From 89635075d84353fc0c3d44a82fd0903ccd4ab24a Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 7 Nov 2017 16:04:15 +0100 Subject: [PATCH] Configure: cleanup @disable_cascade 'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence of other conditions, so having cascading disables that depend on them is futile. Clean up! Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/4693) --- Configure | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/Configure b/Configure index 3821741183..85ee88d6cb 100755 --- a/Configure +++ b/Configure @@ -478,31 +478,10 @@ my @disable_cascades = ( sub { 0 == scalar grep { !$disabled{$_} } @dtls } => [ "dtls" ], - # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA - "md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ], - "sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ], - - # Additionally, SSL 3.0 requires either RSA or DSA+DH - sub { $disabled{rsa} - && ($disabled{dsa} || $disabled{dh}); } - => [ "ssl" ], - - # (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH - # or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well. - # (XXX: We don't support PSK-only builds). - sub { $disabled{rsa} - && ($disabled{dsa} || $disabled{dh}) - && ($disabled{ecdsa} || $disabled{ecdh}); } - => [ "tls1", "tls1_1", "tls1_2", "tls1_3", - "dtls1", "dtls1_2" ], - "tls" => [ @tls ], sub { 0 == scalar grep { !$disabled{$_} } @tls } => [ "tls" ], - # SRP and HEARTBEATS require TLSEXT - "tlsext" => [ "srp", "heartbeats" ], - "crypto-mdebug" => [ "crypto-mdebug-backtrace" ], # Without DSO, we can't load dynamic engines, so don't build them dynamic