1/*
2 * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 * sslBuildFlags.h - Common build flags
26 */
27
28#ifndef	_SSL_BUILD_FLAGS_H_
29#define _SSL_BUILD_FLAGS_H_				1
30
31#if defined(__cplusplus)
32extern "C" {
33#endif
34
35/*
36 * Implementation-specific functionality.
37 */
38#if 1
39#undef USE_CDSA_CRYPTO				/* use corecrypto, instead of CDSA */
40#undef USE_SSLCERTIFICATE			/* use CF-based certs, not structs */
41#endif
42
43/*
44 * Work around the Netscape Server Key Exchange bug. When this is
45 * true, only do server key exchange if both of the following are
46 * true:
47 *
48 *   -- an export-grade ciphersuite has been negotiated, and
49 *   -- an encryptPrivKey is present in the context
50 */
51#define SSL_SERVER_KEYEXCH_HACK		0
52
53/*
54 * RSA functions which use a public key to do encryption force
55 * the proper usage bit because the CL always gives us
56 * a pub key (from a cert) with only the verify bit set.
57 * This needs a mod to the CL to do the right thing, and that
58 * might not be enough - what if server certs don't have the
59 * appropriate usage bits?
60 */
61#define RSA_PUB_KEY_USAGE_HACK		1
62
63/* debugging flags */
64#ifdef	NDEBUG
65#define SSL_DEBUG					0
66#define ERROR_LOG_ENABLE			0
67#else
68#define SSL_DEBUG					1
69#define ERROR_LOG_ENABLE			1
70#endif	/* NDEBUG */
71
72/*
73 * Server-side PAC-based EAP support currently enabled only for debug builds.
74 */
75#ifdef	NDEBUG
76#define SSL_PAC_SERVER_ENABLE		0
77#else
78#define SSL_PAC_SERVER_ENABLE		1
79#endif
80
81#define ENABLE_SSLV2                0
82
83/* Experimental */
84#define ENABLE_DTLS                 1
85
86#define ENABLE_3DES			1		/* normally enabled */
87#define ENABLE_RC4			1		/* normally enabled */
88#define ENABLE_DES			0		/* normally disabled */
89#define ENABLE_RC2			0		/* normally disabled */
90#define ENABLE_AES			1		/* normally enabled, our first preference */
91#define ENABLE_AES256		1		/* normally enabled */
92#define ENABLE_ECDHE		1
93#define ENABLE_ECDHE_RSA	1
94#define ENABLE_ECDH			1
95#define ENABLE_ECDH_RSA		1
96
97#if defined(__cplusplus)
98}
99#endif
100
101#endif	/* _SSL_BUILD_FLAGS_H_ */
102