wolfssl_options.h
Go to the documentation of this file.
1 /*
2 By default wolfSSL has a very conservative configuration that can result in
3 connections to servers failing due to certificate or algorithm problems.
4 To remedy this issue for libcurl I've generated this options file that
5 build-wolfssl will copy to the wolfSSL include directories and will result in
6 maximum compatibility.
7 
8 These are the configure options that were used to build wolfSSL v3.11.0 in
9 mingw and generate the options in this file:
10 
11 C_EXTRA_FLAGS="\
12  -Wno-attributes \
13  -Wno-unused-but-set-variable \
14  -DFP_MAX_BITS=16384 \
15  -DTFM_TIMING_RESISTANT \
16  -DWOLFSSL_STATIC_DH \
17  -DWOLFSSL_STATIC_RSA \
18  " \
19 ./configure --prefix=/usr/local \
20  --disable-jobserver \
21  --enable-aesgcm \
22  --enable-alpn \
23  --enable-certgen \
24  --enable-des3 \
25  --enable-dh \
26  --enable-dsa \
27  --enable-ecc \
28  --enable-eccshamir \
29  --enable-fastmath \
30  --enable-opensslextra \
31  --enable-ripemd \
32  --enable-sessioncerts \
33  --enable-sha512 \
34  --enable-sni \
35  --enable-sslv3 \
36  --enable-supportedcurves \
37  --enable-testcert \
38  > config.out 2>&1
39 
40 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
41 are inapplicable for our Visual Studio build. Currently thread local storage is
42 only used by the Fixed Point cache ECC which we're not enabling. However even
43 if we later may decide to enable the cache it will fallback on mutexes when
44 thread local storage is not available. wolfSSL is using __declspec(thread) to
45 create the thread local storage and that could be a problem for LoadLibrary.
46 
47 Regarding the options that were added via C_EXTRA_FLAGS:
48 
49 FP_MAX_BITS=16384
50 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
51 "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
52 buffer size. You can do this using the define:
53 FP_MAX_BITS and setting it to 8192."
54 
55 TFM_TIMING_RESISTANT
56 https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
57 From section 2.4.5 Increasing Performance, USE_FAST_MATH:
58 "Because the stack memory usage can be larger when using fastmath, we recommend
59 defining TFM_TIMING_RESISTANT as well when using this option."
60 
61 WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
62 WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
63 https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
64 Static key cipher suites are deprecated and disabled by default since v3.6.6.
65 */
66 
67 /* wolfssl options.h
68  * generated from configure options
69  *
70  * Copyright (C) 2006-2015 wolfSSL Inc.
71  *
72  * This file is part of wolfSSL. (formerly known as CyaSSL)
73  *
74  */
75 
76 #ifndef WOLFSSL_OPTIONS_H
77 #define WOLFSSL_OPTIONS_H
78 
79 
80 #ifdef __cplusplus
81 extern "C" {
82 #endif
83 
84 #undef FP_MAX_BITS
85 #define FP_MAX_BITS 16384
86 
87 #undef TFM_TIMING_RESISTANT
88 #define TFM_TIMING_RESISTANT
89 
90 #undef WOLFSSL_STATIC_DH
91 #define WOLFSSL_STATIC_DH
92 
93 #undef WOLFSSL_STATIC_RSA
94 #define WOLFSSL_STATIC_RSA
95 
96 #undef OPENSSL_EXTRA
97 #define OPENSSL_EXTRA
98 
99 /*
100 The commented out defines below are the equivalent of --enable-tls13.
101 Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta.
102 This is for experimenting only, afaict TLS 1.3 support doesn't appear to be
103 functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943
104 
105 #undef WC_RSA_PSS
106 #define WC_RSA_PSS
107 
108 #undef WOLFSSL_TLS13
109 #define WOLFSSL_TLS13
110 
111 #undef HAVE_TLS_EXTENSIONS
112 #define HAVE_TLS_EXTENSIONS
113 
114 #undef HAVE_FFDHE_2048
115 #define HAVE_FFDHE_2048
116 
117 #undef HAVE_HKDF
118 #define HAVE_HKDF
119 */
120 
121 #undef TFM_TIMING_RESISTANT
122 #define TFM_TIMING_RESISTANT
123 
124 #undef ECC_TIMING_RESISTANT
125 #define ECC_TIMING_RESISTANT
126 
127 #undef WC_RSA_BLINDING
128 #define WC_RSA_BLINDING
129 
130 #undef HAVE_AESGCM
131 #define HAVE_AESGCM
132 
133 #undef WOLFSSL_RIPEMD
134 #define WOLFSSL_RIPEMD
135 
136 #undef WOLFSSL_SHA512
137 #define WOLFSSL_SHA512
138 
139 #undef WOLFSSL_SHA384
140 #define WOLFSSL_SHA384
141 
142 #undef SESSION_CERTS
143 #define SESSION_CERTS
144 
145 #undef WOLFSSL_CERT_GEN
146 #define WOLFSSL_CERT_GEN
147 
148 #undef HAVE_ECC
149 #define HAVE_ECC
150 
151 #undef TFM_ECC256
152 #define TFM_ECC256
153 
154 #undef ECC_SHAMIR
155 #define ECC_SHAMIR
156 
157 #undef WOLFSSL_ALLOW_SSLV3
158 #define WOLFSSL_ALLOW_SSLV3
159 
160 #undef NO_RC4
161 #define NO_RC4
162 
163 #undef NO_HC128
164 #define NO_HC128
165 
166 #undef NO_RABBIT
167 #define NO_RABBIT
168 
169 #undef HAVE_POLY1305
170 #define HAVE_POLY1305
171 
172 #undef HAVE_ONE_TIME_AUTH
173 #define HAVE_ONE_TIME_AUTH
174 
175 #undef HAVE_CHACHA
176 #define HAVE_CHACHA
177 
178 #undef HAVE_HASHDRBG
179 #define HAVE_HASHDRBG
180 
181 #undef HAVE_TLS_EXTENSIONS
182 #define HAVE_TLS_EXTENSIONS
183 
184 #undef HAVE_SNI
185 #define HAVE_SNI
186 
187 #undef HAVE_TLS_EXTENSIONS
188 #define HAVE_TLS_EXTENSIONS
189 
190 #undef HAVE_ALPN
191 #define HAVE_ALPN
192 
193 #undef HAVE_TLS_EXTENSIONS
194 #define HAVE_TLS_EXTENSIONS
195 
196 #undef HAVE_SUPPORTED_CURVES
197 #define HAVE_SUPPORTED_CURVES
198 
199 #undef HAVE_EXTENDED_MASTER
200 #define HAVE_EXTENDED_MASTER
201 
202 #undef WOLFSSL_TEST_CERT
203 #define WOLFSSL_TEST_CERT
204 
205 #undef NO_PSK
206 #define NO_PSK
207 
208 #undef NO_MD4
209 #define NO_MD4
210 
211 #undef USE_FAST_MATH
212 #define USE_FAST_MATH
213 
214 #undef WC_NO_ASYNC_THREADING
215 #define WC_NO_ASYNC_THREADING
216 
217 
218 #ifdef __cplusplus
219 }
220 #endif
221 
222 
223 #endif /* WOLFSSL_OPTIONS_H */
224 

rc_tagdetect_client
Author(s): Monika Florek-Jasinska , Raphael Schaller
autogenerated on Sat Feb 13 2021 03:42:17