rc_visard_driver: wolfssl_options.h Source File

Go to the documentation of this file.
00001 /*
00002 By default wolfSSL has a very conservative configuration that can result in
00003 connections to servers failing due to certificate or algorithm problems.
00004 To remedy this issue for libcurl I've generated this options file that
00005 build-wolfssl will copy to the wolfSSL include directories and will result in
00006 maximum compatibility.
00007 
00008 These are the configure options that were used to build wolfSSL v3.9.0 in mingw
00009 and generate the options in this file:
00010 
00011 C_EXTRA_FLAGS="\
00012   -Wno-attributes \
00013   -Wno-unused-but-set-variable \
00014   -DFP_MAX_BITS=16384 \
00015   -DTFM_TIMING_RESISTANT \
00016   -DWOLFSSL_STATIC_DH \
00017   -DWOLFSSL_STATIC_RSA \
00018   " \
00019 ./configure --prefix=/usr/local \
00020   --enable-aesgcm \
00021   --enable-alpn \
00022   --enable-certgen \
00023   --enable-dh \
00024   --enable-dsa \
00025   --enable-ecc \
00026   --enable-fastmath \
00027   --enable-opensslextra \
00028   --enable-ripemd \
00029   --enable-sessioncerts \
00030   --enable-sha512 \
00031   --enable-sni \
00032   --enable-sslv3 \
00033   --enable-supportedcurves \
00034   --enable-testcert \
00035   > config.out 2>&1
00036 
00037 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
00038 are inapplicable for our Visual Studio build. Currently thread local storage is
00039 only used by the Fixed Point cache ECC which we're not enabling. However even
00040 if we later may decide to enable the cache it will fallback on mutexes when
00041 thread local storage is not available. wolfSSL is using __declspec(thread) to
00042 create the thread local storage and that could be a problem for LoadLibrary.
00043 
00044 Regarding the options that were added via C_EXTRA_FLAGS:
00045 
00046 FP_MAX_BITS=16384
00047 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
00048 "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
00049 buffer size.  You can do this using the define:
00050 FP_MAX_BITS and setting it to 8192."
00051 
00052 TFM_TIMING_RESISTANT
00053 https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
00054 From section 2.4.5 Increasing Performance, USE_FAST_MATH:
00055 "Because the stack memory usage can be larger when using fastmath, we recommend
00056 defining TFM_TIMING_RESISTANT as well when using this option."
00057 
00058 WOLFSSL_STATIC_DH:    Allow TLS_ECDH_ ciphers
00059 WOLFSSL_STATIC_RSA:   Allow TLS_RSA_ ciphers
00060 https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
00061 Static key cipher suites are deprecated and disabled by default since v3.6.6.
00062 */
00063 
00064 /* wolfssl options.h
00065  * generated from configure options
00066  *
00067  * Copyright (C) 2006-2015 wolfSSL Inc.
00068  *
00069  * This file is part of wolfSSL. (formerly known as CyaSSL)
00070  *
00071  */
00072 
00073 #ifndef WOLFSSL_OPTIONS_H
00074 #define WOLFSSL_OPTIONS_H
00075 
00076 
00077 #ifdef __cplusplus
00078 extern "C" {
00079 #endif
00080 
00081 #undef  FP_MAX_BITS
00082 #define FP_MAX_BITS 16384
00083 
00084 #undef  TFM_TIMING_RESISTANT
00085 #define TFM_TIMING_RESISTANT
00086 
00087 #undef  WOLFSSL_STATIC_DH
00088 #define WOLFSSL_STATIC_DH
00089 
00090 #undef  WOLFSSL_STATIC_RSA
00091 #define WOLFSSL_STATIC_RSA
00092 
00093 #undef  OPENSSL_EXTRA
00094 #define OPENSSL_EXTRA
00095 
00096 #undef  HAVE_AESGCM
00097 #define HAVE_AESGCM
00098 
00099 #undef  WOLFSSL_RIPEMD
00100 #define WOLFSSL_RIPEMD
00101 
00102 #undef  WOLFSSL_SHA512
00103 #define WOLFSSL_SHA512
00104 
00105 #undef  WOLFSSL_SHA384
00106 #define WOLFSSL_SHA384
00107 
00108 #undef  SESSION_CERTS
00109 #define SESSION_CERTS
00110 
00111 #undef  WOLFSSL_CERT_GEN
00112 #define WOLFSSL_CERT_GEN
00113 
00114 #undef  HAVE_ECC
00115 #define HAVE_ECC
00116 
00117 #undef  TFM_ECC256
00118 #define TFM_ECC256
00119 
00120 #undef  ECC_SHAMIR
00121 #define ECC_SHAMIR
00122 
00123 #undef  WOLFSSL_ALLOW_SSLV3
00124 #define WOLFSSL_ALLOW_SSLV3
00125 
00126 #undef  NO_RC4
00127 #define NO_RC4
00128 
00129 #undef  NO_HC128
00130 #define NO_HC128
00131 
00132 #undef  NO_RABBIT
00133 #define NO_RABBIT
00134 
00135 #undef  HAVE_POLY1305
00136 #define HAVE_POLY1305
00137 
00138 #undef  HAVE_ONE_TIME_AUTH
00139 #define HAVE_ONE_TIME_AUTH
00140 
00141 #undef  HAVE_CHACHA
00142 #define HAVE_CHACHA
00143 
00144 #undef  HAVE_HASHDRBG
00145 #define HAVE_HASHDRBG
00146 
00147 #undef  HAVE_TLS_EXTENSIONS
00148 #define HAVE_TLS_EXTENSIONS
00149 
00150 #undef  HAVE_SNI
00151 #define HAVE_SNI
00152 
00153 #undef  HAVE_TLS_EXTENSIONS
00154 #define HAVE_TLS_EXTENSIONS
00155 
00156 #undef  HAVE_ALPN
00157 #define HAVE_ALPN
00158 
00159 #undef  HAVE_TLS_EXTENSIONS
00160 #define HAVE_TLS_EXTENSIONS
00161 
00162 #undef  HAVE_SUPPORTED_CURVES
00163 #define HAVE_SUPPORTED_CURVES
00164 
00165 #undef  WOLFSSL_TEST_CERT
00166 #define WOLFSSL_TEST_CERT
00167 
00168 #undef  NO_PSK
00169 #define NO_PSK
00170 
00171 #undef  NO_MD4
00172 #define NO_MD4
00173 
00174 #undef  USE_FAST_MATH
00175 #define USE_FAST_MATH
00176 
00177 
00178 #ifdef __cplusplus
00179 }
00180 #endif
00181 
00182 
00183 #endif /* WOLFSSL_OPTIONS_H */
00184