Annotation of embedaddon/curl/projects/wolfssl_options.h, revision 1.1.1.1
1.1 misho 1: /***************************************************************************
2: * _ _ ____ _
3: * Project ___| | | | _ \| |
4: * / __| | | | |_) | |
5: * | (__| |_| | _ <| |___
6: * \___|\___/|_| \_\_____|
7: *
8: * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
9: *
10: * This software is licensed as described in the file COPYING, which
11: * you should have received as part of this distribution. The terms
12: * are also available at https://curl.haxx.se/docs/copyright.html.
13: *
14: * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15: * copies of the Software, and permit persons to whom the Software is
16: * furnished to do so, under the terms of the COPYING file.
17: *
18: * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19: * KIND, either express or implied.
20: *
21: ***************************************************************************/
22: /*
23: By default wolfSSL has a very conservative configuration that can result in
24: connections to servers failing due to certificate or algorithm problems.
25: To remedy this issue for libcurl I've generated this options file that
26: build-wolfssl will copy to the wolfSSL include directories and will result in
27: maximum compatibility.
28:
29: These are the configure options that were used to build wolfSSL v3.11.0 in
30: mingw and generate the options in this file:
31:
32: C_EXTRA_FLAGS="\
33: -Wno-attributes \
34: -Wno-unused-but-set-variable \
35: -DFP_MAX_BITS=16384 \
36: -DTFM_TIMING_RESISTANT \
37: -DWOLFSSL_STATIC_DH \
38: -DWOLFSSL_STATIC_RSA \
39: " \
40: ./configure --prefix=/usr/local \
41: --disable-jobserver \
42: --enable-aesgcm \
43: --enable-alpn \
44: --enable-certgen \
45: --enable-des3 \
46: --enable-dh \
47: --enable-dsa \
48: --enable-ecc \
49: --enable-eccshamir \
50: --enable-fastmath \
51: --enable-opensslextra \
52: --enable-ripemd \
53: --enable-sessioncerts \
54: --enable-sha512 \
55: --enable-sni \
56: --enable-sslv3 \
57: --enable-supportedcurves \
58: --enable-testcert \
59: > config.out 2>&1
60:
61: Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
62: are inapplicable for our Visual Studio build. Currently thread local storage is
63: only used by the Fixed Point cache ECC which we're not enabling. However even
64: if we later may decide to enable the cache it will fallback on mutexes when
65: thread local storage is not available. wolfSSL is using __declspec(thread) to
66: create the thread local storage and that could be a problem for LoadLibrary.
67:
68: Regarding the options that were added via C_EXTRA_FLAGS:
69:
70: FP_MAX_BITS=16384
71: https://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
72: "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
73: buffer size. You can do this using the define:
74: FP_MAX_BITS and setting it to 8192."
75:
76: TFM_TIMING_RESISTANT
77: https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
78: From section 2.4.5 Increasing Performance, USE_FAST_MATH:
79: "Because the stack memory usage can be larger when using fastmath, we recommend
80: defining TFM_TIMING_RESISTANT as well when using this option."
81:
82: WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
83: WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
84: https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
85: Static key cipher suites are deprecated and disabled by default since v3.6.6.
86: */
87:
88: /* wolfssl options.h
89: * generated from configure options
90: *
91: * Copyright (C) 2006-2015 wolfSSL Inc.
92: *
93: * This file is part of wolfSSL. (formerly known as CyaSSL)
94: *
95: */
96:
97: #ifndef WOLFSSL_OPTIONS_H
98: #define WOLFSSL_OPTIONS_H
99:
100:
101: #ifdef __cplusplus
102: extern "C" {
103: #endif
104:
105: #undef FP_MAX_BITS
106: #define FP_MAX_BITS 16384
107:
108: #undef TFM_TIMING_RESISTANT
109: #define TFM_TIMING_RESISTANT
110:
111: #undef WOLFSSL_STATIC_DH
112: #define WOLFSSL_STATIC_DH
113:
114: #undef WOLFSSL_STATIC_RSA
115: #define WOLFSSL_STATIC_RSA
116:
117: #undef OPENSSL_EXTRA
118: #define OPENSSL_EXTRA
119:
120: /*
121: The commented out defines below are the equivalent of --enable-tls13.
122: Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta.
123: This is for experimenting only, afaict TLS 1.3 support doesn't appear to be
124: functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943
125:
126: #undef WC_RSA_PSS
127: #define WC_RSA_PSS
128:
129: #undef WOLFSSL_TLS13
130: #define WOLFSSL_TLS13
131:
132: #undef HAVE_TLS_EXTENSIONS
133: #define HAVE_TLS_EXTENSIONS
134:
135: #undef HAVE_FFDHE_2048
136: #define HAVE_FFDHE_2048
137:
138: #undef HAVE_HKDF
139: #define HAVE_HKDF
140: */
141:
142: #undef TFM_TIMING_RESISTANT
143: #define TFM_TIMING_RESISTANT
144:
145: #undef ECC_TIMING_RESISTANT
146: #define ECC_TIMING_RESISTANT
147:
148: #undef WC_RSA_BLINDING
149: #define WC_RSA_BLINDING
150:
151: #undef HAVE_AESGCM
152: #define HAVE_AESGCM
153:
154: #undef WOLFSSL_RIPEMD
155: #define WOLFSSL_RIPEMD
156:
157: #undef WOLFSSL_SHA512
158: #define WOLFSSL_SHA512
159:
160: #undef WOLFSSL_SHA384
161: #define WOLFSSL_SHA384
162:
163: #undef SESSION_CERTS
164: #define SESSION_CERTS
165:
166: #undef WOLFSSL_CERT_GEN
167: #define WOLFSSL_CERT_GEN
168:
169: #undef HAVE_ECC
170: #define HAVE_ECC
171:
172: #undef TFM_ECC256
173: #define TFM_ECC256
174:
175: #undef ECC_SHAMIR
176: #define ECC_SHAMIR
177:
178: #undef WOLFSSL_ALLOW_SSLV3
179: #define WOLFSSL_ALLOW_SSLV3
180:
181: #undef NO_RC4
182: #define NO_RC4
183:
184: #undef NO_HC128
185: #define NO_HC128
186:
187: #undef NO_RABBIT
188: #define NO_RABBIT
189:
190: #undef HAVE_POLY1305
191: #define HAVE_POLY1305
192:
193: #undef HAVE_ONE_TIME_AUTH
194: #define HAVE_ONE_TIME_AUTH
195:
196: #undef HAVE_CHACHA
197: #define HAVE_CHACHA
198:
199: #undef HAVE_HASHDRBG
200: #define HAVE_HASHDRBG
201:
202: #undef HAVE_TLS_EXTENSIONS
203: #define HAVE_TLS_EXTENSIONS
204:
205: #undef HAVE_SNI
206: #define HAVE_SNI
207:
208: #undef HAVE_TLS_EXTENSIONS
209: #define HAVE_TLS_EXTENSIONS
210:
211: #undef HAVE_ALPN
212: #define HAVE_ALPN
213:
214: #undef HAVE_TLS_EXTENSIONS
215: #define HAVE_TLS_EXTENSIONS
216:
217: #undef HAVE_SUPPORTED_CURVES
218: #define HAVE_SUPPORTED_CURVES
219:
220: #undef HAVE_EXTENDED_MASTER
221: #define HAVE_EXTENDED_MASTER
222:
223: #undef WOLFSSL_TEST_CERT
224: #define WOLFSSL_TEST_CERT
225:
226: #undef NO_PSK
227: #define NO_PSK
228:
229: #undef NO_MD4
230: #define NO_MD4
231:
232: #undef USE_FAST_MATH
233: #define USE_FAST_MATH
234:
235: #undef WC_NO_ASYNC_THREADING
236: #define WC_NO_ASYNC_THREADING
237:
238:
239: #ifdef __cplusplus
240: }
241: #endif
242:
243:
244: #endif /* WOLFSSL_OPTIONS_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to wolfssl_options.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / curl / projects