From 52a64f715e33bf7ed2926b350bf6aeb756a6e2b7 Mon Sep 17 00:00:00 2001 From: Moritz Angermann Date: Sat, 18 Feb 2023 13:22:36 +0000 Subject: [PATCH] openssl: allow disabling ktls This allows disabling ktls on demand. E.g. for platforms where building with ktls fails. Co-authored-by: John Ericson --- pkgs/development/libraries/openssl/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index efa19a2ce19..30124d10e79 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -3,6 +3,7 @@ , withZlib ? false, zlib , enableSSL2 ? false , enableSSL3 ? false +, enableKTLS ? stdenv.isLinux , static ? stdenv.hostPlatform.isStatic # Used to avoid cross compiling perl, for example, in darwin bootstrap tools. # This will cause c_rehash to refer to perl via the environment, but otherwise @@ -134,7 +135,7 @@ let ++ lib.optional enableSSL3 "enable-ssl3" # We select KTLS here instead of the configure-time detection (which we patch out). # KTLS should work on FreeBSD 13+ as well, so we could enable it if someone tests it. - ++ lib.optional (stdenv.isLinux && lib.versionAtLeast version "3.0.0") "enable-ktls" + ++ lib.optional (lib.versionAtLeast version "3.0.0" && enableKTLS) "enable-ktls" ++ lib.optional (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options