123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308 |
- /***************************************************************************
- * _ _ ____ _
- * Project ___| | | | _ \| |
- * / __| | | | |_) | |
- * | (__| |_| | _ <| |___
- * \___|\___/|_| \_\_____|
- *
- * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
- * are also available at https://curl.se/docs/copyright.html.
- *
- * You may opt to use, copy, modify, merge, publish, distribute and/or sell
- * copies of the Software, and permit persons to whom the Software is
- * furnished to do so, under the terms of the COPYING file.
- *
- * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
- * KIND, either express or implied.
- *
- * SPDX-License-Identifier: curl
- *
- ***************************************************************************/
- /*
- By default wolfSSL has a very conservative configuration that can result in
- connections to servers failing due to certificate or algorithm problems.
- To remedy this issue for libcurl I've generated this options file that
- build-wolfssl will copy to the wolfSSL include directories and will result in
- maximum compatibility.
- These are the configure options that were used to build wolfSSL v5.1.1 in
- mingw and generate the options in this file:
- C_EXTRA_FLAGS="\
- -Wno-attributes \
- -Wno-unused-but-set-variable \
- -DFP_MAX_BITS=16384 \
- -DHAVE_SECRET_CALLBACK \
- -DTFM_TIMING_RESISTANT \
- -DUSE_WOLF_STRTOK \
- -DWOLFSSL_DES_ECB \
- -DWOLFSSL_STATIC_DH \
- -DWOLFSSL_STATIC_RSA \
- " \
- ./configure --prefix=/usr/local \
- --disable-jobserver \
- --enable-aesgcm \
- --enable-alpn \
- --enable-altcertchains \
- --enable-certgen \
- --enable-des3 \
- --enable-dh \
- --enable-dsa \
- --enable-ecc \
- --enable-eccshamir \
- --enable-fastmath \
- --enable-opensslextra \
- --enable-ripemd \
- --enable-sessioncerts \
- --enable-sha512 \
- --enable-sni \
- --enable-tlsv10 \
- --enable-supportedcurves \
- --enable-tls13 \
- --enable-testcert \
- > config.out 2>&1
- Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
- are inapplicable for our Visual Studio build. Currently thread local storage is
- only used by the Fixed Point cache ECC which we're not enabling. However even
- if we later may decide to enable the cache it will fallback on mutexes when
- thread local storage is not available. wolfSSL is using __declspec(thread) to
- create the thread local storage and that could be a problem for LoadLibrary.
- Regarding the options that were added via C_EXTRA_FLAGS:
- FP_MAX_BITS=16384
- https://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
- "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
- buffer size. You can do this using the define:
- FP_MAX_BITS and setting it to 8192."
- HAVE_SECRET_CALLBACK
- Build wolfSSL with wolfSSL_set_tls13_secret_cb which allows saving TLS 1.3
- secrets to SSLKEYLOGFILE.
- TFM_TIMING_RESISTANT
- https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
- From section 2.4.5 Increasing Performance, USE_FAST_MATH:
- "Because the stack memory usage can be larger when using fastmath, we recommend
- defining TFM_TIMING_RESISTANT as well when using this option."
- USE_WOLF_STRTOK
- Build wolfSSL to always use its internal strtok instead of C runtime strtok.
- WOLFSSL_DES_ECB
- Build wolfSSL with wolfSSL_DES_ecb_encrypt which is needed by libcurl for NTLM.
- WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
- WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
- https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
- Static key cipher suites are deprecated and disabled by default since v3.6.6.
- */
- /* wolfssl options.h
- * generated from configure options
- *
- * Copyright (C) 2006-2022 wolfSSL Inc.
- *
- * This file is part of wolfSSL. (formerly known as CyaSSL)
- *
- */
- #ifndef WOLFSSL_OPTIONS_H
- #define WOLFSSL_OPTIONS_H
- #ifdef __cplusplus
- extern "C" {
- #endif
- #undef FP_MAX_BITS
- #define FP_MAX_BITS 16384
- #undef HAVE_SECRET_CALLBACK
- #define HAVE_SECRET_CALLBACK
- #undef TFM_TIMING_RESISTANT
- #define TFM_TIMING_RESISTANT
- #undef USE_WOLF_STRTOK
- #define USE_WOLF_STRTOK
- #undef WOLFSSL_DES_ECB
- #define WOLFSSL_DES_ECB
- #undef WOLFSSL_STATIC_DH
- #define WOLFSSL_STATIC_DH
- #undef WOLFSSL_STATIC_RSA
- #define WOLFSSL_STATIC_RSA
- #undef TFM_TIMING_RESISTANT
- #define TFM_TIMING_RESISTANT
- #undef ECC_TIMING_RESISTANT
- #define ECC_TIMING_RESISTANT
- #undef WC_RSA_BLINDING
- #define WC_RSA_BLINDING
- #undef WOLFSSL_USE_ALIGN
- #define WOLFSSL_USE_ALIGN
- #undef WOLFSSL_RIPEMD
- #define WOLFSSL_RIPEMD
- #undef WOLFSSL_SHA512
- #define WOLFSSL_SHA512
- #undef WOLFSSL_SHA384
- #define WOLFSSL_SHA384
- #undef SESSION_CERTS
- #define SESSION_CERTS
- #undef HAVE_HKDF
- #define HAVE_HKDF
- #undef HAVE_ECC
- #define HAVE_ECC
- #undef TFM_ECC256
- #define TFM_ECC256
- #undef ECC_SHAMIR
- #define ECC_SHAMIR
- #undef WOLFSSL_ALLOW_TLSV10
- #define WOLFSSL_ALLOW_TLSV10
- #undef WC_RSA_PSS
- #define WC_RSA_PSS
- #undef NO_HC128
- #define NO_HC128
- #undef NO_RABBIT
- #define NO_RABBIT
- #undef HAVE_POLY1305
- #define HAVE_POLY1305
- #undef HAVE_ONE_TIME_AUTH
- #define HAVE_ONE_TIME_AUTH
- #undef HAVE_CHACHA
- #define HAVE_CHACHA
- #undef HAVE_HASHDRBG
- #define HAVE_HASHDRBG
- #undef HAVE_TLS_EXTENSIONS
- #define HAVE_TLS_EXTENSIONS
- #undef HAVE_SNI
- #define HAVE_SNI
- #undef HAVE_TLS_EXTENSIONS
- #define HAVE_TLS_EXTENSIONS
- #undef HAVE_ALPN
- #define HAVE_ALPN
- #undef HAVE_TLS_EXTENSIONS
- #define HAVE_TLS_EXTENSIONS
- #undef HAVE_SUPPORTED_CURVES
- #define HAVE_SUPPORTED_CURVES
- #undef HAVE_FFDHE_2048
- #define HAVE_FFDHE_2048
- #undef HAVE_SUPPORTED_CURVES
- #define HAVE_SUPPORTED_CURVES
- #undef WOLFSSL_TLS13
- #define WOLFSSL_TLS13
- #undef HAVE_TLS_EXTENSIONS
- #define HAVE_TLS_EXTENSIONS
- #undef HAVE_EXTENDED_MASTER
- #define HAVE_EXTENDED_MASTER
- #undef WOLFSSL_ALT_CERT_CHAINS
- #define WOLFSSL_ALT_CERT_CHAINS
- #undef WOLFSSL_TEST_CERT
- #define WOLFSSL_TEST_CERT
- #undef NO_RC4
- #define NO_RC4
- #undef HAVE_ENCRYPT_THEN_MAC
- #define HAVE_ENCRYPT_THEN_MAC
- #undef NO_PSK
- #define NO_PSK
- #undef NO_MD4
- #define NO_MD4
- #undef WOLFSSL_ENCRYPTED_KEYS
- #define WOLFSSL_ENCRYPTED_KEYS
- #undef USE_FAST_MATH
- #define USE_FAST_MATH
- #undef WC_NO_ASYNC_THREADING
- #define WC_NO_ASYNC_THREADING
- #undef HAVE_DH_DEFAULT_PARAMS
- #define HAVE_DH_DEFAULT_PARAMS
- #undef WOLFSSL_CERT_GEN
- #define WOLFSSL_CERT_GEN
- #undef OPENSSL_EXTRA
- #define OPENSSL_EXTRA
- #undef WOLFSSL_ALWAYS_VERIFY_CB
- #define WOLFSSL_ALWAYS_VERIFY_CB
- #undef WOLFSSL_VERIFY_CB_ALL_CERTS
- #define WOLFSSL_VERIFY_CB_ALL_CERTS
- #undef WOLFSSL_EXTRA_ALERTS
- #define WOLFSSL_EXTRA_ALERTS
- #undef HAVE_EXT_CACHE
- #define HAVE_EXT_CACHE
- #undef WOLFSSL_FORCE_CACHE_ON_TICKET
- #define WOLFSSL_FORCE_CACHE_ON_TICKET
- #undef WOLFSSL_AKID_NAME
- #define WOLFSSL_AKID_NAME
- #undef HAVE_CTS
- #define HAVE_CTS
- #undef GCM_TABLE_4BIT
- #define GCM_TABLE_4BIT
- #undef HAVE_AESGCM
- #define HAVE_AESGCM
- #undef HAVE_WC_INTROSPECTION
- #define HAVE_WC_INTROSPECTION
- #ifdef __cplusplus
- }
- #endif
- #endif /* WOLFSSL_OPTIONS_H */
|