diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-03-08 08:30:32 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-04-19 08:22:16 +0200 |
commit | d71ff2b9db566b3f4b2eb29441c2df86715d4339 (patch) | |
tree | ddd481d5d61a136b958da6efde6ef4817ed74107 /configure.ac | |
parent | eff614fb0242cb37d33f89e2e74a93cef5203aed (diff) | |
download | curl-d71ff2b9db566b3f4b2eb29441c2df86715d4339.tar.gz |
hsts: enable by default
No longer considered experimental.
Closes #6700
Diffstat (limited to 'configure.ac')
-rwxr-xr-x | configure.ac | 49 |
1 files changed, 30 insertions, 19 deletions
diff --git a/configure.ac b/configure.ac index 2a00aea2b..5da2ac37c 100755 --- a/configure.ac +++ b/configure.ac @@ -165,13 +165,15 @@ curl_verbose_msg="enabled (--disable-verbose)" curl_rtmp_msg="no (--with-librtmp)" curl_mtlnk_msg="no (--with-libmetalink)" curl_psl_msg="no (--with-libpsl)" - curl_altsvc_msg="enabled"; + curl_altsvc_msg="enabled (--disable-alt-svc)" + curl_hsts_msg="enabled (--disable-hsts)" ssl_backends= curl_h1_msg="enabled (internal)" curl_h2_msg="no (--with-nghttp2, --with-hyper)" curl_h3_msg="no (--with-ngtcp2, --with-quiche)" enable_altsvc="yes" +enable_hsts="yes" dnl dnl Save some initial values the user might have provided @@ -395,9 +397,12 @@ AS_HELP_STRING([--disable-http],[Disable HTTP support]), AC_SUBST(CURL_DISABLE_RTSP, [1]) dnl toggle off alt-svc too when HTTP is disabled AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc]) + AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable HSTS]) curl_h1_msg="no (--enable-http, --with-hyper)" curl_altsvc_msg="no"; + curl_hsts_msg="no (--enable-hsts)"; enable_altsvc="no" + enable_hsts="no" ;; *) AC_MSG_RESULT(yes) ;; @@ -5071,29 +5076,34 @@ AS_HELP_STRING([--disable-alt-svc],[Disable alt-svc support]), AC_MSG_RESULT(no) ) -dnl ************************************************************ -dnl switch on/off hsts -dnl -curl_hsts_msg="no (--enable-hsts)"; -AC_MSG_CHECKING([whether to support HSTS]) -AC_ARG_ENABLE(hsts, -AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) -AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), -[ case "$enableval" in - no) +dnl only check for HSTS if there's SSL present +if test -n "$SSL_ENABLED"; then + + dnl ************************************************************ + dnl switch on/off hsts + dnl + AC_MSG_CHECKING([whether to support HSTS]) + AC_ARG_ENABLE(hsts, + AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) + AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), + [ case "$enableval" in + no) AC_MSG_RESULT(no) + enable_hsts="no" ;; - *) AC_MSG_RESULT(yes) - curl_hsts_msg="enabled"; - enable_hsts="yes" + *) AC_MSG_RESULT(yes) ;; - esac ], + esac ], AC_MSG_RESULT(no) -) + ) +else + AC_MSG_NOTICE([disables HSTS due to lack of SSL]) + enable_hsts="no" +fi -if test "$enable_hsts" = "yes"; then - AC_DEFINE(USE_HSTS, 1, [to enable HSTS]) - experimental="$experimental HSTS" +if test "x$enable_hsts" != "xyes"; then + curl_hsts_msg="no (--enable-hsts)"; + AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable alt-svc]) fi dnl ************************************************************* @@ -5480,6 +5490,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: Metalink: ${curl_mtlnk_msg} PSL: ${curl_psl_msg} Alt-svc: ${curl_altsvc_msg} + HSTS: ${curl_hsts_msg} HTTP1: ${curl_h1_msg} HTTP2: ${curl_h2_msg} HTTP3: ${curl_h3_msg} |