From 1a94c0bbdd462ef3c195fe84a155486c1b175f07 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 22 Aug 2016 10:00:37 -0600
Subject: [PATCH 1/3] add distro build option

---
 configure.ac | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/configure.ac b/configure.ac
index ed283b5ef..106157df8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -125,6 +125,73 @@ AS_IF([test "$ax_enable_debug" = "yes"],
       [AM_CFLAGS="$AM_CFLAGS -DNDEBUG"])
 
 
+# Distro build feature subset (Debian, Ubuntu, etc.)
+AC_ARG_ENABLE([distro],
+    [  --enable-distro         Enable wolfSSL distro build (default: disabled)],
+    [ ENABLED_DISTRO=$enableval ],
+    [ ENABLED_DISTRO=no ]
+    )
+if test "$ENABLED_DISTRO" = "yes"
+then
+    enable_shared=yes
+    enable_static=yes
+    enable_dtls=yes
+    enable_openssh=yes
+    enable_opensslextra=yes
+    enable_savesession=yes
+    enable_savecert=yes
+    enable_atomicuser=yes
+    enable_pkcallbacks=yes
+    enable_sniffer=yes
+    enable_aesgcm=yes
+    enable_aesccm=yes
+    enable_camellia=yes
+    enable_ripemd=yes
+    enable_sha512=yes
+    enable_sessioncerts=yes
+    enable_keygen=yes
+    enable_certgen=yes
+    enable_certreq=yes
+    enable_certext=yes
+    enable_sep=yes
+    enable_hkdf=yes
+    enable_dsa=yes
+    enable_ecccustcurves=yes
+    enable_compkey=yes
+    enable_curve25519=yes
+    enable_ed25519=yes
+    enable_fpecc=yes
+    enable_eccencrypt=yes
+    enable_psk=yes
+    enable_idea=yes
+    enable_arc4=yes
+    enable_cmac=yes
+    enable_webserver=yes
+    enable_hc128=yes
+    enable_rabbit=yes
+    enable_ocsp=yes
+    enable_ocspstapling=yes
+    enable_ocspstapling2=yes
+    enable_crl=yes
+    enable_crl_monitor=yes
+    enable_sni=yes
+    enable_maxfragment=yes
+    enable_alpn=yes
+    enable_truncatedhmac=yes
+    enable_supportedcurves=yes
+    enable_session_ticket=yes
+    enable_tlsx=yes
+    enable_pkcs7=yes
+    enable_scep=yes
+    enable_srp=yes
+    enable_certservice=yes
+    enable_jni=yes
+    enable_lighty=yes
+    enable_stunnel=yes
+    enable_pwdbased=yes
+fi
+
+
 # SINGLE THREADED
 AC_ARG_ENABLE([singlethreaded],
     [  --enable-singlethreaded Enable wolfSSL single threaded (default: disabled)],
@@ -2986,6 +3053,7 @@ echo "   * Filesystem:                 $ENABLED_FILESYSTEM"
 echo "   * OpenSSH Build:              $ENABLED_OPENSSH"
 echo "   * OpenSSL Extra API:          $ENABLED_OPENSSLEXTRA"
 echo "   * Max Strength Build:         $ENABLED_MAXSTRENGTH"
+echo "   * Distro Build:               $ENABLED_DISTRO"
 echo "   * fastmath:                   $ENABLED_FASTMATH"
 echo "   * sniffer:                    $ENABLED_SNIFFER"
 echo "   * snifftest:                  $ENABLED_SNIFFTEST"

From 45c8ed143660f30626bda57a8e74fbf9f8681335 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 22 Aug 2016 14:18:35 -0600
Subject: [PATCH 2/3] remove -X from ocsp stapling tests that are not external

---
 scripts/ocsp-stapling.test  |  4 ++--
 scripts/ocsp-stapling2.test | 12 ++++++------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/ocsp-stapling.test b/scripts/ocsp-stapling.test
index 82869ca28..e8984b0aa 100755
--- a/scripts/ocsp-stapling.test
+++ b/scripts/ocsp-stapling.test
@@ -25,14 +25,14 @@ sleep 1
 # client test against our own server - GOOD CERT
 ./examples/server/server -c certs/ocsp/server1-cert.pem -k certs/ocsp/server1-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 # client test against our own server - REVOKED CERT
 ./examples/server/server -c certs/ocsp/server2-cert.pem -k certs/ocsp/server2-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 
diff --git a/scripts/ocsp-stapling2.test b/scripts/ocsp-stapling2.test
index 9bdc2f5d9..16bd81823 100755
--- a/scripts/ocsp-stapling2.test
+++ b/scripts/ocsp-stapling2.test
@@ -16,39 +16,39 @@ sleep 1
 # client test against our own server - GOOD CERTS
 ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 ./examples/server/server -c certs/ocsp/server3-cert.pem -k certs/ocsp/server3-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1
 
 # client test against our own server - REVOKED SERVER CERT
 ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 
 ./examples/server/server -c certs/ocsp/server4-cert.pem -k certs/ocsp/server4-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 
 # client test against our own server - REVOKED INTERMEDIATE CERT
 ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 1
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1
 RESULT=$?
 [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed $RESULT" && exit 1
 
 ./examples/server/server -c certs/ocsp/server5-cert.pem -k certs/ocsp/server5-key.pem &
 sleep 1
-./examples/client/client -X -C -A certs/ocsp/root-ca-cert.pem -W 2
+./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2
 RESULT=$?
 [ $RESULT -ne 1 ] && echo -e "\n\nClient connection suceeded $RESULT" && exit 1
 

From 91ccf1bd8672917070bf52de78158d62c77f8019 Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 22 Aug 2016 15:33:45 -0600
Subject: [PATCH 3/3] do not enable ARC4 or sniffer in distro build

---
 configure.ac | 2 --
 1 file changed, 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 106157df8..09f387adb 100644
--- a/configure.ac
+++ b/configure.ac
@@ -142,7 +142,6 @@ then
     enable_savecert=yes
     enable_atomicuser=yes
     enable_pkcallbacks=yes
-    enable_sniffer=yes
     enable_aesgcm=yes
     enable_aesccm=yes
     enable_camellia=yes
@@ -164,7 +163,6 @@ then
     enable_eccencrypt=yes
     enable_psk=yes
     enable_idea=yes
-    enable_arc4=yes
     enable_cmac=yes
     enable_webserver=yes
     enable_hc128=yes