diff options
| author | Philipp Waehnert <philipp.waehnert@mgm-tp.com> | 2018-07-25 11:00:15 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2018-09-07 09:38:33 +0200 |
| commit | 6684653b682bae0be75ea62bb473b126923952f1 (patch) | |
| tree | 3e5749139cd2cdaba658fbd530473c51beffe197 /winbuild | |
| parent | c515294cec6ee9b72d68e6f13dc1972bcf3fed30 (diff) | |
| download | curl-6684653b682bae0be75ea62bb473b126923952f1.tar.gz | |
configure: add option to disable automatic OpenSSL config loading
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.
Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.
Fixes #2724
Closes #2791
Diffstat (limited to 'winbuild')
| -rw-r--r-- | winbuild/Makefile.vc | 6 | ||||
| -rw-r--r-- | winbuild/MakefileBuild.vc | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc index a874b77f8..7b42e1bdb 100644 --- a/winbuild/Makefile.vc +++ b/winbuild/Makefile.vc @@ -53,6 +53,8 @@ CFGSET=true !MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes !MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes !MESSAGE ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults to yes +!MESSAGE ENABLE_OPENSSL_AUTO_LOAD_CONFIG=<yes or no> +!MESSAGE - Whether the OpenSSL configuration will be loaded automatically, defaults to yes !MESSAGE GEN_PDB=<yes or no> - Generate Program Database (debug symbols for release build) !MESSAGE DEBUG=<yes or no> - Debug builds !MESSAGE MACHINE=<x86 or x64> - Target architecture (default x64 on AMD64, x86 on others) @@ -130,6 +132,10 @@ USE_WINSSL = true USE_WINSSL = false !ENDIF +!IFNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG +ENABLE_OPENSSL_AUTO_LOAD_CONFIG = true +!ENDIF + CONFIG_NAME_LIB = libcurl !IF "$(WITH_SSL)"=="dll" diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc index 019a414a0..2b4087d58 100644 --- a/winbuild/MakefileBuild.vc +++ b/winbuild/MakefileBuild.vc @@ -152,6 +152,9 @@ SSL_CFLAGS = /DUSE_OPENSSL /I"$(SSL_INC_DIR)" !IF EXISTS("$(SSL_INC_DIR)\is_boringssl.h")
SSL_CFLAGS = $(SSL_CFLAGS) /DHAVE_BORINGSSL
!ENDIF
+!IF "$(ENABLE_OPENSSL_AUTO_LOAD_CONFIG)"=="false"
+SSL_CFLAGS = $(SSL_CFLAGS) /DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG
+!ENDIF
!ENDIF
|