Fix the no-tls1 option

This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not
possible to do no-tls1_1 or no-tls1_2 in 1.0.2).

Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows
that disabling TLS1.0 should force the disabling of tlsext.

Also a few missing ifdef guards.

GitHub Iusse#935

Reviewed-by: Rich Salz <rsalz@openssl.org>

diff --git a/Configure b/Configure
index 3a772760c8c40674c85e11a50832b00e5d6cf241..695b37d0730af7032b51eb7cb1d611b6359818df 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
        $disabled{"tls1"} = "forced";
        }
 
-if (defined($disabled{"tls1"}))
-       {
-       $disabled{"tlsext"} = "forced";
-       }
-
 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
     || defined($disabled{"dh"}))
        {

diff --git a/apps/srp.c b/apps/srp.c
index c0ff4171cabf8e8db3de81ce4bb498e46d652a21..c75052f38dd454228d4a3c5e2a1fb704062d5d22 100644 (file)
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -765,4 +765,6 @@ int MAIN(int argc, char **argv)
     OPENSSL_EXIT(ret);
 }
 
+#else
+static void *dummy = &dummy;
 #endif

diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 1db84ad5f9aade42a69736f6ee441b1106a1a4b6..890e47685350bbf9c13392281403ba3af07d33d3 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -3141,9 +3141,12 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,
 
 static int do_test_cipherlist(void)
 {
+#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3) || \
+    !defined(OPENSSL_NO_TLS1)
     int i = 0;
     const SSL_METHOD *meth;
     const SSL_CIPHER *ci, *tci = NULL;
+#endif
 
 #ifndef OPENSSL_NO_SSL2
     fprintf(stderr, "testing SSLv2 cipher list order: ");