3cfeb9522b
As a precursor to removing the code entirely later, disable the protocol by default. Callers must use SSL_CTX_set_min_version to enable it. This change also makes SSLv3_method *not* enable SSL 3.0. Normally version-specific methods set the minimum and maximum version to their version. SSLv3_method leaves the minimum at the default, so we will treat it as all versions disabled. To help debugging, the error code is switched from WRONG_SSL_VERSION to a new NO_SUPPORTED_VERSIONS_ENABLED. This also defines OPENSSL_NO_SSL3 and OPENSSL_NO_SSL3_METHOD to kick in any no-ssl3 build paths in consumers which should provide a convenient hook for any upstreaming changes that may be needed. (OPENSSL_NO_SSL3 existed in older versions of OpenSSL, so in principle one may encounter an OpenSSL with the same settings.) Change-Id: I96a8f2f568eb77b2537b3a774b2f7108bd67dd0c Reviewed-on: https://boringssl-review.googlesource.com/14031 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
63 lines
1.9 KiB
C
63 lines
1.9 KiB
C
/* Copyright (c) 2014, Google Inc.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
/* This header is provided in order to make compiling against code that expects
|
|
OpenSSL easier. */
|
|
|
|
#ifndef OPENSSL_HEADER_OPENSSLCONF_H
|
|
#define OPENSSL_HEADER_OPENSSLCONF_H
|
|
|
|
|
|
#define OPENSSL_NO_BF
|
|
#define OPENSSL_NO_BUF_FREELISTS
|
|
#define OPENSSL_NO_CAMELLIA
|
|
#define OPENSSL_NO_CAPIENG
|
|
#define OPENSSL_NO_CAST
|
|
#define OPENSSL_NO_CMS
|
|
#define OPENSSL_NO_COMP
|
|
#define OPENSSL_NO_DANE
|
|
#define OPENSSL_NO_DEPRECATED
|
|
#define OPENSSL_NO_DYNAMIC_ENGINE
|
|
#define OPENSSL_NO_EC_NISTP_64_GCC_128
|
|
#define OPENSSL_NO_EC2M
|
|
#define OPENSSL_NO_ENGINE
|
|
#define OPENSSL_NO_GMP
|
|
#define OPENSSL_NO_GOST
|
|
#define OPENSSL_NO_HEARTBEATS
|
|
#define OPENSSL_NO_HW
|
|
#define OPENSSL_NO_IDEA
|
|
#define OPENSSL_NO_JPAKE
|
|
#define OPENSSL_NO_KRB5
|
|
#define OPENSSL_NO_MD2
|
|
#define OPENSSL_NO_MDC2
|
|
#define OPENSSL_NO_OCB
|
|
#define OPENSSL_NO_OCSP
|
|
#define OPENSSL_NO_RC2
|
|
#define OPENSSL_NO_RC5
|
|
#define OPENSSL_NO_RFC3779
|
|
#define OPENSSL_NO_RIPEMD
|
|
#define OPENSSL_NO_RMD160
|
|
#define OPENSSL_NO_SCTP
|
|
#define OPENSSL_NO_SEED
|
|
#define OPENSSL_NO_SRP
|
|
#define OPENSSL_NO_SSL2
|
|
#define OPENSSL_NO_SSL3
|
|
#define OPENSSL_NO_SSL3_METHOD
|
|
#define OPENSSL_NO_STATIC_ENGINE
|
|
#define OPENSSL_NO_STORE
|
|
#define OPENSSL_NO_WHIRLPOOL
|
|
|
|
|
|
#endif /* OPENSSL_HEADER_OPENSSLCONF_H */
|