forked from wolfSSL/wolfssl
Add option to disable OPENSSL_COMPATIBLE_DEFAULTS
This commit is contained in:
Juliusz Sosinowicz
9
.github/workflows/packaging.yml
vendored
9
.github/workflows/packaging.yml
vendored
@ -16,7 +16,14 @@ jobs:
|
|||||||
- name: Configure wolfSSL
|
- name: Configure wolfSSL
|
||||||
run: |
|
run: |
|
||||||
autoreconf -ivf
|
autoreconf -ivf
|
||||||
./configure --enable-distro --disable-examples --disable-silent-rules
|
./configure --enable-distro --enable-all \
|
||||||
|
--disable-openssl-compatible-defaults --enable-intelasm \
|
||||||
|
--enable-dtls13 --enable-dtls-mtu \
|
||||||
|
--enable-sp-asm --disable-examples --disable-silent-rules
|
||||||
|
|
||||||
|
- name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
|
||||||
|
run: |
|
||||||
|
! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
|
||||||
|
|
||||||
- name: Build wolfSSL .deb
|
- name: Build wolfSSL .deb
|
||||||
run: make deb-docker
|
run: make deb-docker
|
||||||
|
|||||||
35
configure.ac
35
configure.ac
@ -8114,20 +8114,33 @@ AC_ARG_ENABLE([sys-ca-certs],
|
|||||||
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
|
# (for now checking both C_FLAGS and C_EXTRA_FLAGS)
|
||||||
AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
|
AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
|
||||||
|
|
||||||
|
# Allows disabling the OPENSSL_COMPATIBLE_DEFAULTS macro
|
||||||
|
AC_ARG_ENABLE([openssl-compatible-defaults],
|
||||||
|
[AS_HELP_STRING([--disable-openssl-compatible-defaults],[Disable OpenSSL compatible defaults when enabled by other options (default: enabled)])],
|
||||||
|
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=$enableval ],
|
||||||
|
[ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes ]
|
||||||
|
)
|
||||||
|
|
||||||
AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
|
AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
|
||||||
[ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
|
[FOUND_OPENSSL_COMPATIBLE_DEFAULTS=yes])
|
||||||
if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
|
if test "x$FOUND_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
|
||||||
then
|
then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
|
if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
|
then
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
|
||||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
|
||||||
ENABLED_TRUSTED_PEER_CERT=yes
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
|
||||||
|
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
|
||||||
|
ENABLED_TRUSTED_PEER_CERT=yes
|
||||||
|
else
|
||||||
|
CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
||||||
|
CPPFLAGS=$(printf "%s" "$CPPFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
||||||
|
AM_CFLAGS=$(printf "%s" "$AM_CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# determine if we have key validation mechanism
|
# determine if we have key validation mechanism
|
||||||
|
|||||||
Reference in New Issue
Block a user