Turn on TLSv1.3 downgrade protection by default

[openssl.git] / Configure

diff --git a/Configure b/Configure
index 8e99f60b975500e190317b20ffda90decc2ef816..c9f6ea760b4ca6f23205e4c5f402fddfcc0e0f4e 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -405,7 +405,6 @@ my @disablables = (
     "tests",
     "threads",
     "tls",
-    "tls13downgrade",
     "ts",
     "ubsan",
     "ui-console",
@@ -449,7 +448,6 @@ our %disabled = ( # "what"         => "comment"
                  "ssl3"                => "default",
                  "ssl3-method"         => "default",
                   "ubsan"              => "default",
-                 "tls13downgrade"      => "default",
                  "unit-test"           => "default",
                  "weak-ssl-ciphers"    => "default",
                  "zlib"                => "default",
@@ -1034,11 +1032,12 @@ if ($d) {
        $target = $t;
     }
 }
+
+&usage if !$table{$target} || $table{$target}->{template};
+
 $config{target} = $target;
 my %target = resolve_config($target);
 
-&usage if (!%target || $target{template});
-
 foreach (keys %target_attr_translate) {
     $target{$target_attr_translate{$_}} = $target{$_}
         if $target{$_};
@@ -2722,16 +2721,19 @@ exit(0);
 # Death handler, to print a helpful message in case of failure #######
 #
 sub death_handler {
-    die @_ if $^S;
+    die @_ if $^S;              # To prevent the added message in eval blocks
     my $build_file = $target{build_file} // "build file";
-    print STDERR <<"_____";
+    my @message = ( <<"_____", @_ );
 
 Failure!  $build_file wasn't produced.
 Please read INSTALL and associated NOTES files.  You may also have to look over
 your available compiler tool chain or change your configuration.
 
 _____
-    $orig_death_handler->(@_) if defined $orig_death_handler;
+
+    # Dying is terminal, so it's ok to reset the signal handler here.
+    $SIG{__DIE__} = $orig_death_handler;
+    die @message;
 }
 
 # Configuration file reading #########################################