From: Jay Satiro Date: Wed, 31 May 2017 05:40:39 +0000 (-0400) Subject: build-wolfssl: Sync config with wolfSSL 3.11 X-Git-Tag: curl-7_54_1~68 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=534056297fc70b212f75368bc517eb163b3c5658;p=curl build-wolfssl: Sync config with wolfSSL 3.11 wolfSSL configure script relevant changes from 3.10 to 3.11: - Async threading support added; disabled by default without async crypto, which continues to be disabled by default. wolfSSL configure script relevant changes from 3.11 to 3.11.1 (beta): - TLS 1.3 beta support added; disabled by default. For experimenting I put in a comment block the defines needed to enable TLS 1.3 support (ie the equivalent of --enable-tls13). --- diff --git a/projects/wolfssl_options.h b/projects/wolfssl_options.h index d0ece9640..f6af47cab 100644 --- a/projects/wolfssl_options.h +++ b/projects/wolfssl_options.h @@ -5,7 +5,7 @@ To remedy this issue for libcurl I've generated this options file that build-wolfssl will copy to the wolfSSL include directories and will result in maximum compatibility. -These are the configure options that were used to build wolfSSL v3.10.0 in +These are the configure options that were used to build wolfSSL v3.11.0 in mingw and generate the options in this file: C_EXTRA_FLAGS="\ @@ -96,6 +96,28 @@ extern "C" { #undef OPENSSL_EXTRA #define OPENSSL_EXTRA +/* +The commented out defines below are the equivalent of --enable-tls13. +Uncomment them to build wolfSSL with TLS 1.3 support as of v3.11.1-tls13-beta. +This is for experimenting only, afaict TLS 1.3 support doesn't appear to be +functioning correctly yet. https://github.com/wolfSSL/wolfssl/pull/943 + +#undef WC_RSA_PSS +#define WC_RSA_PSS + +#undef WOLFSSL_TLS13 +#define WOLFSSL_TLS13 + +#undef HAVE_TLS_EXTENSIONS +#define HAVE_TLS_EXTENSIONS + +#undef HAVE_FFDHE_2048 +#define HAVE_FFDHE_2048 + +#undef HAVE_HKDF +#define HAVE_HKDF +*/ + #undef TFM_TIMING_RESISTANT #define TFM_TIMING_RESISTANT @@ -189,6 +211,9 @@ extern "C" { #undef USE_FAST_MATH #define USE_FAST_MATH +#undef WC_NO_ASYNC_THREADING +#define WC_NO_ASYNC_THREADING + #ifdef __cplusplus }