X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_ssl/lib/sslBuildFlags.h diff --git a/Security/libsecurity_ssl/lib/sslBuildFlags.h b/Security/libsecurity_ssl/lib/sslBuildFlags.h new file mode 100644 index 00000000..b17519b1 --- /dev/null +++ b/Security/libsecurity_ssl/lib/sslBuildFlags.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +/* + * sslBuildFlags.h - Common build flags + */ + +#ifndef _SSL_BUILD_FLAGS_H_ +#define _SSL_BUILD_FLAGS_H_ 1 + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * Implementation-specific functionality. + */ +#if 1 +#undef USE_CDSA_CRYPTO /* use corecrypto, instead of CDSA */ +#undef USE_SSLCERTIFICATE /* use CF-based certs, not structs */ +#endif + +/* + * Work around the Netscape Server Key Exchange bug. When this is + * true, only do server key exchange if both of the following are + * true: + * + * -- an export-grade ciphersuite has been negotiated, and + * -- an encryptPrivKey is present in the context + */ +#define SSL_SERVER_KEYEXCH_HACK 0 + +/* + * RSA functions which use a public key to do encryption force + * the proper usage bit because the CL always gives us + * a pub key (from a cert) with only the verify bit set. + * This needs a mod to the CL to do the right thing, and that + * might not be enough - what if server certs don't have the + * appropriate usage bits? + */ +#define RSA_PUB_KEY_USAGE_HACK 1 + +/* debugging flags */ +#ifdef NDEBUG +#define SSL_DEBUG 0 +#define ERROR_LOG_ENABLE 0 +#else +#define SSL_DEBUG 1 +#define ERROR_LOG_ENABLE 1 +#endif /* NDEBUG */ + +/* + * Server-side PAC-based EAP support currently enabled only for debug builds. + */ +#ifdef NDEBUG +#define SSL_PAC_SERVER_ENABLE 0 +#else +#define SSL_PAC_SERVER_ENABLE 1 +#endif + +#define ENABLE_SSLV2 0 + +/* Experimental */ +#define ENABLE_DTLS 1 + +#define ENABLE_3DES 1 /* normally enabled */ +#define ENABLE_RC4 1 /* normally enabled */ +#define ENABLE_DES 0 /* normally disabled */ +#define ENABLE_RC2 0 /* normally disabled */ +#define ENABLE_AES 1 /* normally enabled, our first preference */ +#define ENABLE_AES256 1 /* normally enabled */ +#define ENABLE_ECDHE 1 +#define ENABLE_ECDHE_RSA 1 +#define ENABLE_ECDH 1 +#define ENABLE_ECDH_RSA 1 + +#if defined(__cplusplus) +} +#endif + +#endif /* _SSL_BUILD_FLAGS_H_ */