Update Configure to know about tls1_3

Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is because this is a WIP and will not be interoperable with any other TLS1.3 implementation. Finally, we fix some tests that started failing when TLS1.3 was disabled by default. Reviewed-by: Rich Salz <rsalz@openssl.org>
2024-12-17 14:03:36 +08:00 · 2016-10-30 08:38:52 +00:00 · 2016-10-30 08:38:52 +00:00 · 84a6833658
commit 84a6833658
parent 0ced42e050
6 changed files with 404 additions and 1474 deletions
--- a/6
+++ b/6
@ -318,7 +318,7 @@ $config{sdirs} = [
    ];

 # Known TLS and DTLS protocols
-my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
 my @dtls = qw(dtls1 dtls1_2);

 # Explicitly known options that are possible to disable.  They can
@ -440,6 +440,8 @@ our %disabled = ( # "what"         => "comment"
 		  "ssl3"                => "default",
 		  "ssl3-method"         => "default",
                  "ubsan"		=> "default",
+          #TODO(TLS1.3): Temporarily disabled while this is a WIP
+		  "tls1_3"              => "default",
 		  "unit-test"           => "default",
 		  "weak-ssl-ciphers"    => "default",
 		  "zlib"                => "default",
@ -476,7 +478,7 @@ my @disable_cascades = (
    sub { $disabled{rsa}
 	  && ($disabled{dsa} || $disabled{dh})
 	  && ($disabled{ecdsa} || $disabled{ecdh}); }
-			=> [ "tls1", "tls1_1", "tls1_2",
+			=> [ "tls1", "tls1_1", "tls1_2", "tls1_3",
 			     "dtls1", "dtls1_2" ],

    "tls"		=> [ @tls ],
--- a/6
+++ b/6
@ -457,6 +457,12 @@
                   specific configuration, e.g. "-m32" to build x86 code on
                   an x64 system.

+  enable-tls1_3
+                   TODO(TLS1.3): Make this enabled by default
+                   Build support for TLS1.3. Note: This is a WIP feature and
+                   does not currently interoperate with other TLS1.3
+                   implementations! Use with caution!!
+
  no-<prot>
                   Don't build support for negotiating the specified SSL/TLS
                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2, dtls,
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@ -34,7 +34,8 @@ plan tests => 18;  # = scalar @conf_srcs
 # Some test results depend on the configuration of enabled protocols. We only
 # verify generated sources in the default configuration.
 my $is_default_tls = (disabled("ssl3") && !disabled("tls1") &&
-                      !disabled("tls1_1") && !disabled("tls1_2"));
+                      !disabled("tls1_1") && !disabled("tls1_2") &&
+                      disabled("tls1_3"));

 my $is_default_dtls = (!disabled("dtls1") && !disabled("dtls1_2"));

--- a/test/ssl-tests/02-protocol-version.conf
+++ b/test/ssl-tests/02-protocol-version.conf
--- a/test/ssl-tests/10-resumption.conf
+++ b/test/ssl-tests/10-resumption.conf
--- a/test/ssl-tests/protocol_version.pm
+++ b/test/ssl-tests/protocol_version.pm
@ -137,6 +137,7 @@ sub generate_resumption_tests {

    my @protocols = $dtls ? @dtls_protocols : @tls_protocols;
    my $min_enabled  = $dtls ? $min_dtls_enabled : $min_tls_enabled;
+    my $max_enabled = $dtls ? $max_dtls_enabled : $max_tls_enabled;

    if (no_tests($dtls)) {
        return;
@ -146,10 +147,10 @@ sub generate_resumption_tests {
    my @client_tests = ();

    # Obtain the first session against a fixed-version server/client.
-    foreach my $original_protocol($min_enabled..$#protocols) {
+    foreach my $original_protocol($min_enabled..$max_enabled) {
        # Upgrade or downgrade the server/client max version support and test
        # that it upgrades, downgrades or resumes the session as well.
-        foreach my $resume_protocol($min_enabled..$#protocols) {
+        foreach my $resume_protocol($min_enabled..$max_enabled) {
            my $resumption_expected;
            # We should only resume on exact version match.
            if ($original_protocol eq $resume_protocol) {