Annotation of embedaddon/curl/projects/wolfssl_options.h, revision 1.1
1.1 ! misho 1: /***************************************************************************
! 2: * _ _ ____ _
! 3: * Project ___| | | | _ \| |
! 4: * / __| | | | |_) | |
! 5: * | (__| |_| | _ <| |___
! 6: * \___|\___/|_| \_\_____|
! 7: *
! 8: * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
! 9: *
! 10: * This software is licensed as described in the file COPYING, which
! 11: * you should have received as part of this distribution. The terms
! 12: * are also available at https://curl.haxx.se/docs/copyright.html.
! 13: *
! 14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
! 15: * copies of the Software, and permit persons to whom the Software is
! 16: * furnished to do so, under the terms of the COPYING file.
! 17: *
! 18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
! 19: * KIND, either express or implied.
! 20: *
! 21: ***************************************************************************/
! 22: /*
! 23: By default wolfSSL has a very conservative configuration that can result in
! 24: connections to servers failing due to certificate or algorithm problems.
! 25: To remedy this issue for libcurl I've generated this options file that
! 26: build-wolfssl will copy to the wolfSSL include directories and will result in
! 27: maximum compatibility.
! 28:
! 29: These are the configure options that were used to build wolfSSL v3.11.0 in
! 30: mingw and generate the options in this file:
! 31:
! 32: C_EXTRA_FLAGS="\
! 33: -Wno-attributes \
! 34: -Wno-unused-but-set-variable \
! 35: -DFP_MAX_BITS=16384 \
! 36: -DTFM_TIMING_RESISTANT \
! 37: -DWOLFSSL_STATIC_DH \
! 38: -DWOLFSSL_STATIC_RSA \
! 39: " \
! 40: ./configure --prefix=/usr/local \
! 41: --disable-jobserver \
! 42: --enable-aesgcm \
! 43: --enable-alpn \
! 44: --enable-certgen \
! 45: --enable-des3 \
! 46: --enable-dh \
! 47: --enable-dsa \
! 48: --enable-ecc \
! 49: --enable-eccshamir \
! 50: --enable-fastmath \
! 51: --enable-opensslextra \
! 52: --enable-ripemd \
! 53: --enable-sessioncerts \
! 54: --enable-sha512 \
! 55: --enable-sni \
! 56: --enable-sslv3 \
! 57: --enable-supportedcurves \
! 58: --enable-testcert \
! 59: > config.out 2>&1
! 60:
! 61: Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
! 62: are inapplicable for our Visual Studio build. Currently thread local storage is
! 63: only used by the Fixed Point cache ECC which we're not enabling. However even
! 64: if we later may decide to enable the cache it will fallback on mutexes when
! 65: thread local storage is not available. wolfSSL is using __declspec(thread) to
! 66: create the thread local storage and that could be a problem for LoadLibrary.
! 67:
! 68: Regarding the options that were added via C_EXTRA_FLAGS:
! 69:
! 70: FP_MAX_BITS=16384
! 71: https://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
! 72: "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
! 73: buffer size. You can do this using the define:
! 74: FP_MAX_BITS and setting it to 8192."
! 75:
! 76: TFM_TIMING_RESISTANT
! 77: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
! 78: From section 2.4.5 Increasing Performance, USE_FAST_MATH:
! 79: "Because the stack memory usage can be larger when using fastmath, we recommend
! 80: defining TFM_TIMING_RESISTANT as well when using this option."
! 81:
! 82: WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
! 83: WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
! 84: https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
! 85: Static key cipher suites are deprecated and disabled by default since v3.6.6.
! 86: */
! 87:
! 88: /* wolfssl options.h
! 89: * generated from configure options
! 90: *
! 91: * Copyright (C) 2006-2015 wolfSSL Inc.
! 92: *
! 93: * This file is part of wolfSSL. (formerly known as CyaSSL)
! 94: *
! 95: */
! 96:
! 97: #ifndef WOLFSSL_OPTIONS_H
! 98: #define WOLFSSL_OPTIONS_H
! 99:
! 100:
! 101: #ifdef __cplusplus
! 102: extern "C" {
! 103: #endif
! 104:
! 105: #undef FP_MAX_BITS
! 106: #define FP_MAX_BITS 16384
! 107:
! 108: #undef TFM_TIMING_RESISTANT
! 109: #define TFM_TIMING_RESISTANT
! 110:
! 111: #undef WOLFSSL_STATIC_DH
! 112: #define WOLFSSL_STATIC_DH
! 113:
! 114: #undef WOLFSSL_STATIC_RSA
! 115: #define WOLFSSL_STATIC_RSA
! 116:
! 117: #undef OPENSSL_EXTRA
! 118: #define OPENSSL_EXTRA
! 119:
! 120: /*
! 121: The commented out defines below are the equivalent of --enable-tls13.
! 122: Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta.
! 123: This is for experimenting only, afaict TLS 1.3 support doesn't appear to be
! 124: functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943
! 125:
! 126: #undef WC_RSA_PSS
! 127: #define WC_RSA_PSS
! 128:
! 129: #undef WOLFSSL_TLS13
! 130: #define WOLFSSL_TLS13
! 131:
! 132: #undef HAVE_TLS_EXTENSIONS
! 133: #define HAVE_TLS_EXTENSIONS
! 134:
! 135: #undef HAVE_FFDHE_2048
! 136: #define HAVE_FFDHE_2048
! 137:
! 138: #undef HAVE_HKDF
! 139: #define HAVE_HKDF
! 140: */
! 141:
! 142: #undef TFM_TIMING_RESISTANT
! 143: #define TFM_TIMING_RESISTANT
! 144:
! 145: #undef ECC_TIMING_RESISTANT
! 146: #define ECC_TIMING_RESISTANT
! 147:
! 148: #undef WC_RSA_BLINDING
! 149: #define WC_RSA_BLINDING
! 150:
! 151: #undef HAVE_AESGCM
! 152: #define HAVE_AESGCM
! 153:
! 154: #undef WOLFSSL_RIPEMD
! 155: #define WOLFSSL_RIPEMD
! 156:
! 157: #undef WOLFSSL_SHA512
! 158: #define WOLFSSL_SHA512
! 159:
! 160: #undef WOLFSSL_SHA384
! 161: #define WOLFSSL_SHA384
! 162:
! 163: #undef SESSION_CERTS
! 164: #define SESSION_CERTS
! 165:
! 166: #undef WOLFSSL_CERT_GEN
! 167: #define WOLFSSL_CERT_GEN
! 168:
! 169: #undef HAVE_ECC
! 170: #define HAVE_ECC
! 171:
! 172: #undef TFM_ECC256
! 173: #define TFM_ECC256
! 174:
! 175: #undef ECC_SHAMIR
! 176: #define ECC_SHAMIR
! 177:
! 178: #undef WOLFSSL_ALLOW_SSLV3
! 179: #define WOLFSSL_ALLOW_SSLV3
! 180:
! 181: #undef NO_RC4
! 182: #define NO_RC4
! 183:
! 184: #undef NO_HC128
! 185: #define NO_HC128
! 186:
! 187: #undef NO_RABBIT
! 188: #define NO_RABBIT
! 189:
! 190: #undef HAVE_POLY1305
! 191: #define HAVE_POLY1305
! 192:
! 193: #undef HAVE_ONE_TIME_AUTH
! 194: #define HAVE_ONE_TIME_AUTH
! 195:
! 196: #undef HAVE_CHACHA
! 197: #define HAVE_CHACHA
! 198:
! 199: #undef HAVE_HASHDRBG
! 200: #define HAVE_HASHDRBG
! 201:
! 202: #undef HAVE_TLS_EXTENSIONS
! 203: #define HAVE_TLS_EXTENSIONS
! 204:
! 205: #undef HAVE_SNI
! 206: #define HAVE_SNI
! 207:
! 208: #undef HAVE_TLS_EXTENSIONS
! 209: #define HAVE_TLS_EXTENSIONS
! 210:
! 211: #undef HAVE_ALPN
! 212: #define HAVE_ALPN
! 213:
! 214: #undef HAVE_TLS_EXTENSIONS
! 215: #define HAVE_TLS_EXTENSIONS
! 216:
! 217: #undef HAVE_SUPPORTED_CURVES
! 218: #define HAVE_SUPPORTED_CURVES
! 219:
! 220: #undef HAVE_EXTENDED_MASTER
! 221: #define HAVE_EXTENDED_MASTER
! 222:
! 223: #undef WOLFSSL_TEST_CERT
! 224: #define WOLFSSL_TEST_CERT
! 225:
! 226: #undef NO_PSK
! 227: #define NO_PSK
! 228:
! 229: #undef NO_MD4
! 230: #define NO_MD4
! 231:
! 232: #undef USE_FAST_MATH
! 233: #define USE_FAST_MATH
! 234:
! 235: #undef WC_NO_ASYNC_THREADING
! 236: #define WC_NO_ASYNC_THREADING
! 237:
! 238:
! 239: #ifdef __cplusplus
! 240: }
! 241: #endif
! 242:
! 243:
! 244: #endif /* WOLFSSL_OPTIONS_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to wolfssl_options.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / projects