Fix the no-tls1 option

This also fixes no-tls which is an alias for no-tls1 in 1.0.2 (it is not possible to do no-tls1_1 or no-tls1_2 in 1.0.2). Because it is not possible to disable TLS1.1 or TLS1.2 it no longer follows that disabling TLS1.0 should force the disabling of tlsext. Also a few missing ifdef guards. GitHub Iusse#935 Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-26 13:11:17 +01:00 · 2016-08-26 13:11:17 +01:00 · 847fe92910
commit 847fe92910
parent 3953bf53da
3 changed files with 5 additions and 5 deletions
--- a/5
+++ b/5
@ -1082,11 +1082,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"})
 	$disabled{"tls1"} = "forced";
 	}

-if (defined($disabled{"tls1"}))
-	{
-	$disabled{"tlsext"} = "forced";
-	}
-
 if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
    || defined($disabled{"dh"}))
 	{
--- a/apps/srp.c
+++ b/apps/srp.c
@ -765,4 +765,6 @@ int MAIN(int argc, char **argv)
    OPENSSL_EXIT(ret);
 }

+#else
+static void *dummy = &dummy;
 #endif
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@ -3141,9 +3141,12 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity,

 static int do_test_cipherlist(void)
 {
+#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3) || \
+    !defined(OPENSSL_NO_TLS1)
    int i = 0;
    const SSL_METHOD *meth;
    const SSL_CIPHER *ci, *tci = NULL;
+#endif

 #ifndef OPENSSL_NO_SSL2
    fprintf(stderr, "testing SSLv2 cipher list order: ");