| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- /*
- By default wolfSSL has a very conservative configuration that can result in
- connections to servers failing due to certificate or algorithm problems.
- To remedy this issue for libcurl I've generated this options file that
- build-wolfssl will copy to the wolfSSL include directories and will result in
- maximum compatibility.
- These configure flags were used in MinGW to generate the options in this file:
- --enable-opensslextra
- --enable-aesgcm
- --enable-ripemd
- --enable-sha512
- --enable-dh
- --enable-dsa
- --enable-ecc
- --enable-sni
- --enable-fastmath
- --enable-sessioncerts
- --enable-certgen
- --enable-testcert
- C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"
- Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
- are inapplicable for our Visual Studio build.
- Regarding the two options that were added via C_EXTRA_FLAGS:
- FP_MAX_BITS=16384
- http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
- "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
- buffer size. You can do this using the define:
- FP_MAX_BITS and setting it to 8192."
- TFM_TIMING_RESISTANT
- https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
- From section 2.4.5 Increasing Performance, USE_FAST_MATH:
- "Because the stack memory usage can be larger when using fastmath, we recommend
- defining TFM_TIMING_RESISTANT as well when using this option."
- */
- /* wolfssl options.h
- * generated from configure options
- *
- * Copyright (C) 2006-2015 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- */
- #pragma once
- #ifdef __cplusplus
- extern "C" {
- #endif
- #undef FP_MAX_BITS
- #define FP_MAX_BITS 16384
- #undef TFM_TIMING_RESISTANT
- #define TFM_TIMING_RESISTANT
- #undef OPENSSL_EXTRA
- #define OPENSSL_EXTRA
- #undef HAVE_AESGCM
- #define HAVE_AESGCM
- #undef WOLFSSL_RIPEMD
- #define WOLFSSL_RIPEMD
- #undef WOLFSSL_SHA512
- #define WOLFSSL_SHA512
- #undef WOLFSSL_SHA384
- #define WOLFSSL_SHA384
- #undef SESSION_CERTS
- #define SESSION_CERTS
- #undef WOLFSSL_CERT_GEN
- #define WOLFSSL_CERT_GEN
- #undef HAVE_ECC
- #define HAVE_ECC
- #undef TFM_ECC256
- #define TFM_ECC256
- #undef ECC_SHAMIR
- #define ECC_SHAMIR
- #undef NO_PSK
- #define NO_PSK
- #undef NO_RC4
- #define NO_RC4
- #undef NO_MD4
- #define NO_MD4
- #undef NO_HC128
- #define NO_HC128
- #undef NO_RABBIT
- #define NO_RABBIT
- #undef HAVE_POLY1305
- #define HAVE_POLY1305
- #undef HAVE_ONE_TIME_AUTH
- #define HAVE_ONE_TIME_AUTH
- #undef HAVE_CHACHA
- #define HAVE_CHACHA
- #undef HAVE_HASHDRBG
- #define HAVE_HASHDRBG
- #undef HAVE_TLS_EXTENSIONS
- #define HAVE_TLS_EXTENSIONS
- #undef HAVE_SNI
- #define HAVE_SNI
- #undef WOLFSSL_TEST_CERT
- #define WOLFSSL_TEST_CERT
- #undef USE_FAST_MATH
- #define USE_FAST_MATH
- #ifdef __cplusplus
- }
- #endif
|
