[apple/security.git] / OSX / libsecurity_ssl / lib / sslBuildFlags.h

/*
 * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*
 * sslBuildFlags.h - Common build flags
 */

#ifndef	_SSL_BUILD_FLAGS_H_
#define _SSL_BUILD_FLAGS_H_				1

#if defined(__cplusplus)
extern "C" {
#endif

/*
 * Work around the Netscape Server Key Exchange bug. When this is
 * true, only do server key exchange if both of the following are
 * true:
 *
 *   -- an export-grade ciphersuite has been negotiated, and
 *   -- an encryptPrivKey is present in the context
 */
#define SSL_SERVER_KEYEXCH_HACK		0

/*
 * RSA functions which use a public key to do encryption force
 * the proper usage bit because the CL always gives us
 * a pub key (from a cert) with only the verify bit set.
 * This needs a mod to the CL to do the right thing, and that
 * might not be enough - what if server certs don't have the
 * appropriate usage bits?
 */
#define RSA_PUB_KEY_USAGE_HACK		1

/* debugging flags */
#ifdef	NDEBUG
#define SSL_DEBUG					0
#define ERROR_LOG_ENABLE			0
#else
#define SSL_DEBUG					1
#define ERROR_LOG_ENABLE			1
#endif	/* NDEBUG */

/*
 * Server-side PAC-based EAP support currently enabled only for debug builds.
 */
#ifdef	NDEBUG
#define SSL_PAC_SERVER_ENABLE		0
#else
#define SSL_PAC_SERVER_ENABLE		1
#endif

#define ENABLE_SSLV2                0

/* Experimental */
#define ENABLE_DTLS                 1

#define ENABLE_3DES			1		/* normally enabled */
#define ENABLE_RC4			1		/* normally enabled */
#define ENABLE_DES			0		/* normally disabled */
#define ENABLE_RC2			0		/* normally disabled */
#define ENABLE_AES			1		/* normally enabled, our first preference */
#define ENABLE_AES256		1		/* normally enabled */
#define ENABLE_ECDHE		1
#define ENABLE_ECDHE_RSA	1
#define ENABLE_ECDH			1
#define ENABLE_ECDH_RSA		1

#if defined(__cplusplus)
}
#endif

#endif	/* _SSL_BUILD_FLAGS_H_ */
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
b1ab9ed8 A	4	* @APPLE_LICENSE_HEADER_START@
d8f41ccd	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
d8f41ccd	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
d8f41ccd	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*
	25	* sslBuildFlags.h - Common build flags
	26	*/
	27
	28	#ifndef _SSL_BUILD_FLAGS_H_
	29	#define _SSL_BUILD_FLAGS_H_ 1
	30
	31	#if defined(__cplusplus)
	32	extern "C" {
	33	#endif
	34
b1ab9ed8 A	35	/*
	36	* Work around the Netscape Server Key Exchange bug. When this is
	37	* true, only do server key exchange if both of the following are
	38	* true:
	39	*
	40	* -- an export-grade ciphersuite has been negotiated, and
	41	* -- an encryptPrivKey is present in the context
	42	*/
	43	#define SSL_SERVER_KEYEXCH_HACK 0
	44
	45	/*
	46	* RSA functions which use a public key to do encryption force
	47	* the proper usage bit because the CL always gives us
	48	* a pub key (from a cert) with only the verify bit set.
	49	* This needs a mod to the CL to do the right thing, and that
	50	* might not be enough - what if server certs don't have the
	51	* appropriate usage bits?
	52	*/
	53	#define RSA_PUB_KEY_USAGE_HACK 1
	54
	55	/* debugging flags */
	56	#ifdef NDEBUG
	57	#define SSL_DEBUG 0
	58	#define ERROR_LOG_ENABLE 0
	59	#else
	60	#define SSL_DEBUG 1
	61	#define ERROR_LOG_ENABLE 1
	62	#endif /* NDEBUG */
	63
	64	/*
	65	* Server-side PAC-based EAP support currently enabled only for debug builds.
	66	*/
	67	#ifdef NDEBUG
	68	#define SSL_PAC_SERVER_ENABLE 0
	69	#else
	70	#define SSL_PAC_SERVER_ENABLE 1
	71	#endif
	72
	73	#define ENABLE_SSLV2 0
	74
	75	/* Experimental */
	76	#define ENABLE_DTLS 1
	77
	78	#define ENABLE_3DES 1 /* normally enabled */
	79	#define ENABLE_RC4 1 /* normally enabled */
	80	#define ENABLE_DES 0 /* normally disabled */
	81	#define ENABLE_RC2 0 /* normally disabled */
	82	#define ENABLE_AES 1 /* normally enabled, our first preference */
	83	#define ENABLE_AES256 1 /* normally enabled */
	84	#define ENABLE_ECDHE 1
	85	#define ENABLE_ECDHE_RSA 1
	86	#define ENABLE_ECDH 1
	87	#define ENABLE_ECDH_RSA 1
	88
	89	#if defined(__cplusplus)
	90	}
	91	#endif
	92
	93	#endif /* _SSL_BUILD_FLAGS_H_ */