- Fix configure, autoconf for #1406.

config.h.in

@@ -1142,9 +1142,6 @@
 #endif
 
 
-/* Define to 1 to prefer TLS crypto settings from the system. */
-#undef USE_SYSTEM_TLS
-
 /* Define this to enable server TCP Fast Open. */
 #undef USE_TCP_FASTOPEN
 

configure

@@ -669,7 +669,6 @@ SOURCEFILE
 SOURCEDETERMINE
 IPSET_OBJ
 IPSET_SRC
-SYSTEM_TLS_DEFAULT
 IPSECMOD_HEADER
 IPSECMOD_OBJ
 CACHEDB_OBJ
@@ -937,7 +936,6 @@ enable_dnscrypt
 with_libsodium
 enable_cachedb
 enable_ipsecmod
-enable_system_tls
 enable_ipset
 with_libmnl
 enable_explicit_port_randomisation
@@ -1643,8 +1641,6 @@ Optional Features:
                           storage
   --enable-ipsecmod       Enable ipsecmod module that facilitates
                           opportunistic IPsec
-  --enable-system-tls     Enable preference of system configured TLS socket
-                          options
   --enable-ipset          enable ipset module
   --disable-explicit-port-randomisation
                           disable explicit source port randomisation and rely
@@ -25123,26 +25119,6 @@ printf "%s\n" "#define USE_IPSECMOD 1" >>confdefs.h
 		;;
 esac
 
-# check for system TLS preference if requested
-# Check whether --enable-system-tls was given.
-if test ${enable_system_tls+y}
-then :
-  enableval=$enable_system_tls;
-fi
-
-case "$enable_system_tls" in
-	yes)
-
-printf "%s\n" "#define USE_SYSTEM_TLS 1" >>confdefs.h
-
-		SYSTEM_TLS_DEFAULT="yes"
-		;;
-	no|*)
-		SYSTEM_TLS_DEFAULT="no"
-		;;
-esac
-
-
 # check for ipset if requested
 # Check whether --enable-ipset was given.
 if test ${enable_ipset+y}

doc/Changelog

@@ -12,6 +12,9 @@
 	  configure option, related to #1401, is no longer needed with the new
 	  option and the current default.
 
+16 April 2026: Wouter
+	- Fix configure, autoconf for #1406.
+
 15 April 2026: Wouter
 	- Fix RFC7766 compliance when client sends EOF over TCP. It stops
 	  pending replies and closes. Thanks to Yuxiao Wu, Tsinghua