]> git.saurik.com Git - apple/security.git/blob - libsecurity_ssl/lib/sslBuildFlags.h
Security-55178.0.1.tar.gz
[apple/security.git] / libsecurity_ssl / lib / sslBuildFlags.h
1 /*
2 * Copyright (c) 1999-2001,2005-2008,2010-2012 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*
25 * sslBuildFlags.h - Common build flags
26 */
27
28 #ifndef _SSL_BUILD_FLAGS_H_
29 #define _SSL_BUILD_FLAGS_H_ 1
30
31 #if defined(__cplusplus)
32 extern "C" {
33 #endif
34
35 /*
36 * Implementation-specific functionality.
37 */
38 #if 1
39 #undef USE_CDSA_CRYPTO /* use corecrypto, instead of CDSA */
40 #undef USE_SSLCERTIFICATE /* use CF-based certs, not structs */
41 #endif
42
43 /*
44 * Work around the Netscape Server Key Exchange bug. When this is
45 * true, only do server key exchange if both of the following are
46 * true:
47 *
48 * -- an export-grade ciphersuite has been negotiated, and
49 * -- an encryptPrivKey is present in the context
50 */
51 #define SSL_SERVER_KEYEXCH_HACK 0
52
53 /*
54 * RSA functions which use a public key to do encryption force
55 * the proper usage bit because the CL always gives us
56 * a pub key (from a cert) with only the verify bit set.
57 * This needs a mod to the CL to do the right thing, and that
58 * might not be enough - what if server certs don't have the
59 * appropriate usage bits?
60 */
61 #define RSA_PUB_KEY_USAGE_HACK 1
62
63 /* debugging flags */
64 #ifdef NDEBUG
65 #define SSL_DEBUG 0
66 #define ERROR_LOG_ENABLE 0
67 #else
68 #define SSL_DEBUG 1
69 #define ERROR_LOG_ENABLE 1
70 #endif /* NDEBUG */
71
72 /*
73 * Server-side PAC-based EAP support currently enabled only for debug builds.
74 */
75 #ifdef NDEBUG
76 #define SSL_PAC_SERVER_ENABLE 0
77 #else
78 #define SSL_PAC_SERVER_ENABLE 1
79 #endif
80
81 #define ENABLE_SSLV2 0
82
83 /* Experimental */
84 #define ENABLE_DTLS 1
85
86 #define ENABLE_3DES 1 /* normally enabled */
87 #define ENABLE_RC4 1 /* normally enabled */
88 #define ENABLE_DES 0 /* normally disabled */
89 #define ENABLE_RC2 0 /* normally disabled */
90 #define ENABLE_AES 1 /* normally enabled, our first preference */
91 #define ENABLE_AES256 1 /* normally enabled */
92 #define ENABLE_ECDHE 1
93 #define ENABLE_ECDHE_RSA 1
94 #define ENABLE_ECDH 1
95 #define ENABLE_ECDH_RSA 1
96
97 #if defined(__cplusplus)
98 }
99 #endif
100
101 #endif /* _SSL_BUILD_FLAGS_H_ */