option('cadir', type : 'string', value : '/etc/ssl/certs',
  description : 'This is the ucspi-ssl CA directory. An empty name means no certificate directory is compiled in.')
option('cafile', type : 'string', value : '',
  description : 'This is the ucspi-ssl CA file. An empty name means no certificate file is compiled in.')
option('ccafile', type : 'string', value : '',
  description : 'This is the ucspi-ssl client CA file. An empty name means no client certificate file is compiled in.')
option('certfile', type : 'string', value : '',
  description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
option('certchainfile', type : 'string', value : '',
  description : 'This is the sslserver certificate file. An empty name means no certificate file is compiled in.')
option('dhfile', type : 'string', value : 'etc/dh2048.pem',
  description : 'This is ucspi-ssls DH parameter file.')
option('keyfile', type : 'string', value : '',
  description : 'This is the sslserver key file. An empty name means no key file is compiled in.')

# This is the list of ciphers to use. Sample for TLS < 1.3:
#   ALL:!EXP:!MD5:!RC4:!ADH:!DES:!3DES:!PSK:!aNULL
# This is the list of ciphers to use. Sample for TLS 1.3:
#   TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384
#
# Comment:
# a) CHACHA20_POLY1305 has preference (hardest to break)
# b) AES_128_GCM comes next (-> GCM is 128 bit only!)
# c) AES_256_GCM is last (AES is mostly HW accelerated)
option('ciphers', type : 'string', value : '',
  description : 'TLS ciphers. An empty name means use the ciphers compiled into openssl.')

option('lib-only', type : 'boolean', value : false, description : 'build only libucspissl')
option('sslperl',  type : 'feature',                description : 'Build the sslperl program.')