Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add configurations "enable-capieng" (use Windows Certificate Store) and "no-weak-ssl-ciphers" (disable RC4 support) |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | openssl-1.1 |
Files: | files | file ages | folders |
SHA3-256: |
b5a11142ee080ccf2cf6025890916ad8 |
User & Date: | jan.nijtmans 2018-08-24 08:25:41 |
Context
2018-08-24
| ||
08:29 | Merge trunk. Undo unintended changes in previous commit check-in: 5583448c user: jan.nijtmans tags: openssl-1.1 | |
08:25 | Add configurations "enable-capieng" (use Windows Certificate Store) and "no-weak-ssl-ciphers" (disable RC4 support) check-in: b5a11142 user: jan.nijtmans tags: openssl-1.1 | |
2018-08-23
| ||
15:14 | Merge trunk. Update to Beta 7 of OpenSSL 1.1.1 (pre release 9, with TLS 1.3 support !!!) check-in: cbdbc0a0 user: jan.nijtmans tags: openssl-1.1 | |
Changes
Changes to src/makemake.tcl.
693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 .... 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 .... 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 .... 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 |
ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support # for SSLv3 (i.e. thereby forcing the use of TLS). # SSLCONFIG += no-ssl3 no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib endif ................................................................................ SSLLIBDIR = $(SSLDIR)\out32 !endif SSLLFLAGS = /nologo /opt:ref /debug SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib !if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" !message Using 'x64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64A no-asm no-ssl3 SSLCONFIG = VC-WIN64A no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64a.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !elseif "$(PLATFORM)"=="ia64" !message Using 'ia64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64I no-asm no-ssl3 SSLCONFIG = VC-WIN64I no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64i.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !else !message Assuming 'x86' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN32 no-asm no-ssl3 SSLCONFIG = VC-WIN32 no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_ms.bat |
| | | | |
693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 .... 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 .... 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 .... 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 |
ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support # for SSLv3 (i.e. thereby forcing the use of TLS). # SSLCONFIG += no-ssl3 enable-capieng no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib endif ................................................................................ SSLLIBDIR = $(SSLDIR)\out32 !endif SSLLFLAGS = /nologo /opt:ref /debug SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib !if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" !message Using 'x64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64A no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN64A no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64a.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !elseif "$(PLATFORM)"=="ia64" !message Using 'ia64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64I no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN64I no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64i.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !else !message Assuming 'x86' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN32 no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN32 no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_ms.bat |
Changes to win/Makefile.mingw.
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
ZLIBCONFIG =
ZLIBTARGETS =
endif
#### Disable creation of the OpenSSL shared libraries. Also, disable support
# for SSLv3 (i.e. thereby forcing the use of TLS).
#
SSLCONFIG += no-ssl3 no-shared
#### When using zlib, make sure that OpenSSL is configured to use the zlib
# that Fossil knows about (i.e. the one within the source tree).
#
ifndef FOSSIL_ENABLE_MINIZ
SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib
endif
#### The directories where the OpenSSL include and library files are located.
# The recommended usage here is to use the Sysinternals junction tool
# to create a hard link between an "openssl-1.x" sub-directory of the
# Fossil source code directory and the target OpenSSL source directory.
#
OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.1.1-pre8
OPENSSLINCDIR = $(OPENSSLDIR)/include
OPENSSLLIBDIR = $(OPENSSLDIR)
#### Either the directory where the Tcl library is installed or the Tcl
# source code directory resides (depending on the value of the macro
# FOSSIL_TCL_SOURCE). If this points to the Tcl install directory,
# this directory must have "include" and "lib" sub-directories. If
|
| | |
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support # for SSLv3 (i.e. thereby forcing the use of TLS). # SSLCONFIG += no-ssl3 enable-capieng no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib endif #### The directories where the OpenSSL include and library files are located. # The recommended usage here is to use the Sysinternals junction tool # to create a hard link between an "openssl-1.x" sub-directory of the # Fossil source code directory and the target OpenSSL source directory. # OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.1.1-pre9 OPENSSLINCDIR = $(OPENSSLDIR)/include OPENSSLLIBDIR = $(OPENSSLDIR) #### Either the directory where the Tcl library is installed or the Tcl # source code directory resides (depending on the value of the macro # FOSSIL_TCL_SOURCE). If this points to the Tcl install directory, # this directory must have "include" and "lib" sub-directories. If |
Changes to win/Makefile.mingw.mistachkin.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 .. 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 ... 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# USE_WINDOWS=1 if building under a windows command prompt # X64=1 if using an unprefixed 64-bit mingw compiler # #### Select one of MinGW, MinGW-w64 (32-bit) or MinGW-w64 (64-bit) compilers. # By default, this is an empty string (i.e. use the native compiler). # PREFIX = # PREFIX = mingw32- # PREFIX = i686-pc-mingw32- # PREFIX = i686-w64-mingw32- # PREFIX = x86_64-w64-mingw32- #### The toplevel directory of the source tree. Fossil can be built # in a directory that is separate from the source tree. Just change # the following to point from the build directory to the src/ folder. # SRCDIR = src ................................................................................ #### Enable HTTPS support via OpenSSL (links to libssl and libcrypto) # FOSSIL_ENABLE_SSL = 1 #### Automatically build OpenSSL when building Fossil (causes rebuild # issues when building incrementally). # # FOSSIL_BUILD_SSL = 1 #### Enable relative paths in external diff/gdiff # # FOSSIL_ENABLE_EXEC_REL_PATHS = 1 #### Enable legacy treatment of mv/rm (skip checkout files) # FOSSIL_ENABLE_LEGACY_MV_RM = 1 #### Enable TH1 scripts in embedded documentation files # ................................................................................ ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support # for SSLv3 (i.e. thereby forcing the use of TLS). # SSLCONFIG += no-ssl3 no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib endif |
| | | | | |
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 .. 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 ... 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# USE_WINDOWS=1 if building under a windows command prompt # X64=1 if using an unprefixed 64-bit mingw compiler # #### Select one of MinGW, MinGW-w64 (32-bit) or MinGW-w64 (64-bit) compilers. # By default, this is an empty string (i.e. use the native compiler). # # PREFIX = # PREFIX = mingw32- # PREFIX = i686-pc-mingw32- PREFIX = i686-w64-mingw32- # PREFIX = x86_64-w64-mingw32- #### The toplevel directory of the source tree. Fossil can be built # in a directory that is separate from the source tree. Just change # the following to point from the build directory to the src/ folder. # SRCDIR = src ................................................................................ #### Enable HTTPS support via OpenSSL (links to libssl and libcrypto) # FOSSIL_ENABLE_SSL = 1 #### Automatically build OpenSSL when building Fossil (causes rebuild # issues when building incrementally). # FOSSIL_BUILD_SSL = 1 #### Enable relative paths in external diff/gdiff # FOSSIL_ENABLE_EXEC_REL_PATHS = 1 #### Enable legacy treatment of mv/rm (skip checkout files) # FOSSIL_ENABLE_LEGACY_MV_RM = 1 #### Enable TH1 scripts in embedded documentation files # ................................................................................ ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support # for SSLv3 (i.e. thereby forcing the use of TLS). # SSLCONFIG += no-ssl3 enable-capieng no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ SSLCONFIG += --with-zlib-lib=$(PWD)/$(ZLIBDIR) --with-zlib-include=$(PWD)/$(ZLIBDIR) zlib endif |
Changes to win/Makefile.msc.
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 ... 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 ... 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
# Enable support for the SQLite Encryption Extension? !ifndef USE_SEE USE_SEE = 0 !endif !if $(FOSSIL_ENABLE_SSL)!=0 SSLDIR = $(B)\compat\openssl-1.1.1-pre8 SSLINCDIR = $(SSLDIR)\inc32 !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLLIBDIR = $(SSLDIR)\out32dll !else SSLLIBDIR = $(SSLDIR)\out32 !endif SSLLFLAGS = /nologo /opt:ref /debug SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib !if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" !message Using 'x64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64A no-asm no-ssl3 SSLCONFIG = VC-WIN64A no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64a.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !elseif "$(PLATFORM)"=="ia64" !message Using 'ia64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64I no-asm no-ssl3 SSLCONFIG = VC-WIN64I no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64i.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !else !message Assuming 'x86' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN32 no-asm no-ssl3 SSLCONFIG = VC-WIN32 no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_ms.bat |
| | | | |
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 ... 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 ... 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 |
# Enable support for the SQLite Encryption Extension? !ifndef USE_SEE USE_SEE = 0 !endif !if $(FOSSIL_ENABLE_SSL)!=0 SSLDIR = $(B)\compat\openssl-1.1.1-pre9 SSLINCDIR = $(SSLDIR)\inc32 !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLLIBDIR = $(SSLDIR)\out32dll !else SSLLIBDIR = $(SSLDIR)\out32 !endif SSLLFLAGS = /nologo /opt:ref /debug SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib !if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" !message Using 'x64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64A no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN64A no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64a.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !elseif "$(PLATFORM)"=="ia64" !message Using 'ia64' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN64I no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN64I no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_win64i.bat ................................................................................ # BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. !if $(FOSSIL_DYNAMIC_BUILD)==0 SSLCFLAGS = -DOPENSSL_NO_SSL3 !endif !else !message Assuming 'x86' platform for OpenSSL... # BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. # SSLCONFIG = VC-WIN32 no-asm no-ssl3 enable-capieng no-weak-ssl-ciphers SSLCONFIG = VC-WIN32 no-asm !if $(FOSSIL_DYNAMIC_BUILD)!=0 SSLCONFIG = $(SSLCONFIG) shared !else SSLCONFIG = $(SSLCONFIG) no-shared !endif SSLSETUP = ms\do_ms.bat |