diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h index 40c34e5d7..b668daaf5 100644 --- a/projects/wolfssl_options.h +++ b/projects/wolfssl_options.h @@ -5,27 +5,42 @@ To remedy this issue for libcurl I've generated this options file that build-wolfssl will copy to the wolfSSL include directories and will result in maximum compatibility. -These configure flags were used in MinGW to generate the options in this file: +These are the configure options that were used to build wolfSSL v3.9.0 in mingw +and generate the options in this file: ---enable-opensslextra ---enable-aesgcm ---enable-ripemd ---enable-sha512 ---enable-dh ---enable-dsa ---enable-ecc ---enable-sni ---enable-fastmath ---enable-sessioncerts ---enable-certgen ---enable-testcert ---enable-alpn -C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT" +C_EXTRA_FLAGS="\ + -Wno-attributes \ + -Wno-unused-but-set-variable \ + -DFP_MAX_BITS=16384 \ + -DTFM_TIMING_RESISTANT \ + -DWOLFSSL_STATIC_DH \ + -DWOLFSSL_STATIC_RSA \ + " \ +./configure --prefix=/usr/local \ + --enable-aesgcm \ + --enable-alpn \ + --enable-certgen \ + --enable-dh \ + --enable-dsa \ + --enable-ecc \ + --enable-fastmath \ + --enable-opensslextra \ + --enable-ripemd \ + --enable-sessioncerts \ + --enable-sha512 \ + --enable-sni \ + --enable-sslv3 \ + --enable-testcert \ + > config.out 2>&1 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they -are inapplicable for our Visual Studio build. +are inapplicable for our Visual Studio build. Currently thread local storage is +only used by the Fixed Point cache ECC which we're not enabling. However even +if we later may decide to enable the cache it will fallback on mutexes when +thread local storage is not available. wolfSSL is using __declspec(thread) to +create the thread local storage and that could be a problem for LoadLibrary. -Regarding the two options that were added via C_EXTRA_FLAGS: +Regarding the options that were added via C_EXTRA_FLAGS: FP_MAX_BITS=16384 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html @@ -38,6 +53,11 @@ https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html From section 2.4.5 Increasing Performance, USE_FAST_MATH: "Because the stack memory usage can be larger when using fastmath, we recommend defining TFM_TIMING_RESISTANT as well when using this option." + +WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers +WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers +https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1 +Static key cipher suites are deprecated and disabled by default since v3.6.6. */ /* wolfssl options.h @@ -49,7 +69,9 @@ defining TFM_TIMING_RESISTANT as well when using this option." * */ -#pragma once +#ifndef WOLFSSL_OPTIONS_H +#define WOLFSSL_OPTIONS_H + #ifdef __cplusplus extern "C" { @@ -61,6 +83,12 @@ extern "C" { #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT +#undef WOLFSSL_STATIC_DH +#define WOLFSSL_STATIC_DH + +#undef WOLFSSL_STATIC_RSA +#define WOLFSSL_STATIC_RSA + #undef OPENSSL_EXTRA #define OPENSSL_EXTRA @@ -91,15 +119,12 @@ extern "C" { #undef ECC_SHAMIR #define ECC_SHAMIR -#undef NO_PSK -#define NO_PSK +#undef WOLFSSL_ALLOW_SSLV3 +#define WOLFSSL_ALLOW_SSLV3 #undef NO_RC4 #define NO_RC4 -#undef NO_MD4 -#define NO_MD4 - #undef NO_HC128 #define NO_HC128 @@ -124,16 +149,32 @@ extern "C" { #undef HAVE_SNI #define HAVE_SNI +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_ALPN +#define HAVE_ALPN + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + #undef WOLFSSL_TEST_CERT #define WOLFSSL_TEST_CERT +#undef NO_PSK +#define NO_PSK + +#undef NO_MD4 +#define NO_MD4 + #undef USE_FAST_MATH #define USE_FAST_MATH -#undef HAVE_ALPN -#define HAVE_ALPN #ifdef __cplusplus } #endif + +#endif /* WOLFSSL_OPTIONS_H */ +