From 3a584aecca23de40129d0596a3b0409f135d904a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 12 Apr 2020 23:15:51 +0200 Subject: [PATCH] Enable SSLv3 in the full config It's deprecated, but not otherwise counter-indicated for the full config: it doesn't conflict with anything and enabling it doesn't make testing harder (especially since it defaults off in compat.sh). Signed-off-by: Gilles Peskine --- scripts/config.py | 2 -- tests/scripts/basic-build-test.sh | 3 --- 2 files changed, 5 deletions(-) diff --git a/scripts/config.py b/scripts/config.py index 62891ce95..aeba64f26 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -193,8 +193,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_RSA_NO_CRT', # variant toggle 'MBEDTLS_SHA512_NO_SHA384', # removes a feature 'MBEDTLS_SSL_HW_RECORD_ACCEL', # build dependency (hook functions) - 'MBEDTLS_SSL_PROTO_SSL3', - 'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO', 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # variant toggle 'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 5080c5790..08c141052 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -68,9 +68,6 @@ export LDFLAGS=' --coverage' make clean cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.py full -# Enable some deprecated features that are not in the -# full config, but are compatible with it and have tests. -scripts/config.py set MBEDTLS_SSL_PROTO_SSL3 make -j