From 847fe929108da550b506594f52fa1875ea815723 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 26 Aug 2016 13:11:17 +0100 Subject: [PATCH] Fix the no-tls1 option This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not possible to do no-tls1_1 or no-tls1_2 in 1.0.2). Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows that disabling TLS1.0 should force the disabling of tlsext. Also a few missing ifdef guards. GitHub Iusse#935 Reviewed-by: Rich Salz --- Configure | 5 ----- apps/srp.c | 2 ++ ssl/ssltest.c | 3 +++ 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index 3a772760c8..695b37d073 100755 --- a/Configure +++ b/Configure @@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) $disabled{"tls1"} = "forced"; } -if (defined($disabled{"tls1"})) - { - $disabled{"tlsext"} = "forced"; - } - if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) || defined($disabled{"dh"})) { diff --git a/apps/srp.c b/apps/srp.c index c0ff4171ca..c75052f38d 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -765,4 +765,6 @@ int MAIN(int argc, char **argv) OPENSSL_EXIT(ret); } +#else +static void *dummy = &dummy; #endif diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 1db84ad5f9..890e476853 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -3141,9 +3141,12 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, static int do_test_cipherlist(void) { +#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3) || \ + !defined(OPENSSL_NO_TLS1) int i = 0; const SSL_METHOD *meth; const SSL_CIPHER *ci, *tci = NULL; +#endif #ifndef OPENSSL_NO_SSL2 fprintf(stderr, "testing SSLv2 cipher list order: "); -- 2.25.1