLE_SSL2
if (hsk.htype == GNUTLS_HANDSHAKE_CLIENT_HELLO_V2)
ret =
_gnutls_read_client_hello_v2(session,
hsk.data.data,
hsk.data.length);
else
+#endif
ret =
recv_hello(session, hsk.data.data,
hsk.data.length);
uint16_t packet_size; /* header_size + length */
content_type_t type;
uint16_t epoch; /* valid in DTLS only */
+#ifdef ENABLE_SSL2
unsigned v2:1; /* whether an SSLv2 client hello */
+#endif
/* the data */
};
* version 2 message
*/
+#ifdef ENABLE_SSL2
if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
&& type == GNUTLS_HANDSHAKE && headers[0] > 127
&& !(IS_DTLS(session))) {
session, _gnutls_packet2str(record->type),
record->length);
- } else {
+ } else
+#endif
+ {
/* dtls version 1.0 and TLS version 1.x */
+#ifdef ENABLE_SSL2
record->v2 = 0;
+#endif
record->type = headers[0];
record->version[0] = headers[1];
goto begin;
}
+#ifdef ENABLE_SSL2
if (record.v2) {
decrypted->htype = GNUTLS_HANDSHAKE_CLIENT_HELLO_V2;
- } else {
+ } else
+#endif
+ {
uint8_t *p = _mbuffer_get_udata_ptr(decrypted);
decrypted->htype = p[0];
}
#include "sslv2_compat.h"
#include "constate.h"
+#ifdef ENABLE_SSL2
/* This selects the best supported ciphersuite from the ones provided */
static int
_gnutls_handshake_select_v2_suite(gnutls_session_t session,
return sret;
}
+#endif
fi
AM_CONDITIONAL(ENABLE_SSL3, test "$ac_enable_ssl3" != "no")
+ ac_enable_ssl2=yes
+ AC_MSG_CHECKING([whether to disable the SSL 2.0 client hello])
+ AC_ARG_ENABLE(ssl2-support,
+ AS_HELP_STRING([--disable-ssl2-support],
+ [disable support for the SSL 2.0 client hello]),
+ ac_enable_ssl2=$enableval)
+ if test x$ac_enable_ssl2 != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_SSL2], 1, [enable SSL2.0 support for client hello])
+ else
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ENABLE_SSL3, test "$ac_enable_ssl2" != "no")
+
ac_enable_srtp=yes
AC_MSG_CHECKING([whether to disable DTLS-SRTP extension])
AC_ARG_ENABLE(dtls-srtp-support,
projects / thirdparty / gnutls.git / commitdiff
