SecureTransport/privateInc/sslBuildFlags.h

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 /*
  20         File:           sslBuildFlags.h
  21
  22         Contains:       Common build flags
  23
  24         Written by:     Doug Mitchell
  25
  26         Copyright: (c) 1999 by Apple Computer, Inc., all rights reserved.
  27
  28 */
  29
  30 #ifndef _SSL_BUILD_FLAGS_H_
  31 #define _SSL_BUILD_FLAGS_H_                             1
  32
  33 #if defined(__cplusplus)
  34 extern "C" {
  35 #endif
  36
  37 /*
  38  * general Keychain functionality.
  39  */
  40
  41 /*
  42  * Work around the Netscape Server Key Exchange bug. When this is
  43  * true, only do server key exchange if both of the following are
  44  * true:
  45  *
  46  *   -- an export-grade ciphersuite has been negotiated, and
  47  *   -- an encryptPrivKey is present in the context
  48  */
  49 #define SSL_SERVER_KEYEXCH_HACK         0
  50
  51 /*
  52  * RSA functions which use a public key to do encryption force
  53  * the proper usage bit because the CL always gives us
  54  * a pub key (from a cert) with only the verify bit set.
  55  * This needs a mod to the CL to do the right thing, and that
  56  * might not be enough - what if server certs don't have the
  57  * appropriate usage bits?
  58  */
  59 #define RSA_PUB_KEY_USAGE_HACK          1
  60
  61 /*
  62  * CSSM_KEYs obtained from Keychain require a SecKeychainRef to be freed/released.
  63  * True on 9, false on X.
  64  */
  65 #define ST_KC_KEYS_NEED_REF                     0
  66
  67 /*
  68  * We manage trusted certs and pass them to the TP.
  69  *  -- OS 9 - true
  70  *  -- OS 10, 10.1 - false
  71  *  -- Jaguar - TBD. SSLSetNewRootKC and SSLSetTrustedRootCertKC deleted for now.
  72  */
  73 #define ST_MANAGES_TRUSTED_ROOTS        0
  74
  75 /* debugging flags */
  76 #ifdef  NDEBUG
  77 #define SSL_DEBUG                                       0
  78 #define ERROR_LOG_ENABLE                        0
  79 #else
  80 #define SSL_DEBUG                                       1
  81 #define ERROR_LOG_ENABLE                        1
  82 #endif  /* NDEBUG */
  83
  84 #if defined(__cplusplus)
  85 }
  86 #endif
  87
  88 #endif  /* _SSL_BUILD_FLAGS_H_ */