Index: src/makemake.tcl ================================================================== --- src/makemake.tcl +++ src/makemake.tcl @@ -695,13 +695,13 @@ ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support -# for both SSLv2 and SSLv3 (i.e. thereby forcing the use of TLS). +# for SSLv3 (i.e. thereby forcing the use of TLS). # -SSLCONFIG += no-ssl2 no-ssl3 no-weak-ssl-ciphers no-shared +SSLCONFIG += no-ssl3 no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ @@ -711,11 +711,11 @@ #### The directories where the OpenSSL include and library files are located. # The recommended usage here is to use the Sysinternals junction tool # to create a hard link between an "openssl-1.x" sub-directory of the # Fossil source code directory and the target OpenSSL source directory. # -OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.0.2r +OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.1.1b OPENSSLINCDIR = $(OPENSSLDIR)/include OPENSSLLIBDIR = $(OPENSSLDIR) #### Either the directory where the Tcl library is installed or the Tcl # source code directory resides (depending on the value of the macro @@ -1567,78 +1567,42 @@ !ifndef USE_SEE USE_SEE = 0 !endif !if $(FOSSIL_ENABLE_SSL)!=0 -SSLDIR = $(B)\compat\openssl-1.0.2r -SSLINCDIR = $(SSLDIR)\inc32 -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLLIBDIR = $(SSLDIR)\out32dll -!else -SSLLIBDIR = $(SSLDIR)\out32 -!endif -SSLLFLAGS = /nologo /opt:ref /debug -SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib -!if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" -!message Using 'x64' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN64A no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN64A no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_win64a.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS -!endif -!elseif "$(PLATFORM)"=="ia64" -!message Using 'ia64' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN64I no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN64I no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_win64i.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS -!endif -!else -!message Assuming 'x86' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN32 no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN32 no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_ms.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS +SSLDIR = $(B)\compat\openssl-1.1.1b +SSLINCDIR = $(SSLDIR)\include +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLLIBDIR = $(SSLDIR) +!else +SSLLIBDIR = $(SSLDIR) +!endif +SSLLFLAGS = /nologo /opt:ref /debug +SSLLIB = libssl.lib libcrypto.lib user32.lib gdi32.lib crypt32.lib +!if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" +!message Using 'x64' platform for OpenSSL... +SSLCONFIG = VC-WIN64A no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared +!endif +!elseif "$(PLATFORM)"=="ia64" +!message Using 'ia64' platform for OpenSSL... +SSLCONFIG = VC-WIN64I no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared +!endif +!else +!message Assuming 'x86' platform for OpenSSL... +SSLCONFIG = VC-WIN32 no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared !endif !endif !endif !if $(FOSSIL_ENABLE_TCL)!=0 @@ -1857,15 +1821,14 @@ @echo Building OpenSSL from "$(SSLDIR)"... !if "$(PERLDIR)" != "" @set PATH=$(PERLDIR);$(PATH) !endif @pushd "$(SSLDIR)" && $(PERL) Configure $(SSLCONFIG) && popd - @pushd "$(SSLDIR)" && call $(SSLSETUP) && popd !if $(FOSSIL_ENABLE_WINXP)!=0 - @pushd "$(SSLDIR)" && $(MAKE) /f $(SSLNMAKE) "CC=cl $(SSLCFLAGS) $(XPCFLAGS)" "LFLAGS=$(SSLLFLAGS) $(XPLDFLAGS)" && popd + @pushd "$(SSLDIR)" && $(MAKE) "CC=cl $(XPCFLAGS)" "LFLAGS=$(XPLDFLAGS)" && popd !else - @pushd "$(SSLDIR)" && $(MAKE) /f $(SSLNMAKE) "CC=cl $(SSLCFLAGS)" && popd + @pushd "$(SSLDIR)" && $(MAKE) && popd !endif !endif !if $(FOSSIL_ENABLE_MINIZ)==0 !if $(FOSSIL_BUILD_ZLIB)!=0 Index: win/Makefile.mingw ================================================================== --- win/Makefile.mingw +++ win/Makefile.mingw @@ -158,13 +158,13 @@ ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support -# for both SSLv2 and SSLv3 (i.e. thereby forcing the use of TLS). +# for SSLv3 (i.e. thereby forcing the use of TLS). # -SSLCONFIG += no-ssl2 no-ssl3 no-weak-ssl-ciphers no-shared +SSLCONFIG += no-ssl3 no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ @@ -174,11 +174,11 @@ #### The directories where the OpenSSL include and library files are located. # The recommended usage here is to use the Sysinternals junction tool # to create a hard link between an "openssl-1.x" sub-directory of the # Fossil source code directory and the target OpenSSL source directory. # -OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.0.2r +OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.1.1b OPENSSLINCDIR = $(OPENSSLDIR)/include OPENSSLLIBDIR = $(OPENSSLDIR) #### Either the directory where the Tcl library is installed or the Tcl # source code directory resides (depending on the value of the macro Index: win/Makefile.mingw.mistachkin ================================================================== --- win/Makefile.mingw.mistachkin +++ win/Makefile.mingw.mistachkin @@ -158,13 +158,13 @@ ZLIBCONFIG = ZLIBTARGETS = endif #### Disable creation of the OpenSSL shared libraries. Also, disable support -# for both SSLv2 and SSLv3 (i.e. thereby forcing the use of TLS). +# for SSLv3 (i.e. thereby forcing the use of TLS). # -SSLCONFIG += no-ssl2 no-ssl3 no-weak-ssl-ciphers no-shared +SSLCONFIG += no-ssl3 no-weak-ssl-ciphers no-shared #### When using zlib, make sure that OpenSSL is configured to use the zlib # that Fossil knows about (i.e. the one within the source tree). # ifndef FOSSIL_ENABLE_MINIZ @@ -174,11 +174,11 @@ #### The directories where the OpenSSL include and library files are located. # The recommended usage here is to use the Sysinternals junction tool # to create a hard link between an "openssl-1.x" sub-directory of the # Fossil source code directory and the target OpenSSL source directory. # -OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.0.2r +OPENSSLDIR = $(SRCDIR)/../compat/openssl-1.1.1b OPENSSLINCDIR = $(OPENSSLDIR)/include OPENSSLLIBDIR = $(OPENSSLDIR) #### Either the directory where the Tcl library is installed or the Tcl # source code directory resides (depending on the value of the macro Index: win/Makefile.msc ================================================================== --- win/Makefile.msc +++ win/Makefile.msc @@ -98,78 +98,42 @@ !ifndef USE_SEE USE_SEE = 0 !endif !if $(FOSSIL_ENABLE_SSL)!=0 -SSLDIR = $(B)\compat\openssl-1.0.2r -SSLINCDIR = $(SSLDIR)\inc32 -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLLIBDIR = $(SSLDIR)\out32dll -!else -SSLLIBDIR = $(SSLDIR)\out32 -!endif -SSLLFLAGS = /nologo /opt:ref /debug -SSLLIB = ssleay32.lib libeay32.lib user32.lib gdi32.lib crypt32.lib -!if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" -!message Using 'x64' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN64A no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN64A no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_win64a.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS -!endif -!elseif "$(PLATFORM)"=="ia64" -!message Using 'ia64' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN64I no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN64I no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_win64i.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS -!endif -!else -!message Assuming 'x86' platform for OpenSSL... -# BUGBUG (OpenSSL): Using "no-ssl*" here breaks the build. -# SSLCONFIG = VC-WIN32 no-asm no-ssl2 no-ssl3 no-weak-ssl-ciphers -SSLCONFIG = VC-WIN32 no-asm -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLCONFIG = $(SSLCONFIG) shared -!else -SSLCONFIG = $(SSLCONFIG) no-shared -!endif -SSLSETUP = ms\do_ms.bat -!if $(FOSSIL_DYNAMIC_BUILD)!=0 -SSLNMAKE = ms\ntdll.mak all -!else -SSLNMAKE = ms\nt.mak all -!endif -# BUGBUG (OpenSSL): Using "OPENSSL_NO_SSL*" here breaks dynamic builds. -!if $(FOSSIL_DYNAMIC_BUILD)==0 -SSLCFLAGS = -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3 -DOPENSSL_NO_WEAK_SSL_CIPHERS +SSLDIR = $(B)\compat\openssl-1.1.1b +SSLINCDIR = $(SSLDIR)\include +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLLIBDIR = $(SSLDIR) +!else +SSLLIBDIR = $(SSLDIR) +!endif +SSLLFLAGS = /nologo /opt:ref /debug +SSLLIB = libssl.lib libcrypto.lib user32.lib gdi32.lib crypt32.lib +!if "$(PLATFORM)"=="amd64" || "$(PLATFORM)"=="x64" +!message Using 'x64' platform for OpenSSL... +SSLCONFIG = VC-WIN64A no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared +!endif +!elseif "$(PLATFORM)"=="ia64" +!message Using 'ia64' platform for OpenSSL... +SSLCONFIG = VC-WIN64I no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared +!endif +!else +!message Assuming 'x86' platform for OpenSSL... +SSLCONFIG = VC-WIN32 no-asm no-ssl3 no-weak-ssl-ciphers +!if $(FOSSIL_DYNAMIC_BUILD)!=0 +SSLCONFIG = $(SSLCONFIG) shared +!else +SSLCONFIG = $(SSLCONFIG) no-shared !endif !endif !endif !if $(FOSSIL_ENABLE_TCL)!=0 @@ -760,15 +724,14 @@ @echo Building OpenSSL from "$(SSLDIR)"... !if "$(PERLDIR)" != "" @set PATH=$(PERLDIR);$(PATH) !endif @pushd "$(SSLDIR)" && $(PERL) Configure $(SSLCONFIG) && popd - @pushd "$(SSLDIR)" && call $(SSLSETUP) && popd !if $(FOSSIL_ENABLE_WINXP)!=0 - @pushd "$(SSLDIR)" && $(MAKE) /f $(SSLNMAKE) "CC=cl $(SSLCFLAGS) $(XPCFLAGS)" "LFLAGS=$(SSLLFLAGS) $(XPLDFLAGS)" && popd + @pushd "$(SSLDIR)" && $(MAKE) "CC=cl $(XPCFLAGS)" "LFLAGS=$(XPLDFLAGS)" && popd !else - @pushd "$(SSLDIR)" && $(MAKE) /f $(SSLNMAKE) "CC=cl $(SSLCFLAGS)" && popd + @pushd "$(SSLDIR)" && $(MAKE) && popd !endif !endif !if $(FOSSIL_ENABLE_MINIZ)==0 !if $(FOSSIL_BUILD_ZLIB)!=0 Index: www/build.wiki ================================================================== --- www/build.wiki +++ www/build.wiki @@ -161,11 +161,11 @@ the optional OpenSSL support, first download the official source code for OpenSSL and extract it to an appropriately named "openssl-X.Y.ZA" subdirectory within the local [/tree?ci=trunk&name=compat | compat] directory (e.g. -"compat/openssl-1.0.2r"), then make sure that some recent +"compat/openssl-1.1.1b"), then make sure that some recent Perl binaries are installed locally, and finally run one of the following commands:
nmake /f Makefile.msc FOSSIL_ENABLE_SSL=1 FOSSIL_BUILD_SSL=1 PERLDIR=C:\full\path\to\Perl\bin