build-wolfssl will copy to the wolfSSL include directories and will result in
maximum compatibility.
-These configure flags were used in MinGW to generate the options in this file:
-
---enable-opensslextra
---enable-aesgcm
---enable-ripemd
---enable-sha512
---enable-dh
---enable-dsa
---enable-ecc
---enable-sni
---enable-fastmath
---enable-sessioncerts
---enable-certgen
---enable-testcert
---enable-alpn
-C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"
+These are the configure options that were used to build wolfSSL v3.9.0 in mingw
+and generate the options in this file:
+
+C_EXTRA_FLAGS="\
+ -Wno-attributes \
+ -Wno-unused-but-set-variable \
+ -DFP_MAX_BITS=16384 \
+ -DTFM_TIMING_RESISTANT \
+ -DWOLFSSL_STATIC_DH \
+ -DWOLFSSL_STATIC_RSA \
+ " \
+./configure --prefix=/usr/local \
+ --enable-aesgcm \
+ --enable-alpn \
+ --enable-certgen \
+ --enable-dh \
+ --enable-dsa \
+ --enable-ecc \
+ --enable-fastmath \
+ --enable-opensslextra \
+ --enable-ripemd \
+ --enable-sessioncerts \
+ --enable-sha512 \
+ --enable-sni \
+ --enable-sslv3 \
+ --enable-testcert \
+ > config.out 2>&1
Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
-are inapplicable for our Visual Studio build.
+are inapplicable for our Visual Studio build. Currently thread local storage is
+only used by the Fixed Point cache ECC which we're not enabling. However even
+if we later may decide to enable the cache it will fallback on mutexes when
+thread local storage is not available. wolfSSL is using __declspec(thread) to
+create the thread local storage and that could be a problem for LoadLibrary.
-Regarding the two options that were added via C_EXTRA_FLAGS:
+Regarding the options that were added via C_EXTRA_FLAGS:
FP_MAX_BITS=16384
http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
From section 2.4.5 Increasing Performance, USE_FAST_MATH:
"Because the stack memory usage can be larger when using fastmath, we recommend
defining TFM_TIMING_RESISTANT as well when using this option."
+
+WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
+WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
+https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
+Static key cipher suites are deprecated and disabled by default since v3.6.6.
*/
/* wolfssl options.h
*
*/
-#pragma once
+#ifndef WOLFSSL_OPTIONS_H
+#define WOLFSSL_OPTIONS_H
+
#ifdef __cplusplus
extern "C" {
#undef TFM_TIMING_RESISTANT
#define TFM_TIMING_RESISTANT
+#undef WOLFSSL_STATIC_DH
+#define WOLFSSL_STATIC_DH
+
+#undef WOLFSSL_STATIC_RSA
+#define WOLFSSL_STATIC_RSA
+
#undef OPENSSL_EXTRA
#define OPENSSL_EXTRA
#undef ECC_SHAMIR
#define ECC_SHAMIR
-#undef NO_PSK
-#define NO_PSK
+#undef WOLFSSL_ALLOW_SSLV3
+#define WOLFSSL_ALLOW_SSLV3
#undef NO_RC4
#define NO_RC4
-#undef NO_MD4
-#define NO_MD4
-
#undef NO_HC128
#define NO_HC128
#undef HAVE_SNI
#define HAVE_SNI
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_ALPN
+#define HAVE_ALPN
+
+#undef HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
#undef WOLFSSL_TEST_CERT
#define WOLFSSL_TEST_CERT
+#undef NO_PSK
+#define NO_PSK
+
+#undef NO_MD4
+#define NO_MD4
+
#undef USE_FAST_MATH
#define USE_FAST_MATH
-#undef HAVE_ALPN
-#define HAVE_ALPN
#ifdef __cplusplus
}
#endif
+
+#endif /* WOLFSSL_OPTIONS_H */
+
projects / curl / commitdiff