Commit 52a64f71 authored by Moritz Angermann's avatar Moritz Angermann
Browse files

openssl: allow disabling ktls 



This allows disabling ktls on demand. E.g. for platforms where building with ktls
fails.

Co-authored-by: default avatarJohn Ericson <git@JohnEricson.me>
parent f6f9829f

pkgs/development/libraries/openssl/default.nix

+2 −1
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
, withZlib ? false, zlib

, enableSSL2 ? false

, enableSSL3 ? false

, enableKTLS ? stdenv.isLinux

, static ? stdenv.hostPlatform.isStatic

# Used to avoid cross compiling perl, for example, in darwin bootstrap tools.

# This will cause c_rehash to refer to perl via the environment, but otherwise
@@ -134,7 +135,7 @@ let 
      ++ lib.optional enableSSL3 "enable-ssl3"

      # We select KTLS here instead of the configure-time detection (which we patch out).

      # KTLS should work on FreeBSD 13+ as well, so we could enable it if someone tests it.

      ++ lib.optional (stdenv.isLinux && lib.versionAtLeast version "3.0.0") "enable-ktls"

      ++ lib.optional (lib.versionAtLeast version "3.0.0" && enableKTLS) "enable-ktls"

      ++ lib.optional (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isAarch64) "no-afalgeng"

      # OpenSSL needs a specific `no-shared` configure flag.

      # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options