Configure: add option to enable alternate certificate chains (#4455)

2021-10-06 18:14:51 -07:00
parent 9d2082f7e1
commit 8c178118a4
1 changed files with 15 additions and 0 deletions
--- a/configure.ac
+++ b/configure.ac
@ -4085,6 +4085,21 @@ then
    AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
 fi

+# Alternate certification chains, as oppossed to requiring full chain validataion.
+# Certificate validation behavior is relaxed, similar to openssl and
+# browsers. Only the peer certificate must validate to a trusted
+# certificate. Without this, all certificates sent by a peer must be
+# used in the trust chain or the connection will be rejected.
+AC_ARG_ENABLE([altcertchains],
+    [AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])],
+    [ ENABLED_ALT_CERT_CHAINS=$enableval ],
+    [ ENABLED_ALT_CERT_CHAINS=no ]
+    )
+
+if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
+fi

 # Small Stack - Cache on object
 AC_ARG_ENABLE([smallstackcache],