summaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2021-03-08 08:30:32 +0100
committerDaniel Stenberg <daniel@haxx.se>2021-04-19 08:22:16 +0200
commitd71ff2b9db566b3f4b2eb29441c2df86715d4339 (patch)
treeddd481d5d61a136b958da6efde6ef4817ed74107 /configure.ac
parenteff614fb0242cb37d33f89e2e74a93cef5203aed (diff)
downloadcurl-d71ff2b9db566b3f4b2eb29441c2df86715d4339.tar.gz
hsts: enable by default
No longer considered experimental. Closes #6700
Diffstat (limited to 'configure.ac')
-rwxr-xr-xconfigure.ac49
1 files changed, 30 insertions, 19 deletions
diff --git a/configure.ac b/configure.ac
index 2a00aea2b..5da2ac37c 100755
--- a/configure.ac
+++ b/configure.ac
@@ -165,13 +165,15 @@ curl_verbose_msg="enabled (--disable-verbose)"
curl_rtmp_msg="no (--with-librtmp)"
curl_mtlnk_msg="no (--with-libmetalink)"
curl_psl_msg="no (--with-libpsl)"
- curl_altsvc_msg="enabled";
+ curl_altsvc_msg="enabled (--disable-alt-svc)"
+ curl_hsts_msg="enabled (--disable-hsts)"
ssl_backends=
curl_h1_msg="enabled (internal)"
curl_h2_msg="no (--with-nghttp2, --with-hyper)"
curl_h3_msg="no (--with-ngtcp2, --with-quiche)"
enable_altsvc="yes"
+enable_hsts="yes"
dnl
dnl Save some initial values the user might have provided
@@ -395,9 +397,12 @@ AS_HELP_STRING([--disable-http],[Disable HTTP support]),
AC_SUBST(CURL_DISABLE_RTSP, [1])
dnl toggle off alt-svc too when HTTP is disabled
AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc])
+ AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable HSTS])
curl_h1_msg="no (--enable-http, --with-hyper)"
curl_altsvc_msg="no";
+ curl_hsts_msg="no (--enable-hsts)";
enable_altsvc="no"
+ enable_hsts="no"
;;
*) AC_MSG_RESULT(yes)
;;
@@ -5071,29 +5076,34 @@ AS_HELP_STRING([--disable-alt-svc],[Disable alt-svc support]),
AC_MSG_RESULT(no)
)
-dnl ************************************************************
-dnl switch on/off hsts
-dnl
-curl_hsts_msg="no (--enable-hsts)";
-AC_MSG_CHECKING([whether to support HSTS])
-AC_ARG_ENABLE(hsts,
-AS_HELP_STRING([--enable-hsts],[Enable HSTS support])
-AS_HELP_STRING([--disable-hsts],[Disable HSTS support]),
-[ case "$enableval" in
- no)
+dnl only check for HSTS if there's SSL present
+if test -n "$SSL_ENABLED"; then
+
+ dnl ************************************************************
+ dnl switch on/off hsts
+ dnl
+ AC_MSG_CHECKING([whether to support HSTS])
+ AC_ARG_ENABLE(hsts,
+ AS_HELP_STRING([--enable-hsts],[Enable HSTS support])
+ AS_HELP_STRING([--disable-hsts],[Disable HSTS support]),
+ [ case "$enableval" in
+ no)
AC_MSG_RESULT(no)
+ enable_hsts="no"
;;
- *) AC_MSG_RESULT(yes)
- curl_hsts_msg="enabled";
- enable_hsts="yes"
+ *) AC_MSG_RESULT(yes)
;;
- esac ],
+ esac ],
AC_MSG_RESULT(no)
-)
+ )
+else
+ AC_MSG_NOTICE([disables HSTS due to lack of SSL])
+ enable_hsts="no"
+fi
-if test "$enable_hsts" = "yes"; then
- AC_DEFINE(USE_HSTS, 1, [to enable HSTS])
- experimental="$experimental HSTS"
+if test "x$enable_hsts" != "xyes"; then
+ curl_hsts_msg="no (--enable-hsts)";
+ AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable alt-svc])
fi
dnl *************************************************************
@@ -5480,6 +5490,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
Metalink: ${curl_mtlnk_msg}
PSL: ${curl_psl_msg}
Alt-svc: ${curl_altsvc_msg}
+ HSTS: ${curl_hsts_msg}
HTTP1: ${curl_h1_msg}
HTTP2: ${curl_h2_msg}
HTTP3: ${curl_h3_msg}