diff options
author | Daiki Ueno <ueno@gnu.org> | 2022-12-19 13:39:11 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2022-12-19 13:39:11 +0000 |
commit | 358bbdd17dbcf34800a3b9b7bb9e50bd314a0085 (patch) | |
tree | 8432dde48a182f27a5663dfbd6eba0a73d957046 | |
parent | 6d8ea338eb29a8e8b333150a8459aab77f3ef65e (diff) | |
parent | ad1231aab95d5340cbe7f7f986a195f43f53e8a8 (diff) | |
download | gnutls-358bbdd17dbcf34800a3b9b7bb9e50bd314a0085.tar.gz |
Merge branch 'wip/dueno/disable-heartbeat' into 'master'
build: disable TLS heartbeat extension by default
Closes #743
See merge request gnutls/gnutls!1682
-rw-r--r-- | .gitlab-ci.yml | 1 | ||||
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | m4/hooks.m4 | 6 |
3 files changed, 10 insertions, 3 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7d4b6805b6..39f41aebd2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -345,6 +345,7 @@ fedora-minimal/build: - fedora/bootstrap script: - dnf remove -y libunistring-devel libtasn1-devel libidn-devel + - dnf install -y libtasn1-tools - dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1 --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication @@ -15,6 +15,12 @@ and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>. priority modifier have been added to allow disabling of the status_request TLS extension in the client side. +** libgnutls: TLS heartbeat is disabled by default. + The heartbeat extension in TLS (RFC 6520) is not widely used given + other implementations dropped support for it. To enable back + support for it, supply --enable-heartbeat-support to configure + script. + ** minitasn1: Upgraded to libtasn1 version 4.19. ** API and ABI modifications: diff --git a/m4/hooks.m4 b/m4/hooks.m4 index f3cdaa8586..10e23afc54 100644 --- a/m4/hooks.m4 +++ b/m4/hooks.m4 @@ -232,11 +232,11 @@ LIBTASN1_MINIMUM=4.9 fi AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no") - ac_enable_heartbeat=yes + ac_enable_heartbeat=no AC_MSG_CHECKING([whether to enable TLS heartbeat support]) AC_ARG_ENABLE(heartbeat-support, - AS_HELP_STRING([--disable-heartbeat-support], - [disable support for the heartbeat extension]), + AS_HELP_STRING([--enable-heartbeat-support], + [enable support for the heartbeat extension]), ac_enable_heartbeat=$enableval) if test x$ac_enable_heartbeat != xno; then AC_MSG_RESULT(yes) |