projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| b1ab9ed8 | 1 | /* |
| d8f41ccd | 2 | * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved. |
| b1ab9ed8 A |
3 | * |
| 4 | * @APPLE_LICENSE_HEADER_START@ | |
| d8f41ccd | 5 | * |
| b1ab9ed8 A |
6 | * This file contains Original Code and/or Modifications of Original Code |
| 7 | * as defined in and that are subject to the Apple Public Source License | |
| 8 | * Version 2.0 (the 'License'). You may not use this file except in | |
| 9 | * compliance with the License. Please obtain a copy of the License at | |
| 10 | * http://www.opensource.apple.com/apsl/ and read it before using this | |
| 11 | * file. | |
| d8f41ccd | 12 | * |
| b1ab9ed8 A |
13 | * The Original Code and all software distributed under the License are |
| 14 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
| 15 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, | |
| 16 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
| 17 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. | |
| 18 | * Please see the License for the specific language governing rights and | |
| 19 | * limitations under the License. | |
| d8f41ccd | 20 | * |
| b1ab9ed8 A |
21 | * @APPLE_LICENSE_HEADER_END@ |
| 22 | */ | |
| 23 | ||
| 24 | /* | |
| 25 | * sslBuildFlags.h - Common build flags | |
| 26 | */ | |
| 27 | ||
| 28 | #ifndef _SSL_BUILD_FLAGS_H_ | |
| 29 | #define _SSL_BUILD_FLAGS_H_ 1 | |
| 30 | ||
| 31 | #if defined(__cplusplus) | |
| 32 | extern "C" { | |
| 33 | #endif | |
| 34 | ||
| 866f8763 A |
35 | /* |
| 36 | * Implementation-specific functionality. | |
| 37 | */ | |
| 38 | #if 1 | |
| 39 | #undef USE_CDSA_CRYPTO /* use corecrypto, instead of CDSA */ | |
| 40 | #undef USE_SSLCERTIFICATE /* use CF-based certs, not structs */ | |
| 41 | #endif | |
| 42 | ||
| b1ab9ed8 A |
43 | /* |
| 44 | * Work around the Netscape Server Key Exchange bug. When this is | |
| 45 | * true, only do server key exchange if both of the following are | |
| 46 | * true: | |
| 47 | * | |
| 48 | * -- an export-grade ciphersuite has been negotiated, and | |
| 49 | * -- an encryptPrivKey is present in the context | |
| 50 | */ | |
| 51 | #define SSL_SERVER_KEYEXCH_HACK 0 | |
| 52 | ||
| 53 | /* | |
| 54 | * RSA functions which use a public key to do encryption force | |
| 55 | * the proper usage bit because the CL always gives us | |
| 56 | * a pub key (from a cert) with only the verify bit set. | |
| 57 | * This needs a mod to the CL to do the right thing, and that | |
| 58 | * might not be enough - what if server certs don't have the | |
| 59 | * appropriate usage bits? | |
| 60 | */ | |
| 61 | #define RSA_PUB_KEY_USAGE_HACK 1 | |
| 62 | ||
| 63 | /* debugging flags */ | |
| 64 | #ifdef NDEBUG | |
| 65 | #define SSL_DEBUG 0 | |
| 66 | #define ERROR_LOG_ENABLE 0 | |
| 67 | #else | |
| 68 | #define SSL_DEBUG 1 | |
| 69 | #define ERROR_LOG_ENABLE 1 | |
| 70 | #endif /* NDEBUG */ | |
| 71 | ||
| 72 | /* | |
| 73 | * Server-side PAC-based EAP support currently enabled only for debug builds. | |
| 74 | */ | |
| 75 | #ifdef NDEBUG | |
| 76 | #define SSL_PAC_SERVER_ENABLE 0 | |
| 77 | #else | |
| 78 | #define SSL_PAC_SERVER_ENABLE 1 | |
| 79 | #endif | |
| 80 | ||
| 81 | #define ENABLE_SSLV2 0 | |
| 82 | ||
| 83 | /* Experimental */ | |
| 84 | #define ENABLE_DTLS 1 | |
| 85 | ||
| 866f8763 A |
86 | #define ENABLE_3DES 1 /* normally enabled */ |
| 87 | #define ENABLE_RC4 1 /* normally enabled */ | |
| 88 | #define ENABLE_DES 0 /* normally disabled */ | |
| 89 | #define ENABLE_RC2 0 /* normally disabled */ | |
| 90 | #define ENABLE_AES 1 /* normally enabled, our first preference */ | |
| 91 | #define ENABLE_AES256 1 /* normally enabled */ | |
| 92 | #define ENABLE_ECDHE 1 | |
| 93 | #define ENABLE_ECDHE_RSA 1 | |
| 94 | #define ENABLE_ECDH 1 | |
| 95 | #define ENABLE_ECDH_RSA 1 | |
| b1ab9ed8 A |
96 | |
| 97 | #if defined(__cplusplus) | |
| 98 | } | |
| 99 | #endif | |
| 100 | ||
| 101 | #endif /* _SSL_BUILD_FLAGS_H_ */ |