Add option to disable OPENSSL_COMPATIBLE_DEFAULTS

2025-07-29 18:27:29 +02:00 · 2023-10-04 15:44:51 +02:00
parent 96205fc80d
commit 8ce8359bd7
2 changed files with 32 additions and 12 deletions
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@ -16,7 +16,14 @@ jobs:
      - name: Configure wolfSSL
        run: |
          autoreconf -ivf
-          ./configure --enable-distro --disable-examples --disable-silent-rules
+          ./configure --enable-distro --enable-all \
+            --disable-openssl-compatible-defaults --enable-intelasm \
+            --enable-dtls13 --enable-dtls-mtu \
+            --enable-sp-asm --disable-examples --disable-silent-rules
+
+      - name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
+        run: |
+          ! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h

      - name: Build wolfSSL .deb
        run: make deb-docker
--- a/configure.ac
+++ b/configure.ac
@ -8114,20 +8114,33 @@ AC_ARG_ENABLE([sys-ca-certs],
 # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
 AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])

+# Allows disabling the OPENSSL_COMPATIBLE_DEFAULTS macro
+AC_ARG_ENABLE([openssl-compatible-defaults],
+    [AS_HELP_STRING([--disable-openssl-compatible-defaults],[Disable OpenSSL compatible defaults when enabled by other options (default: enabled)])],
+    [ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=$enableval ],
+    [ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes ]
+    )

 AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
-    [ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
-if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
+    [FOUND_OPENSSL_COMPATIBLE_DEFAULTS=yes])
+if test "x$FOUND_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
-    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
-    ENABLED_TRUSTED_PEER_CERT=yes
+    if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
+        AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
+        ENABLED_TRUSTED_PEER_CERT=yes
+    else
+        CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+        CPPFLAGS=$(printf "%s" "$CPPFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+        AM_CFLAGS=$(printf "%s" "$AM_CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+    fi
 fi

 # determine if we have key validation mechanism