[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Tue Nov 7 15:32:26 UTC 2017

The branch OpenSSL_1_1_0-stable has been updated
       via  f70425d3ac5e4ef17cfa116d99f8f03bbac1c7f2 (commit)
      from  2df7971728ddd388a77de56acc01e4bab37796bb (commit)


- Log -----------------------------------------------------------------
commit f70425d3ac5e4ef17cfa116d99f8f03bbac1c7f2
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Nov 7 16:04:15 2017 +0100

    Configure: cleanup @disable_cascade
    
    'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence
    of other conditions, so having cascading disables that depend on them
    is futile.  Clean up!
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4693)
    
    (cherry picked from commit 89635075d84353fc0c3d44a82fd0903ccd4ab24a)

-----------------------------------------------------------------------

Summary of changes:
 Configure | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/Configure b/Configure
index 3d4b2cd..44aecc7 100755
--- a/Configure
+++ b/Configure
@@ -461,31 +461,10 @@ my @disable_cascades = (
     sub { 0 == scalar grep { !$disabled{$_} } @dtls }
 			=> [ "dtls" ],
 
-    # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
-    "md5"		=> [ "ssl", "tls1", "tls1_1", "dtls1" ],
-    "sha"		=> [ "ssl", "tls1", "tls1_1", "dtls1" ],
-
-    # Additionally, SSL 3.0 requires either RSA or DSA+DH
-    sub { $disabled{rsa}
-	  && ($disabled{dsa} || $disabled{dh}); }
-			=> [ "ssl" ],
-
-    # (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH
-    # or ECDSA + ECDH.  (D)TLS 1.2 has this requirement as well.
-    # (XXX: We don't support PSK-only builds).
-    sub { $disabled{rsa}
-	  && ($disabled{dsa} || $disabled{dh})
-	  && ($disabled{ecdsa} || $disabled{ecdh}); }
-			=> [ "tls1", "tls1_1", "tls1_2",
-			     "dtls1", "dtls1_2" ],
-
     "tls"		=> [ @tls ],
     sub { 0 == scalar grep { !$disabled{$_} } @tls }
 			=> [ "tls" ],
 
-    # SRP and HEARTBEATS require TLSEXT
-    "tlsext"		=> [ "srp", "heartbeats" ],
-
     "crypto-mdebug"     => [ "crypto-mdebug-backtrace" ],
 
     # Without DSO, we can't load dynamic engines, so don't build them dynamic
