wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Configure: add option to enable alternate certificate chains (#4455)

Browse Source
This commit is contained in:
elms
2021-10-06 18:14:51 -07:00
committed by GitHub
parent 9d2082f7e1
commit 8c178118a4
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
configure.ac
View File

@ -4085,6 +4085,21 @@ then
AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER" AM_CFLAGS="$AM_CFLAGS -DASN_BER_TO_DER"
fi fi
# Alternate certification chains, as oppossed to requiring full chain validataion.
# Certificate validation behavior is relaxed, similar to openssl and
# browsers. Only the peer certificate must validate to a trusted
# certificate. Without this, all certificates sent by a peer must be
# used in the trust chain or the connection will be rejected.
AC_ARG_ENABLE([altcertchains],
[AS_HELP_STRING([--enable-altcertchains],[Enable using alternative certificate chains, only require leaf certificate to validate to trust root (default: disabled)])],
[ ENABLED_ALT_CERT_CHAINS=$enableval ],
[ ENABLED_ALT_CERT_CHAINS=no ]
)
if test "x$ENABLED_ALT_CERT_CHAINS" = "xyes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
fi
# Small Stack - Cache on object # Small Stack - Cache on object
AC_ARG_ENABLE([smallstackcache], AC_ARG_ENABLE([smallstackcache],