Index: tls/build.sh ================================================================== --- tls/build.sh +++ tls/build.sh @@ -26,10 +26,14 @@ rm -rf libressl-* gzip -dc "${pkgdir}/${archive}" | tar -xf - || exit 1 cd "libressl-${version}" || exit 1 + + # This defeats hardening attempts that break on various platforms + CFLAGS=' -g -O0 ' + export CFLAGS ./configure ${CONFIGUREEXTRA} --disable-shared --enable-static --prefix="$(pwd)/INST" || exit 1 # Disable building the apps -- they do not get used rm -rf apps @@ -47,16 +51,10 @@ SSLDIR="$(pwd)/libressl-${version}/INST" addlibs_LOCALSSL="$(PKG_CONFIG_PATH="${SSLDIR}/lib/pkgconfig" "${PKG_CONFIG:-pkg-config}" libssl libcrypto --libs --static)" } function preconfigure() { - # Disable SSLv2, newer SSL libraries drop support for it entirely - CFLAGS="${CFLAGS} -DNO_SSL2=1" - - # Disable SSLv3, newer SSL libraries drop support for it entirely - CFLAGS="${CFLAGS} -DNO_SSL3=1" - # Determine SSL directory if [ -z "${CPP}" ]; then CPP="${CC:-cc} -E" fi @@ -80,10 +78,17 @@ fi fi # Add SSL library to configure options configure_extra=(--with-ssl-dir="${SSLDIR}") + + # Disable SSLv2, newer SSL libraries drop support for it entirely + CFLAGS="${CFLAGS} -DNO_SSL2=1" + + # Disable SSLv3, newer SSL libraries drop support for it entirely + CFLAGS="${CFLAGS} -DNO_SSL3=1" + export CFLAGS } function postconfigure() { local linkaddfile local addlibs