1/* 2 * Copyright (c) 1999-2001,2005-2008,2010-2012,2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * sslBuildFlags.h - Common build flags 26 */ 27 28#ifndef _SSL_BUILD_FLAGS_H_ 29#define _SSL_BUILD_FLAGS_H_ 1 30 31#if defined(__cplusplus) 32extern "C" { 33#endif 34 35/* 36 * Implementation-specific functionality. 37 */ 38#if 1 39#undef USE_CDSA_CRYPTO /* use corecrypto, instead of CDSA */ 40#undef USE_SSLCERTIFICATE /* use CF-based certs, not structs */ 41#endif 42 43/* 44 * Work around the Netscape Server Key Exchange bug. When this is 45 * true, only do server key exchange if both of the following are 46 * true: 47 * 48 * -- an export-grade ciphersuite has been negotiated, and 49 * -- an encryptPrivKey is present in the context 50 */ 51#define SSL_SERVER_KEYEXCH_HACK 0 52 53/* 54 * RSA functions which use a public key to do encryption force 55 * the proper usage bit because the CL always gives us 56 * a pub key (from a cert) with only the verify bit set. 57 * This needs a mod to the CL to do the right thing, and that 58 * might not be enough - what if server certs don't have the 59 * appropriate usage bits? 60 */ 61#define RSA_PUB_KEY_USAGE_HACK 1 62 63/* debugging flags */ 64#ifdef NDEBUG 65#define SSL_DEBUG 0 66#define ERROR_LOG_ENABLE 0 67#else 68#define SSL_DEBUG 1 69#define ERROR_LOG_ENABLE 1 70#endif /* NDEBUG */ 71 72/* 73 * Server-side PAC-based EAP support currently enabled only for debug builds. 74 */ 75#ifdef NDEBUG 76#define SSL_PAC_SERVER_ENABLE 0 77#else 78#define SSL_PAC_SERVER_ENABLE 1 79#endif 80 81#define ENABLE_SSLV2 0 82 83/* Experimental */ 84#define ENABLE_DTLS 1 85 86#define ENABLE_3DES 1 /* normally enabled */ 87#define ENABLE_RC4 1 /* normally enabled */ 88#define ENABLE_DES 0 /* normally disabled */ 89#define ENABLE_RC2 0 /* normally disabled */ 90#define ENABLE_AES 1 /* normally enabled, our first preference */ 91#define ENABLE_AES256 1 /* normally enabled */ 92#define ENABLE_ECDHE 1 93#define ENABLE_ECDHE_RSA 1 94#define ENABLE_ECDH 1 95#define ENABLE_ECDH_RSA 1 96 97#if defined(__cplusplus) 98} 99#endif 100 101#endif /* _SSL_BUILD_FLAGS_H_ */ 102