Merge branch 'wip/dueno/disable-heartbeat' into 'master'

build: disable TLS heartbeat extension by default Closes #743 See merge request gnutls/gnutls!1682
author: Daiki Ueno <ueno@gnu.org> 2022-12-19 13:39:11 +0000
committer: Daiki Ueno <ueno@gnu.org> 2022-12-19 13:39:11 +0000
commit: 358bbdd17dbcf34800a3b9b7bb9e50bd314a0085 (patch)
tree: 8432dde48a182f27a5663dfbd6eba0a73d957046
parent: 6d8ea338eb29a8e8b333150a8459aab77f3ef65e (diff)
parent: ad1231aab95d5340cbe7f7f986a195f43f53e8a8 (diff)
download: gnutls-358bbdd17dbcf34800a3b9b7bb9e50bd314a0085.tar.gz
3 files changed, 10 insertions, 3 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 7d4b6805b6..39f41aebd2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -345,6 +345,7 @@ fedora-minimal/build:
     - fedora/bootstrap
   script:
     - dnf remove -y libunistring-devel libtasn1-devel libidn-devel
+    - dnf install -y libtasn1-tools
     - dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1
       --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests
       --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication
diff --git a/NEWS b/NEWS
index b769566ba3..cc5a064843 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,12 @@ and to simplify maintenance, see <https://gitlab.com/gnutls/guile/>.
    priority modifier have been added to allow disabling of the
    status_request TLS extension in the client side.
 
+** libgnutls: TLS heartbeat is disabled by default.
+   The heartbeat extension in TLS (RFC 6520) is not widely used given
+   other implementations dropped support for it. To enable back
+   support for it, supply --enable-heartbeat-support to configure
+   script.
+
 ** minitasn1: Upgraded to libtasn1 version 4.19.
 
 ** API and ABI modifications:
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index f3cdaa8586..10e23afc54 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -232,11 +232,11 @@ LIBTASN1_MINIMUM=4.9
   fi
   AM_CONDITIONAL(ENABLE_ALPN, test "$ac_enable_alpn" != "no")
 
-  ac_enable_heartbeat=yes
+  ac_enable_heartbeat=no
   AC_MSG_CHECKING([whether to enable TLS heartbeat support])
   AC_ARG_ENABLE(heartbeat-support,
-    AS_HELP_STRING([--disable-heartbeat-support],
-                   [disable support for the heartbeat extension]),
+    AS_HELP_STRING([--enable-heartbeat-support],
+                   [enable support for the heartbeat extension]),
     ac_enable_heartbeat=$enableval)
   if test x$ac_enable_heartbeat != xno; then
    AC_MSG_RESULT(yes)
author	Daiki Ueno <ueno@gnu.org>	2022-12-19 13:39:11 +0000
committer	Daiki Ueno <ueno@gnu.org>	2022-12-19 13:39:11 +0000
commit	358bbdd17dbcf34800a3b9b7bb9e50bd314a0085 (patch)
tree	8432dde48a182f27a5663dfbd6eba0a73d957046
parent	6d8ea338eb29a8e8b333150a8459aab77f3ef65e (diff)
parent	ad1231aab95d5340cbe7f7f986a195f43f53e8a8 (diff)
download	gnutls-358bbdd17dbcf34800a3b9b7bb9e50bd314a0085.tar.gz