SecureTransport/privateInc/sslBuildFlags.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           sslBuildFlags.h
  21
  22         Contains:       Common build flags
  23
  24         Written by:     Doug Mitchell
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _SSL_BUILD_FLAGS_H_
  31 #define _SSL_BUILD_FLAGS_H_                             1
  32
  33 #if defined(__cplusplus)
  34 extern "C" {
  35 #endif
  36
  37 /*
  38  * general Keychain functionality.
  39  */
  40
  41 #define ST_KEYCHAIN_ENABLE                              1
  42
  43 /*
  44  * Work around the Netscape Server Key Exchange bug. When this is
  45  * true, only do server key exchange if both of the following are
  46  * true:
  47  *
  48  *   -- an export-grade ciphersuite has been negotiated, and
  49  *   -- an encryptPrivKey is present in the context
  50  */
  51 #define SSL_SERVER_KEYEXCH_HACK                 0
  52
  53 /*
  54  * RSA functions which use a public key to do encryption force
  55  * the proper usage bit because the CL always gives us
  56  * a pub key (from a cert) with only the verify bit set.
  57  * This needs a mod to the CL to do the right thing, and that
  58  * might not be enough - what if server certs don't have the
  59  * appropriate usage bits?
  60  */
  61 #define RSA_PUB_KEY_USAGE_HACK                  1
  62
  63 /*
  64  * For now, we're assuming that the domestic CSP is available - major
  65  * rework needed if it's not.
  66  */
  67 #define APPLE_DOMESTIC_CSP_REQUIRED             1
  68
  69 /*
  70  * CSSM_KEYs obtained from Keychain require a SecKeychainRef to be freed/released.
  71  * True on 9, false on X.
  72  */
  73 #define ST_KC_KEYS_NEED_REF                     0
  74
  75 /*
  76  * Initial bringup of server/keychain on X: the certRefs argument of
  77  * SSLSetCertificate() contains one DLDBHandle, not a number of
  78  * SecIdentityRefs. The DLDB contains exactly one private key, and a
  79  * cert with PrintName which matches that key. Public key is obtained
  80  * from the cert. We have to manually attach to the CSPDL in this case.
  81  */
  82 #define ST_FAKE_KEYCHAIN                        0
  83
  84 /*
  85  * Flags need for manually attaching to CSPDL for configuration which
  86  * does not contain a working SecKeychainGetCSPHandle().
  87  */
  88 #define ST_FAKE_GET_CSPDL_HANDLE        0
  89
  90 /*
  91  * We manage trusted certs and pass them to the TP.
  92  *  -- OS 9 - true
  93  *  -- OS 10, 10.1 - false
  94  *  -- Jaguar - TBD. SSLSetNewRootKC and SSLSetTrustedRootCertKC deleted for now.
  95  */
  96 #define ST_MANAGES_TRUSTED_ROOTS        0
  97
  98 /* debugging flags */
  99 #ifdef  NDEBUG
 100 #define SSL_DEBUG                       0
 101 #define ERROR_LOG_ENABLE        0
 102 #else
 103 #define SSL_DEBUG                       1
 104 #define ERROR_LOG_ENABLE        1
 105 #endif  /* NDEBUG */
 106
 107 #if defined(__cplusplus)
 108 }
 109 #endif
 110
 111 #endif  /* _SSL_BUILD_FLAGS_H_ */