From 534056297fc70b212f75368bc517eb163b3c5658 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 31 May 2017 01:40:39 -0400 Subject: [PATCH] build-wolfssl: Sync config with wolfSSL 3.11 wolfSSL configure script relevant changes from 3.10 to 3.11: - Async threading support added; disabled by default without async crypto, which continues to be disabled by default. wolfSSL configure script relevant changes from 3.11 to 3.11.1 (beta): - TLS 1.3 beta support added; disabled by default. For experimenting I put in a comment block the defines needed to enable TLS 1.3 support (ie the equivalent of --enable-tls13). --- projects/wolfssl_options.h | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h index d0ece9640..f6af47cab 100644 --- a/projects/wolfssl_options.h +++ b/projects/wolfssl_options.h @@ -5,7 +5,7 @@ To remedy this issue for libcurl I've generated this options file that build-wolfssl will copy to the wolfSSL include directories and will result in maximum compatibility. -These are the configure options that were used to build wolfSSL v3.10.0 in +These are the configure options that were used to build wolfSSL v3.11.0 in mingw and generate the options in this file: C_EXTRA_FLAGS="\ @@ -96,6 +96,28 @@ extern "C" { #undef OPENSSL_EXTRA #define OPENSSL_EXTRA +/* +The commented out defines below are the equivalent of --enable-tls13. +Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta. +This is for experimenting only, afaict TLS 1.3 support doesn't appear to be +functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943 + +#undef WC_RSA_PSS +#define WC_RSA_PSS + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_FFDHE_2048 +#define HAVE_FFDHE_2048 + +#undef HAVE_HKDF +#define HAVE_HKDF +*/ + #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT @@ -189,6 +211,9 @@ extern "C" { #undef USE_FAST_MATH #define USE_FAST_MATH +#undef WC_NO_ASYNC_THREADING +#define WC_NO_ASYNC_THREADING + #ifdef __cplusplus }