From 6b89b1f97a14dc947739e7b8c6f522621e63d882 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Wed, 13 Mar 2019 17:56:45 -0700 Subject: [PATCH] Configure Fixes One of the external sites contacted for the OCSP stapling test increased the size of one of their intermediate certificates. The test failed silently as the certificate was ignored. Increased the FP_MAX_BITS so that the test can pass with the enable-all option. That option was setting the FP_MAX_BITS for 3072-bit certificates, and the site in question is using a 4096-bit certificate. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e5f0cecb9..64b2f80cf 100644 --- a/configure.ac +++ b/configure.ac @@ -194,7 +194,7 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" # Enable DH const table speedups (eliminates `-lm` math lib dependency) - AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=6144" + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072 -DFP_MAX_BITS=8192" fi AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])