blob: c30d0977712a1722b20109ae88d79dc7ef88fe35 [file] [log] [blame]
xf.li6c8fc1e2023-08-12 00:11:09 -07001/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 * SPDX-License-Identifier: curl
22 *
23 ***************************************************************************/
24/*
25By default wolfSSL has a very conservative configuration that can result in
26connections to servers failing due to certificate or algorithm problems.
27To remedy this issue for libcurl I've generated this options file that
28build-wolfssl will copy to the wolfSSL include directories and will result in
29maximum compatibility.
30
31These are the configure options that were used to build wolfSSL v5.1.1 in
32mingw and generate the options in this file:
33
34C_EXTRA_FLAGS="\
35 -Wno-attributes \
36 -Wno-unused-but-set-variable \
37 -DFP_MAX_BITS=16384 \
38 -DHAVE_SECRET_CALLBACK \
39 -DTFM_TIMING_RESISTANT \
40 -DUSE_WOLF_STRTOK \
41 -DWOLFSSL_DES_ECB \
42 -DWOLFSSL_STATIC_DH \
43 -DWOLFSSL_STATIC_RSA \
44 " \
45./configure --prefix=/usr/local \
46 --disable-jobserver \
47 --enable-aesgcm \
48 --enable-alpn \
49 --enable-altcertchains \
50 --enable-certgen \
51 --enable-des3 \
52 --enable-dh \
53 --enable-dsa \
54 --enable-ecc \
55 --enable-eccshamir \
56 --enable-fastmath \
57 --enable-opensslextra \
58 --enable-ripemd \
59 --enable-sessioncerts \
60 --enable-sha512 \
61 --enable-sni \
62 --enable-tlsv10 \
63 --enable-supportedcurves \
64 --enable-tls13 \
65 --enable-testcert \
66 > config.out 2>&1
67
68Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they
69are inapplicable for our Visual Studio build. Currently thread local storage is
70only used by the Fixed Point cache ECC which we're not enabling. However even
71if we later may decide to enable the cache it will fallback on mutexes when
72thread local storage is not available. wolfSSL is using __declspec(thread) to
73create the thread local storage and that could be a problem for LoadLibrary.
74
75Regarding the options that were added via C_EXTRA_FLAGS:
76
77FP_MAX_BITS=16384
78https://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html
79"Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath
80buffer size. You can do this using the define:
81FP_MAX_BITS and setting it to 8192."
82
83HAVE_SECRET_CALLBACK
84Build wolfSSL with wolfSSL_set_tls13_secret_cb which allows saving TLS 1.3
85secrets to SSLKEYLOGFILE.
86
87TFM_TIMING_RESISTANT
88https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html
89From section 2.4.5 Increasing Performance, USE_FAST_MATH:
90"Because the stack memory usage can be larger when using fastmath, we recommend
91defining TFM_TIMING_RESISTANT as well when using this option."
92
93USE_WOLF_STRTOK
94Build wolfSSL to always use its internal strtok instead of C runtime strtok.
95
96WOLFSSL_DES_ECB
97Build wolfSSL with wolfSSL_DES_ecb_encrypt which is needed by libcurl for NTLM.
98
99WOLFSSL_STATIC_DH: Allow TLS_ECDH_ ciphers
100WOLFSSL_STATIC_RSA: Allow TLS_RSA_ ciphers
101https://github.com/wolfSSL/wolfssl/blob/v3.6.6/README.md#note-1
102Static key cipher suites are deprecated and disabled by default since v3.6.6.
103*/
104
105/* wolfssl options.h
106 * generated from configure options
107 *
108 * Copyright (C) 2006-2022 wolfSSL Inc.
109 *
110 * This file is part of wolfSSL. (formerly known as CyaSSL)
111 *
112 */
113
114#ifndef WOLFSSL_OPTIONS_H
115#define WOLFSSL_OPTIONS_H
116
117
118#ifdef __cplusplus
119extern "C" {
120#endif
121
122#undef FP_MAX_BITS
123#define FP_MAX_BITS 16384
124
125#undef HAVE_SECRET_CALLBACK
126#define HAVE_SECRET_CALLBACK
127
128#undef TFM_TIMING_RESISTANT
129#define TFM_TIMING_RESISTANT
130
131#undef USE_WOLF_STRTOK
132#define USE_WOLF_STRTOK
133
134#undef WOLFSSL_DES_ECB
135#define WOLFSSL_DES_ECB
136
137#undef WOLFSSL_STATIC_DH
138#define WOLFSSL_STATIC_DH
139
140#undef WOLFSSL_STATIC_RSA
141#define WOLFSSL_STATIC_RSA
142
143#undef TFM_TIMING_RESISTANT
144#define TFM_TIMING_RESISTANT
145
146#undef ECC_TIMING_RESISTANT
147#define ECC_TIMING_RESISTANT
148
149#undef WC_RSA_BLINDING
150#define WC_RSA_BLINDING
151
152#undef WOLFSSL_USE_ALIGN
153#define WOLFSSL_USE_ALIGN
154
155#undef WOLFSSL_RIPEMD
156#define WOLFSSL_RIPEMD
157
158#undef WOLFSSL_SHA512
159#define WOLFSSL_SHA512
160
161#undef WOLFSSL_SHA384
162#define WOLFSSL_SHA384
163
164#undef SESSION_CERTS
165#define SESSION_CERTS
166
167#undef HAVE_HKDF
168#define HAVE_HKDF
169
170#undef HAVE_ECC
171#define HAVE_ECC
172
173#undef TFM_ECC256
174#define TFM_ECC256
175
176#undef ECC_SHAMIR
177#define ECC_SHAMIR
178
179#undef WOLFSSL_ALLOW_TLSV10
180#define WOLFSSL_ALLOW_TLSV10
181
182#undef WC_RSA_PSS
183#define WC_RSA_PSS
184
185#undef NO_HC128
186#define NO_HC128
187
188#undef NO_RABBIT
189#define NO_RABBIT
190
191#undef HAVE_POLY1305
192#define HAVE_POLY1305
193
194#undef HAVE_ONE_TIME_AUTH
195#define HAVE_ONE_TIME_AUTH
196
197#undef HAVE_CHACHA
198#define HAVE_CHACHA
199
200#undef HAVE_HASHDRBG
201#define HAVE_HASHDRBG
202
203#undef HAVE_TLS_EXTENSIONS
204#define HAVE_TLS_EXTENSIONS
205
206#undef HAVE_SNI
207#define HAVE_SNI
208
209#undef HAVE_TLS_EXTENSIONS
210#define HAVE_TLS_EXTENSIONS
211
212#undef HAVE_ALPN
213#define HAVE_ALPN
214
215#undef HAVE_TLS_EXTENSIONS
216#define HAVE_TLS_EXTENSIONS
217
218#undef HAVE_SUPPORTED_CURVES
219#define HAVE_SUPPORTED_CURVES
220
221#undef HAVE_FFDHE_2048
222#define HAVE_FFDHE_2048
223
224#undef HAVE_SUPPORTED_CURVES
225#define HAVE_SUPPORTED_CURVES
226
227#undef WOLFSSL_TLS13
228#define WOLFSSL_TLS13
229
230#undef HAVE_TLS_EXTENSIONS
231#define HAVE_TLS_EXTENSIONS
232
233#undef HAVE_EXTENDED_MASTER
234#define HAVE_EXTENDED_MASTER
235
236#undef WOLFSSL_ALT_CERT_CHAINS
237#define WOLFSSL_ALT_CERT_CHAINS
238
239#undef WOLFSSL_TEST_CERT
240#define WOLFSSL_TEST_CERT
241
242#undef NO_RC4
243#define NO_RC4
244
245#undef HAVE_ENCRYPT_THEN_MAC
246#define HAVE_ENCRYPT_THEN_MAC
247
248#undef NO_PSK
249#define NO_PSK
250
251#undef NO_MD4
252#define NO_MD4
253
254#undef WOLFSSL_ENCRYPTED_KEYS
255#define WOLFSSL_ENCRYPTED_KEYS
256
257#undef USE_FAST_MATH
258#define USE_FAST_MATH
259
260#undef WC_NO_ASYNC_THREADING
261#define WC_NO_ASYNC_THREADING
262
263#undef HAVE_DH_DEFAULT_PARAMS
264#define HAVE_DH_DEFAULT_PARAMS
265
266#undef WOLFSSL_CERT_GEN
267#define WOLFSSL_CERT_GEN
268
269#undef OPENSSL_EXTRA
270#define OPENSSL_EXTRA
271
272#undef WOLFSSL_ALWAYS_VERIFY_CB
273#define WOLFSSL_ALWAYS_VERIFY_CB
274
275#undef WOLFSSL_VERIFY_CB_ALL_CERTS
276#define WOLFSSL_VERIFY_CB_ALL_CERTS
277
278#undef WOLFSSL_EXTRA_ALERTS
279#define WOLFSSL_EXTRA_ALERTS
280
281#undef HAVE_EXT_CACHE
282#define HAVE_EXT_CACHE
283
284#undef WOLFSSL_FORCE_CACHE_ON_TICKET
285#define WOLFSSL_FORCE_CACHE_ON_TICKET
286
287#undef WOLFSSL_AKID_NAME
288#define WOLFSSL_AKID_NAME
289
290#undef HAVE_CTS
291#define HAVE_CTS
292
293#undef GCM_TABLE_4BIT
294#define GCM_TABLE_4BIT
295
296#undef HAVE_AESGCM
297#define HAVE_AESGCM
298
299#undef HAVE_WC_INTROSPECTION
300#define HAVE_WC_INTROSPECTION
301
302
303#ifdef __cplusplus
304}
305#endif
306
307
308#endif /* WOLFSSL_OPTIONS_H */