From c4400a15fb76bb5d56dc94161326d2aadffb143e Mon Sep 17 00:00:00 2001 From: Lealem Amedie Date: Tue, 28 Apr 2026 08:10:10 -0600 Subject: [PATCH] Address copilot feedback --- configure.ac | 2 +- wolfssl/wolfcrypt/oid_sum.h | 20 ++++++++++---------- wolfssl/wolfcrypt/settings.h | 5 +++++ 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/configure.ac b/configure.ac index 186c23c457..1972989f5b 100644 --- a/configure.ac +++ b/configure.ac @@ -1653,7 +1653,7 @@ fi AC_ARG_ENABLE([tailscale], [AS_HELP_STRING([--enable-tailscale],[Enable Tailscale build dependencies (default: disabled)])], [ ENABLED_TAILSCALE=$enableval ], - [ ENABLED_TAILSCALE=no ] + [ ENABLED_TAILSCALE=${enable_tailscale:-no} ] ) if test "$ENABLED_TAILSCALE" = "yes" then diff --git a/wolfssl/wolfcrypt/oid_sum.h b/wolfssl/wolfcrypt/oid_sum.h index 5e83664f7d..a85b6fb7c5 100644 --- a/wolfssl/wolfcrypt/oid_sum.h +++ b/wolfssl/wolfcrypt/oid_sum.h @@ -412,6 +412,10 @@ enum Extensions_Sum { ISSUE_ALT_NAMES_OID = 132, /* 2.5.29.18 */ /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x18 */ TLS_FEATURE_OID = 92, /* 1.3.6.1.5.5.7.1.24 */ +#ifdef WOLFSSL_ACME_OID + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x1f */ + ACME_IDENTIFIER_OID = 99, /* 1.3.6.1.5.5.7.1.31 */ +#endif /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x07 */ DNS_SRV_OID = 82, /* 1.3.6.1.5.5.7.8.7 */ /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01 */ @@ -431,11 +435,7 @@ enum Extensions_Sum { /* 0x55,0x1d,0x49 */ ALT_SIG_ALG_OID = 187, /* 2.5.29.73 */ /* 0x55,0x1d,0x4a */ - ALT_SIG_VAL_OID = 188, /* 2.5.29.74 */ -#ifdef WOLFSSL_ACME_OID - /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x1f */ - ACME_IDENTIFIER_OID = 99 /* 1.3.6.1.5.5.7.1.31 */ -#endif + ALT_SIG_VAL_OID = 188 /* 2.5.29.74 */ #else /* 0x55,0x1d,0x13 */ BASIC_CA_OID = 0x7fec1daa, /* 2.5.29.19 */ @@ -473,6 +473,10 @@ enum Extensions_Sum { ISSUE_ALT_NAMES_OID = 0x7fed1daa, /* 2.5.29.18 */ /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x18 */ TLS_FEATURE_OID = 0x1d00012e, /* 1.3.6.1.5.5.7.1.24 */ +#ifdef WOLFSSL_ACME_OID + /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x1f */ + ACME_IDENTIFIER_OID = 0x1a00012e, /* 1.3.6.1.5.5.7.1.31 */ +#endif /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x08,0x07 */ DNS_SRV_OID = 0x0209012e, /* 1.3.6.1.5.5.7.8.7 */ /* 0x60,0x86,0x48,0x01,0x86,0xf8,0x42,0x01,0x01 */ @@ -492,11 +496,7 @@ enum Extensions_Sum { /* 0x55,0x1d,0x49 */ ALT_SIG_ALG_OID = 0x7fb61daa, /* 2.5.29.73 */ /* 0x55,0x1d,0x4a */ - ALT_SIG_VAL_OID = 0x7fb51daa, /* 2.5.29.74 */ -#ifdef WOLFSSL_ACME_OID - /* 0x2b,0x06,0x01,0x05,0x05,0x07,0x01,0x1f */ - ACME_IDENTIFIER_OID = 0x1a00012e /* 1.3.6.1.5.5.7.1.31 */ -#endif + ALT_SIG_VAL_OID = 0x7fb51daa /* 2.5.29.74 */ #endif }; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1dfc05a909..952e4645f9 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -558,6 +558,11 @@ #define HAVE_OID_DECODING #endif /* WOLFSSL_DUAL_ALG_CERTS */ +/* RFC 8737 id-pe-acmeIdentifier (TLS-ALPN-01) requires SHA-256. */ +#if defined(WOLFSSL_ACME_OID) && defined(NO_SHA256) + #undef WOLFSSL_ACME_OID +#endif + #if defined(_WIN32) && !defined(_M_X64) && \ defined(HAVE_AESGCM) && defined(WOLFSSL_AESNI)