Home | History | Annotate | Download | only in projects 
      1 /*
      2 By default wolfSSL has a very conservative configuration that can result in
      3 connections to servers failing due to certificate or algorithm problems.
      4 To remedy this issue for libcurl I've generated this options file that
      5 build-wolfssl will copy to the wolfSSL include directories and will result in
      6 maximum compatibility.
      7 
      8 These are the configure options that were used to build wolfSSL v3.9.0 in mingw
      9 and generate the options in this file:
     10 
     11 C_EXTRA_FLAGS="\
     12   -Wno-attributes \
     13   -Wno-unused-but-set-variable \
     14   -DFP_MAX_BITS=16384 \
     15   -DTFM_TIMING_RESISTANT \
     16   -DWOLFSSL_STATIC_DH \
     17   -DWOLFSSL_STATIC_RSA \
     18   " \
     19 ./configure --prefix=/usr/local \
     20   --enable-aesgcm \
     21   --enable-alpn \
     22   --enable-certgen \
     23   --enable-dh \
     24   --enable-dsa \
     25   --enable-ecc \
     26   --enable-fastmath \
     27   --enable-opensslextra \
     28   --enable-ripemd \
     29   --enable-sessioncerts \
     30   --enable-sha512 \
     31   --enable-sni \
     32   --enable-sslv3 \
     33   --enable-supportedcurves \
     34   --enable-testcert \
     35   > config.out 2>&1
     36 
     37 Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
     38 are inapplicable for our Visual Studio build. Currently thread local storage is
     39 only used by the Fixed Point cache ECC which we're not enabling. However even
     40 if we later may decide to enable the cache it will fallback on mutexes when
     41 thread local storage is not available. wolfSSL is using __declspec(thread) to
     42 create the thread local storage and that could be a problem for LoadLibrary.
     43 
     44 Regarding the options that were added via C_EXTRA_FLAGS:
     45 
     46 FP_MAX_BITS=16384
     47 http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
     48 "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
     49 buffer size.  You can do this using the define:
     50 FP_MAX_BITS and setting it to 8192."
     51 
     52 TFM_TIMING_RESISTANT
     53 https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
     54 From section 2.4.5 Increasing Performance, USE_FAST_MATH:
     55 "Because the stack memory usage can be larger when using fastmath, we recommend
     56 defining TFM_TIMING_RESISTANT as well when using this option."
     57 
     58 WOLFSSL_STATIC_DH:    Allow TLS_ECDH_ ciphers
     59 WOLFSSL_STATIC_RSA:   Allow TLS_RSA_ ciphers
     60 https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
     61 Static key cipher suites are deprecated and disabled by default since v3.6.6.
     62 */
     63 
     64 /* wolfssl options.h
     65  * generated from configure options
     66  *
     67  * Copyright (C) 2006-2015 wolfSSL Inc.
     68  *
     69  * This file is part of wolfSSL. (formerly known as CyaSSL)
     70  *
     71  */
     72 
     73 #ifndef WOLFSSL_OPTIONS_H
     74 #define WOLFSSL_OPTIONS_H
     75 
     76 
     77 #ifdef __cplusplus
     78 extern "C" {
     79 #endif
     80 
     81 #undef  FP_MAX_BITS
     82 #define FP_MAX_BITS 16384
     83 
     84 #undef  TFM_TIMING_RESISTANT
     85 #define TFM_TIMING_RESISTANT
     86 
     87 #undef  WOLFSSL_STATIC_DH
     88 #define WOLFSSL_STATIC_DH
     89 
     90 #undef  WOLFSSL_STATIC_RSA
     91 #define WOLFSSL_STATIC_RSA
     92 
     93 #undef  OPENSSL_EXTRA
     94 #define OPENSSL_EXTRA
     95 
     96 #undef  HAVE_AESGCM
     97 #define HAVE_AESGCM
     98 
     99 #undef  WOLFSSL_RIPEMD
    100 #define WOLFSSL_RIPEMD
    101 
    102 #undef  WOLFSSL_SHA512
    103 #define WOLFSSL_SHA512
    104 
    105 #undef  WOLFSSL_SHA384
    106 #define WOLFSSL_SHA384
    107 
    108 #undef  SESSION_CERTS
    109 #define SESSION_CERTS
    110 
    111 #undef  WOLFSSL_CERT_GEN
    112 #define WOLFSSL_CERT_GEN
    113 
    114 #undef  HAVE_ECC
    115 #define HAVE_ECC
    116 
    117 #undef  TFM_ECC256
    118 #define TFM_ECC256
    119 
    120 #undef  ECC_SHAMIR
    121 #define ECC_SHAMIR
    122 
    123 #undef  WOLFSSL_ALLOW_SSLV3
    124 #define WOLFSSL_ALLOW_SSLV3
    125 
    126 #undef  NO_RC4
    127 #define NO_RC4
    128 
    129 #undef  NO_HC128
    130 #define NO_HC128
    131 
    132 #undef  NO_RABBIT
    133 #define NO_RABBIT
    134 
    135 #undef  HAVE_POLY1305
    136 #define HAVE_POLY1305
    137 
    138 #undef  HAVE_ONE_TIME_AUTH
    139 #define HAVE_ONE_TIME_AUTH
    140 
    141 #undef  HAVE_CHACHA
    142 #define HAVE_CHACHA
    143 
    144 #undef  HAVE_HASHDRBG
    145 #define HAVE_HASHDRBG
    146 
    147 #undef  HAVE_TLS_EXTENSIONS
    148 #define HAVE_TLS_EXTENSIONS
    149 
    150 #undef  HAVE_SNI
    151 #define HAVE_SNI
    152 
    153 #undef  HAVE_TLS_EXTENSIONS
    154 #define HAVE_TLS_EXTENSIONS
    155 
    156 #undef  HAVE_ALPN
    157 #define HAVE_ALPN
    158 
    159 #undef  HAVE_TLS_EXTENSIONS
    160 #define HAVE_TLS_EXTENSIONS
    161 
    162 #undef  HAVE_SUPPORTED_CURVES
    163 #define HAVE_SUPPORTED_CURVES
    164 
    165 #undef  WOLFSSL_TEST_CERT
    166 #define WOLFSSL_TEST_CERT
    167 
    168 #undef  NO_PSK
    169 #define NO_PSK
    170 
    171 #undef  NO_MD4
    172 #define NO_MD4
    173 
    174 #undef  USE_FAST_MATH
    175 #define USE_FAST_MATH
    176 
    177 
    178 #ifdef __cplusplus
    179 }
    180 #endif
    181 
    182 
    183 #endif /* WOLFSSL_OPTIONS_H */
    184 
    185