If all versions of a proto are disabled, disabled the proto as well
authorRichard Levitte <levitte@openssl.org>
Fri, 17 Feb 2017 19:48:28 +0000 (20:48 +0100)
committerRichard Levitte <levitte@openssl.org>
Fri, 17 Feb 2017 20:28:41 +0000 (21:28 +0100)
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)

Configure

index 1fe2280fd43b1fa1cd59304186cd694b67643762..ac2571f9325f0aee128633c08ea5d683eccc1d34 100755 (executable)
--- a/Configure
+++ b/Configure
@@ -472,6 +472,8 @@ my @disable_cascades = (
     "dgram"            => [ "dtls", "sctp" ],
     "sock"             => [ "dgram" ],
     "dtls"             => [ @dtls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+                       => [ "dtls" ],
 
     # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
     "md5"              => [ "ssl", "tls1", "tls1_1", "dtls1" ],
@@ -492,6 +494,8 @@ my @disable_cascades = (
                             "dtls1", "dtls1_2" ],
 
     "tls"              => [ @tls ],
+    sub { 0 == scalar grep { !$disabled{$_} } @tls }
+                       => [ "tls" ],
 
     # SRP and HEARTBEATS require TLSEXT
     "tlsext"           => [ "srp", "heartbeats" ],