OSX/libsecurity_ssl/Security/sslBuildFlags.h

   1 /*
   2  * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*
  25  * sslBuildFlags.h - Common build flags
  26  */
  27
  28 #ifndef _SSL_BUILD_FLAGS_H_
  29 #define _SSL_BUILD_FLAGS_H_                             1
  30
  31 #if defined(__cplusplus)
  32 extern "C" {
  33 #endif
  34
  35 /*
  36  * Implementation-specific functionality.
  37  */
  38 #if 1
  39 #undef USE_CDSA_CRYPTO                          /* use corecrypto, instead of CDSA */
  40 #undef USE_SSLCERTIFICATE                       /* use CF-based certs, not structs */
  41 #endif
  42
  43 /*
  44  * Work around the Netscape Server Key Exchange bug. When this is
  45  * true, only do server key exchange if both of the following are
  46  * true:
  47  *
  48  *   -- an export-grade ciphersuite has been negotiated, and
  49  *   -- an encryptPrivKey is present in the context
  50  */
  51 #define SSL_SERVER_KEYEXCH_HACK         0
  52
  53 /*
  54  * RSA functions which use a public key to do encryption force
  55  * the proper usage bit because the CL always gives us
  56  * a pub key (from a cert) with only the verify bit set.
  57  * This needs a mod to the CL to do the right thing, and that
  58  * might not be enough - what if server certs don't have the
  59  * appropriate usage bits?
  60  */
  61 #define RSA_PUB_KEY_USAGE_HACK          1
  62
  63 /* debugging flags */
  64 #ifdef  NDEBUG
  65 #define SSL_DEBUG                                       0
  66 #define ERROR_LOG_ENABLE                        0
  67 #else
  68 #define SSL_DEBUG                                       1
  69 #define ERROR_LOG_ENABLE                        1
  70 #endif  /* NDEBUG */
  71
  72 /*
  73  * Server-side PAC-based EAP support currently enabled only for debug builds.
  74  */
  75 #ifdef  NDEBUG
  76 #define SSL_PAC_SERVER_ENABLE           0
  77 #else
  78 #define SSL_PAC_SERVER_ENABLE           1
  79 #endif
  80
  81 #define ENABLE_SSLV2                0
  82
  83 /* Experimental */
  84 #define ENABLE_DTLS                 1
  85
  86 #define ENABLE_3DES                     1               /* normally enabled */
  87 #define ENABLE_RC4                      1               /* normally enabled */
  88 #define ENABLE_DES                      0               /* normally disabled */
  89 #define ENABLE_RC2                      0               /* normally disabled */
  90 #define ENABLE_AES                      1               /* normally enabled, our first preference */
  91 #define ENABLE_AES256           1               /* normally enabled */
  92 #define ENABLE_ECDHE            1
  93 #define ENABLE_ECDHE_RSA        1
  94 #define ENABLE_ECDH                     1
  95 #define ENABLE_ECDH_RSA         1
  96
  97 #if defined(__cplusplus)
  98 }
  99 #endif
 100
 101 #endif  /* _SSL_BUILD_FLAGS_H_ */