Check-in [4729159cce]
Overview
Comment:Moved custom functions from configure.ac to acinclude.m4 file
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | TEA
Files: files | file ages | folders
SHA3-256: 4729159cce35ac512a1d6630cf5468ffeaf3a0e8d7c51d2e250f0f14c6630484
User & Date: bohagan on 2023-05-08 01:01:39
Other Links: branch diff | manifest | tags
Context
2023-05-08
02:17
More configure status and optimized use of AC_ARG_ENABLE to also set missing case vars. check-in: f284d71533 user: bohagan tags: TEA
01:01
Moved custom functions from configure.ac to acinclude.m4 file check-in: 4729159cce user: bohagan tags: TEA
2023-05-07
23:21
Added support for the pkgconfig tool to find package installation locations and added configure output messages check-in: aaea8b2ab0 user: bohagan tags: TEA
Changes
149
150
151
152
153
154
155

























































































156
157
158
159
160
161
162
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"


























































































	if test "${SHARED_BUILD}" != "1"; then
		dnl If we are doing a static build, save the linker flags for other programs to consume
		rm -f tcltls.${AREXT}.linkadd
		AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd
	fi

	dnl If we have been asked to statically link to the SSL library, specifically tell the linker to do so







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || AC_MSG_ERROR([Unable to get OpenSSL Configuration])
	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"


	dnl Disable support for TLS 1.0 protocol
	AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [
		if test "${enableval}" = "no"; then
			AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol])
		fi
	])

	dnl Disable support for TLS 1.1 protocol
	AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [
		if test "${enableval}" = "no"; then
			AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol])
		fi
	])

	dnl Disable support for TLS 1.2 protocol
	AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [
		if test "${enableval}" = "no"; then
			AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol])
		fi
	])

	dnl Disable support for TLS 1.3 protocol
	AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [
		if test "${enableval}" = "no"; then
			AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol])
		fi
	])


	dnl Enable support for building the same library every time
	tcltls_deterministic='false'
	AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [
		if test "$enableval" = "yes"; then
			tcltls_deterministic='true'
		fi
	])
	if test "$tcltls_deterministic" = 'true'; then
		GEN_DH_PARAMS_ARGS='fallback'
	else
		GEN_DH_PARAMS_ARGS=''
	fi

	dnl Enable support for specifying pre-computed DH params size
	AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=<bits>], [specify the size of the built-in, precomputed, DH params]), [
		AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])])
		GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"
	])
	AC_SUBST(GEN_DH_PARAMS_ARGS)


	dnl Determine if we have been asked to use a fast path if possible
	tcltls_ssl_fastpath='no'
	AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [
		if test "$enableval" = 'yes'; then
			tcltls_ssl_fastpath='yes'
		else
			tcltls_ssl_fastpath='no'
		fi
	])

	if test "$tcltls_ssl_fastpath" = 'yes'; then
		AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library])
	fi

	dnl Enable hardening
	AC_MSG_CHECKING([enable hardening])
	tcltls_enable_hardening='yes'
	AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [enable hardening attempts]), [
		tcltls_enable_hardening="$enableval"
	])
	AC_MSG_RESULT([$tcltls_enable_hardening])
	if test "$tcltls_enable_hardening" = 'yes'; then
		if test "$GCC" = 'yes' -o "$CC" = 'clang'; then
			TEA_ADD_CFLAGS([-fstack-protector-all])
			TEA_ADD_CFLAGS([-fno-strict-overflow])
			AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])
		fi
	fi


	dnl Determine if we have been asked to statically link to the SSL library
	TCLEXT_TLS_STATIC_SSL='no'
	AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable statically linking to the specified SSL library]), [
		if test "$enableval" = 'yes'; then
			TCLEXT_TLS_STATIC_SSL='yes'
		fi
	])

	if test "${SHARED_BUILD}" != "1"; then
		dnl If we are doing a static build, save the linker flags for other programs to consume
		rm -f tcltls.${AREXT}.linkadd
		AS_ECHO(["$TCLTLS_SSL_LIBS"]) > tcltls.${AREXT}.linkadd
	fi

	dnl If we have been asked to statically link to the SSL library, specifically tell the linker to do so
Modified configure from [61d7490129] to [0b5bf1bf1b].
642
643
644
645
646
647
648
649
650

651
652
653
654
655
656
657
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"

ac_header_c_list=
ac_subst_vars='LTLIBOBJS
GEN_DH_PARAMS_ARGS
TCLSH_PROG

TCLTLS_SSL_CPPFLAGS
TCLTLS_SSL_CFLAGS
TCLTLS_SSL_LIBS
PKGCONFIG
VC_MANIFEST_EMBED_EXE
VC_MANIFEST_EMBED_DLL
RANLIB_STUB







<

>







642
643
644
645
646
647
648

649
650
651
652
653
654
655
656
657
#endif
#ifdef HAVE_UNISTD_H
# include <unistd.h>
#endif"

ac_header_c_list=
ac_subst_vars='LTLIBOBJS

TCLSH_PROG
GEN_DH_PARAMS_ARGS
TCLTLS_SSL_CPPFLAGS
TCLTLS_SSL_CFLAGS
TCLTLS_SSL_LIBS
PKGCONFIG
VC_MANIFEST_EMBED_EXE
VC_MANIFEST_EMBED_DLL
RANLIB_STUB
783
784
785
786
787
788
789
790
791

792
793
794
795
796
797
798
enable_tls1
enable_tls1_1
enable_tls1_2
enable_tls1_3
enable_deterministic
with_builtin_dh_params_size
enable_ssl_fastpath
enable_static_ssl
enable_hardening

'
      ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
LDFLAGS







<

>







783
784
785
786
787
788
789

790
791
792
793
794
795
796
797
798
enable_tls1
enable_tls1_1
enable_tls1_2
enable_tls1_3
enable_deterministic
with_builtin_dh_params_size
enable_ssl_fastpath

enable_hardening
enable_static_ssl
'
      ac_precious_vars='build_alias
host_alias
target_alias
CC
CFLAGS
LDFLAGS
1431
1432
1433
1434
1435
1436
1437

1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
  --disable-tls1          disable TLS1 protocol
  --disable-tls1_1        disable TLS1.1 protocol
  --disable-tls1_2        disable TLS1.2 protocol
  --disable-tls1_3        disable TLS1.3 protocol
  --enable-deterministic  enable deterministic DH parameters
  --enable-ssl-fastpath   enable using the underlying file descriptor for
                          talking directly to the SSL library

  --enable-static-ssl     enable statically linking to the specified SSL
                          library
  --disable-hardening     disable hardening attempts

Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-tcl              directory containing tcl configuration
                          (tclConfig.sh)
  --with-tcl8             Compile for Tcl8 in Tcl9 environment







>


<







1431
1432
1433
1434
1435
1436
1437
1438
1439
1440

1441
1442
1443
1444
1445
1446
1447
  --disable-tls1          disable TLS1 protocol
  --disable-tls1_1        disable TLS1.1 protocol
  --disable-tls1_2        disable TLS1.2 protocol
  --disable-tls1_3        disable TLS1.3 protocol
  --enable-deterministic  enable deterministic DH parameters
  --enable-ssl-fastpath   enable using the underlying file descriptor for
                          talking directly to the SSL library
  --disable-hardening     disable hardening attempts
  --enable-static-ssl     enable statically linking to the specified SSL
                          library


Optional Packages:
  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
  --with-tcl              directory containing tcl configuration
                          (tclConfig.sh)
  --with-tcl8             Compile for Tcl8 in Tcl9 environment
9005
9006
9007
9008
9009
9010
9011























































































































































9012
9013
9014
9015
9016
9017
9018
	if test -z "$TCLTLS_SSL_CFLAGS"; then
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"
























































































































































	if test "${SHARED_BUILD}" == 0; then
				rm -f tcltls.${AREXT}.linkadd
		printf "%s\n" "$TCLTLS_SSL_LIBS" > tcltls.${AREXT}.linkadd
	fi

		if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>







9005
9006
9007
9008
9009
9010
9011
9012
9013
9014
9015
9016
9017
9018
9019
9020
9021
9022
9023
9024
9025
9026
9027
9028
9029
9030
9031
9032
9033
9034
9035
9036
9037
9038
9039
9040
9041
9042
9043
9044
9045
9046
9047
9048
9049
9050
9051
9052
9053
9054
9055
9056
9057
9058
9059
9060
9061
9062
9063
9064
9065
9066
9067
9068
9069
9070
9071
9072
9073
9074
9075
9076
9077
9078
9079
9080
9081
9082
9083
9084
9085
9086
9087
9088
9089
9090
9091
9092
9093
9094
9095
9096
9097
9098
9099
9100
9101
9102
9103
9104
9105
9106
9107
9108
9109
9110
9111
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
9143
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
	if test -z "$TCLTLS_SSL_CFLAGS"; then
		TCLTLS_SSL_CFLAGS="`"${PKGCONFIG}" openssl --cflags-only-other $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
	fi
	if test -z "$TCLTLS_SSL_CPPFLAGS"; then
		TCLTLS_SSL_CPPFLAGS="`"${PKGCONFIG}" openssl --cflags-only-I $pkgConfigExtraArgs`" || as_fn_error $? "Unable to get OpenSSL Configuration" "$LINENO" 5
	fi
	PKG_CONFIG_PATH="${PKG_CONFIG_PATH_SAVE}"


		# Check whether --enable-tls1 was given.
if test ${enable_tls1+y}
then :
  enableval=$enable_tls1;
		if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1 1" >>confdefs.h

		fi

fi


		# Check whether --enable-tls1_1 was given.
if test ${enable_tls1_1+y}
then :
  enableval=$enable_tls1_1;
		if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h

		fi

fi


		# Check whether --enable-tls1_2 was given.
if test ${enable_tls1_2+y}
then :
  enableval=$enable_tls1_2;
		if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h

		fi

fi


		# Check whether --enable-tls1_3 was given.
if test ${enable_tls1_3+y}
then :
  enableval=$enable_tls1_3;
		if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h

		fi

fi



		tcltls_deterministic='false'
	# Check whether --enable-deterministic was given.
if test ${enable_deterministic+y}
then :
  enableval=$enable_deterministic;
		if test "$enableval" = "yes"; then
			tcltls_deterministic='true'
		fi

fi

	if test "$tcltls_deterministic" = 'true'; then
		GEN_DH_PARAMS_ARGS='fallback'
	else
		GEN_DH_PARAMS_ARGS=''
	fi


# Check whether --with-builtin-dh-params-size was given.
if test ${with_builtin_dh_params_size+y}
then :
  withval=$with_builtin_dh_params_size;
		case $withval in #(
  2048|4096|8192) :
     ;; #(
  *) :
    as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;;
esac
		GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"

fi




		tcltls_ssl_fastpath='no'
	# Check whether --enable-ssl-fastpath was given.
if test ${enable_ssl_fastpath+y}
then :
  enableval=$enable_ssl_fastpath;
		if test "$enableval" = 'yes'; then
			tcltls_ssl_fastpath='yes'
		else
			tcltls_ssl_fastpath='no'
		fi

fi


	if test "$tcltls_ssl_fastpath" = 'yes'; then

printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h

	fi

		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking enable hardening" >&5
printf %s "checking enable hardening... " >&6; }
	tcltls_enable_hardening='yes'
	# Check whether --enable-hardening was given.
if test ${enable_hardening+y}
then :
  enableval=$enable_hardening;
		tcltls_enable_hardening="$enableval"

fi

	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tcltls_enable_hardening" >&5
printf "%s\n" "$tcltls_enable_hardening" >&6; }
	if test "$tcltls_enable_hardening" = 'yes'; then
		if test "$GCC" = 'yes' -o "$CC" = 'clang'; then

    PKG_CFLAGS="$PKG_CFLAGS -fstack-protector-all"



    PKG_CFLAGS="$PKG_CFLAGS -fno-strict-overflow"



printf "%s\n" "#define _FORTIFY_SOURCE 2" >>confdefs.h

		fi
	fi


		TCLEXT_TLS_STATIC_SSL='no'
	# Check whether --enable-static-ssl was given.
if test ${enable_static_ssl+y}
then :
  enableval=$enable_static_ssl;
		if test "$enableval" = 'yes'; then
			TCLEXT_TLS_STATIC_SSL='yes'
		fi

fi


	if test "${SHARED_BUILD}" == 0; then
				rm -f tcltls.${AREXT}.linkadd
		printf "%s\n" "$TCLTLS_SSL_LIBS" > tcltls.${AREXT}.linkadd
	fi

		if test "$TCLEXT_TLS_STATIC_SSL" = 'yes'; then
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
9271
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
9295
9296
9297
9298
9299
9300
9301
9302
9303
9304
9305
9306
9307
9308
9309
9310
9311
9312
9313
9314
9315
9316
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
9375
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
9411
9412
9413
9414
9415
9416
9417
9418
9419
9420
9421
9422
9423
9424
9425
9426
9427
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
#--------------------------------------------------------------------
# Setup a *Config.sh.in configuration file.
#--------------------------------------------------------------------

#TEA_EXPORT_CONFIG([tls])
#AC_SUBST(SAMPLE_VAR)


#--------------------------------------------------------------------
# Custom
#--------------------------------------------------------------------

# Check whether --enable-tls1 was given.
if test ${enable_tls1+y}
then :
  enableval=$enable_tls1;
	if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1 1" >>confdefs.h

	fi

fi


# Check whether --enable-tls1_1 was given.
if test ${enable_tls1_1+y}
then :
  enableval=$enable_tls1_1;
	if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_1 1" >>confdefs.h

	fi

fi


# Check whether --enable-tls1_2 was given.
if test ${enable_tls1_2+y}
then :
  enableval=$enable_tls1_2;
	if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_2 1" >>confdefs.h

	fi

fi


# Check whether --enable-tls1_3 was given.
if test ${enable_tls1_3+y}
then :
  enableval=$enable_tls1_3;
	if test "${enableval}" = "no"; then

printf "%s\n" "#define NO_TLS1_3 1" >>confdefs.h

	fi

fi



tcltls_deterministic='false'
# Check whether --enable-deterministic was given.
if test ${enable_deterministic+y}
then :
  enableval=$enable_deterministic;
	if test "$enableval" = "yes"; then
		tcltls_deterministic='true'
	fi

fi

if test "$tcltls_deterministic" = 'true'; then
	GEN_DH_PARAMS_ARGS='fallback'
else
	GEN_DH_PARAMS_ARGS=''
fi



# Check whether --with-builtin-dh-params-size was given.
if test ${with_builtin_dh_params_size+y}
then :
  withval=$with_builtin_dh_params_size;
	case $withval in #(
  2048|4096|8192) :
     ;; #(
  *) :
    as_fn_error $? "Unsupported DH params size: $withval" "$LINENO" 5 ;;
esac
	GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"

fi




tcltls_ssl_fastpath='no'
# Check whether --enable-ssl-fastpath was given.
if test ${enable_ssl_fastpath+y}
then :
  enableval=$enable_ssl_fastpath;
	if test "$enableval" = 'yes'; then
		tcltls_ssl_fastpath='yes'
	else
		tcltls_ssl_fastpath='no'
	fi

fi


if test "$tcltls_ssl_fastpath" = 'yes'; then

printf "%s\n" "#define TCLTLS_SSL_USE_FASTPATH 1" >>confdefs.h

fi


TCLEXT_TLS_STATIC_SSL='no'
# Check whether --enable-static-ssl was given.
if test ${enable_static_ssl+y}
then :
  enableval=$enable_static_ssl;
	if test "$enableval" = 'yes'; then
		TCLEXT_TLS_STATIC_SSL='yes'
	fi

fi



tcltls_enable_hardening='auto'
# Check whether --enable-hardening was given.
if test ${enable_hardening+y}
then :
  enableval=$enable_hardening;
	tcltls_enable_hardening="$enableval"

fi

if test "$tcltls_enable_hardening" = 'auto'; then
	tcltls_enable_hardening='true'
	if test "$TCLEXT_BUILD" = 'static'; then
		tcltls_enable_hardening='false'
	fi
elif test "$tcltls_enable_hardening" = 'yes'; then
	tcltls_enable_hardening='true'
else
	tcltls_enable_hardening='false'
fi
if test "$tcltls_enable_hardening" = 'true'; then
	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fstack-protector-all" >&5
printf %s "checking whether C compiler accepts -fstack-protector-all... " >&6; }
if test ${ax_cv_check_cflags___fstack_protector_all+y}
then :
  printf %s "(cached) " >&6
else $as_nop

  ax_check_save_flags=$CFLAGS
  CFLAGS="$CFLAGS  -fstack-protector-all"
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

int
main (void)
{

  ;
  return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
  ax_cv_check_cflags___fstack_protector_all=yes
else $as_nop
  ax_cv_check_cflags___fstack_protector_all=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
  CFLAGS=$ax_check_save_flags
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fstack_protector_all" >&5
printf "%s\n" "$ax_cv_check_cflags___fstack_protector_all" >&6; }
if test "x$ax_cv_check_cflags___fstack_protector_all" = xyes
then :
  CFLAGS="$CFLAGS -fstack-protector-all"
else $as_nop
  :
fi

	{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -fno-strict-overflow" >&5
printf %s "checking whether C compiler accepts -fno-strict-overflow... " >&6; }
if test ${ax_cv_check_cflags___fno_strict_overflow+y}
then :
  printf %s "(cached) " >&6
else $as_nop

  ax_check_save_flags=$CFLAGS
  CFLAGS="$CFLAGS  -fno-strict-overflow"
  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h.  */

int
main (void)
{

  ;
  return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"
then :
  ax_cv_check_cflags___fno_strict_overflow=yes
else $as_nop
  ax_cv_check_cflags___fno_strict_overflow=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
  CFLAGS=$ax_check_save_flags
fi
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___fno_strict_overflow" >&5
printf "%s\n" "$ax_cv_check_cflags___fno_strict_overflow" >&6; }
if test "x$ax_cv_check_cflags___fno_strict_overflow" = xyes
then :
  CFLAGS="$CFLAGS -fno-strict-overflow"
else $as_nop
  :
fi


printf "%s\n" "#define _FORTIFY_SOURCE 2" >>confdefs.h

fi


#--------------------------------------------------------------------
# Specify files to substitute AC variables in. You may alternatively
# have a special pkgIndex.tcl.in or other files which require
# substituting the AC variables in. Include these here.
#--------------------------------------------------------------------








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







9398
9399
9400
9401
9402
9403
9404





































































































































































































































9405
9406
9407
9408
9409
9410
9411
#--------------------------------------------------------------------
# Setup a *Config.sh.in configuration file.
#--------------------------------------------------------------------

#TEA_EXPORT_CONFIG([tls])
#AC_SUBST(SAMPLE_VAR)







































































































































































































































#--------------------------------------------------------------------
# Specify files to substitute AC variables in. You may alternatively
# have a special pkgIndex.tcl.in or other files which require
# substituting the AC variables in. Include these here.
#--------------------------------------------------------------------

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
#--------------------------------------------------------------------
# Setup a *Config.sh.in configuration file.
#--------------------------------------------------------------------

#TEA_EXPORT_CONFIG([tls])
#AC_SUBST(SAMPLE_VAR)


#--------------------------------------------------------------------
# Custom
#--------------------------------------------------------------------

dnl Disable support for TLS 1.0 protocol
AC_ARG_ENABLE([tls1], AS_HELP_STRING([--disable-tls1], [disable TLS1 protocol]), [
	if test "${enableval}" = "no"; then
		AC_DEFINE([NO_TLS1], [1], [Disable TLS1 protocol])
	fi
])

dnl Disable support for TLS 1.1 protocol
AC_ARG_ENABLE([tls1_1], AS_HELP_STRING([--disable-tls1_1], [disable TLS1.1 protocol]), [
	if test "${enableval}" = "no"; then
		AC_DEFINE([NO_TLS1_1], [1], [Disable TLS1.1 protocol])
	fi
])

dnl Disable support for TLS 1.2 protocol
AC_ARG_ENABLE([tls1_2], AS_HELP_STRING([--disable-tls1_2], [disable TLS1.2 protocol]), [
	if test "${enableval}" = "no"; then
		AC_DEFINE([NO_TLS1_2], [1], [Disable TLS1.2 protocol])
	fi
])

dnl Disable support for TLS 1.3 protocol
AC_ARG_ENABLE([tls1_3], AS_HELP_STRING([--disable-tls1_3], [disable TLS1.3 protocol]), [
	if test "${enableval}" = "no"; then
		AC_DEFINE([NO_TLS1_3], [1], [Disable TLS1.3 protocol])
	fi
])

dnl Enable support for building the same library every time
tcltls_deterministic='false'
AC_ARG_ENABLE([deterministic], AS_HELP_STRING([--enable-deterministic], [enable deterministic DH parameters]), [
	if test "$enableval" = "yes"; then
		tcltls_deterministic='true'
	fi
])
if test "$tcltls_deterministic" = 'true'; then
	GEN_DH_PARAMS_ARGS='fallback'
else
	GEN_DH_PARAMS_ARGS=''
fi


dnl Enable support for specifying pre-computed DH params size
AC_ARG_WITH([builtin-dh-params-size], AS_HELP_STRING([--with-builtin-dh-params-size=<bits>], [specify the size of the built-in, precomputed, DH params]), [
	AS_CASE([$withval],[2048|4096|8192],,[AC_MSG_ERROR([Unsupported DH params size: $withval])])
	GEN_DH_PARAMS_ARGS="${GEN_DH_PARAMS_ARGS} bits=$withval"
])
AC_SUBST(GEN_DH_PARAMS_ARGS)


dnl Determine if we have been asked to use a fast path if possible
tcltls_ssl_fastpath='no'
AC_ARG_ENABLE([ssl-fastpath], AS_HELP_STRING([--enable-ssl-fastpath], [enable using the underlying file descriptor for talking directly to the SSL library]), [
	if test "$enableval" = 'yes'; then
		tcltls_ssl_fastpath='yes'
	else
		tcltls_ssl_fastpath='no'
	fi
])

if test "$tcltls_ssl_fastpath" = 'yes'; then
	AC_DEFINE(TCLTLS_SSL_USE_FASTPATH, [1], [Define this to enable using the underlying file descriptor for talking directly to the SSL library])
fi


dnl Determine if we have been asked to statically link to the SSL library
TCLEXT_TLS_STATIC_SSL='no'
AC_ARG_ENABLE([static-ssl], AS_HELP_STRING([--enable-static-ssl], [enable statically linking to the specified SSL library]), [
	if test "$enableval" = 'yes'; then
		TCLEXT_TLS_STATIC_SSL='yes'
	fi
])


dnl Enable hardening
tcltls_enable_hardening='auto'
AC_ARG_ENABLE([hardening], AS_HELP_STRING([--disable-hardening], [disable hardening attempts]), [
	tcltls_enable_hardening="$enableval"
])
if test "$tcltls_enable_hardening" = 'auto'; then
	tcltls_enable_hardening='true'
	if test "$TCLEXT_BUILD" = 'static'; then
		tcltls_enable_hardening='false'
	fi
elif test "$tcltls_enable_hardening" = 'yes'; then
	tcltls_enable_hardening='true'
else
	tcltls_enable_hardening='false'
fi
if test "$tcltls_enable_hardening" = 'true'; then
	AX_CHECK_COMPILE_FLAG([-fstack-protector-all], [CFLAGS="$CFLAGS -fstack-protector-all"])
	AX_CHECK_COMPILE_FLAG([-fno-strict-overflow], [CFLAGS="$CFLAGS -fno-strict-overflow"])
	AC_DEFINE([_FORTIFY_SOURCE], [2], [Enable fortification])
fi


#--------------------------------------------------------------------
# Specify files to substitute AC variables in. You may alternatively
# have a special pkgIndex.tcl.in or other files which require
# substituting the AC variables in. Include these here.
#--------------------------------------------------------------------








<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<
<







201
202
203
204
205
206
207




































































































208
209
210
211
212
213
214
#--------------------------------------------------------------------
# Setup a *Config.sh.in configuration file.
#--------------------------------------------------------------------

#TEA_EXPORT_CONFIG([tls])
#AC_SUBST(SAMPLE_VAR)






































































































#--------------------------------------------------------------------
# Specify files to substitute AC variables in. You may alternatively
# have a special pkgIndex.tcl.in or other files which require
# substituting the AC variables in. Include these here.
#--------------------------------------------------------------------