From 6bc62a620e715f7580651ca932eab052aa527886 Mon Sep 17 00:00:00 2001 From: "Dr. Matthias St. Pierre" Date: Wed, 13 Mar 2019 23:16:29 +0100 Subject: [PATCH] Configure: disable new trace api by default Fixes #8472 Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/8474) --- CHANGES | 11 ++++++++--- Configure | 1 + INSTALL | 4 ++++ doc/man3/OSSL_trace_enabled.pod | 9 +++++---- doc/man3/OSSL_trace_set_channel.pod | 7 ++++--- 5 files changed, 22 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index d977c76656..0f7b77a45b 100644 --- a/CHANGES +++ b/CHANGES @@ -9,9 +9,14 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] - *) Added support for enabling instrumentation through trace output. - This is left to application control, by allowing it to register BIOs as - channels for a number of tracing and debugging categories. + *) Added a new generic trace API which provides support for enabling + instrumentation through trace output. This feature is mainly intended + as an aid for developers and is disabled by default. To utilize it, + OpenSSL needs to be configured with the `enable-trace` option. + + If the tracing API is enabled, the application can activate trace output + by registering BIOs as trace channels for a number of tracing and debugging + categories. The 'openssl' application has been expanded to enable any of the types available via environment variables defined by the user, and serves as diff --git a/Configure b/Configure index 8818d589e7..6b533f4611 100755 --- a/Configure +++ b/Configure @@ -464,6 +464,7 @@ our %disabled = ( # "what" => "comment" "ssl-trace" => "default", "ssl3" => "default", "ssl3-method" => "default", + "trace" => "default", "ubsan" => "default", "unit-test" => "default", "weak-ssl-ciphers" => "default", diff --git a/INSTALL b/INSTALL index d8c5dc5925..cffa241a7b 100644 --- a/INSTALL +++ b/INSTALL @@ -523,6 +523,10 @@ require additional system-dependent options! See "Note on multi-threading" below. + enable-trace + Build with support for the integrated tracing api. See manual pages + OSSL_trace_set_channel(3) and OSSL_trace_enabled(3) for details. + no-ts Don't build Time Stamping Authority support. diff --git a/doc/man3/OSSL_trace_enabled.pod b/doc/man3/OSSL_trace_enabled.pod index ecb88ab0ab..db3f99c89b 100644 --- a/doc/man3/OSSL_trace_enabled.pod +++ b/doc/man3/OSSL_trace_enabled.pod @@ -20,7 +20,7 @@ The functions described here are mainly interesting for those who provide OpenSSL functionality, either in OpenSSL itself or in engine modules or similar. -If operational (see L below), these functions are used to +If tracing is enabled (see L below), these functions are used to generate free text tracing output. The tracing output is divided into types which are enabled @@ -110,10 +110,11 @@ OSSL_trace_enabled() before generating any output, for example: OSSL_trace_end(OSSL_TRACE_CATEGORY_TLS, trace); } -=head2 Tracing disabled +=head2 Configure Tracing -The OpenSSL library may be built with tracing disabled, which makes -everything documented here inoperational. +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option. When the library is built with tracing disabled: diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 6981dbc2c7..fb680a52a7 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -261,10 +261,11 @@ The output is almost the same as for the simple example above. =head1 NOTES -=head2 Tracing disabled +=head2 Configure Tracing -The OpenSSL library may be built with tracing disabled, which makes -everything documented here inoperational. +By default, the OpenSSL library is built with tracing disabled. To +use the tracing functionality documented here, it is therefore +necessary to configure and build OpenSSL with the 'enable-trace' option. When the library is built with tracing disabled, the macro C is defined in C and all -- 2.25.1