From 39aa894035f9e3b58e04ce1a2b598e496e1f6bd6 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Sat, 10 Aug 2013 15:40:26 +0200 Subject: [PATCH] build: disable SSLv2 by default No one in this day and age should be using SSLv2 so disable it by default. You can re-enable it with `./configure --with-sslv2` but there really should be no reason for that. --- configure | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/configure b/configure index b18901e849..9c8343428e 100755 --- a/configure +++ b/configure @@ -54,11 +54,6 @@ parser.add_option('--no-ifaddrs', dest='no_ifaddrs', help='use on deprecated SunOS systems that do not support ifaddrs.h') -parser.add_option('--no-ssl2', - action='store_true', - dest='no_ssl2', - help='disable OpenSSL v2') - # deprecated parser.add_option('--openssl-includes', action='store', @@ -230,6 +225,11 @@ parser.add_option('--with-perfctr', dest='with_perfctr', help='build with performance counters (default is true on Windows)') +parser.add_option('--with-sslv2', + action='store_true', + dest='with_sslv2', + help='enable SSL v2') + parser.add_option('--without-dtrace', action='store_true', dest='without_dtrace', @@ -588,7 +588,9 @@ def configure_openssl(o): if options.without_ssl: return - if options.no_ssl2: + # OpenSSL uses `#ifndef OPENSSL_NO_SSL2` checks so only define the + # macro when we want to _disable_ SSL2. + if not options.with_sslv2: o['defines'] += ['OPENSSL_NO_SSL2=1'] if options.shared_openssl: