| /* |
| By default wolfSSL has a very conservative configuration that can result in |
| connections to servers failing due to certificate or algorithm problems. |
| To remedy this issue for libcurl I've generated this options file that |
| build-wolfssl will copy to the wolfSSL include directories and will result in |
| maximum compatibility. |
| |
| These configure flags were used in MinGW to generate the options in this file: |
| |
| --enable-opensslextra |
| --enable-aesgcm |
| --enable-ripemd |
| --enable-sha512 |
| --enable-dh |
| --enable-dsa |
| --enable-ecc |
| --enable-sni |
| --enable-fastmath |
| --enable-sessioncerts |
| --enable-certgen |
| --enable-testcert |
| C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT" |
| |
| Two generated options HAVE_THREAD_LS and _POSIX_THREADS were removed since they |
| are inapplicable for our Visual Studio build. |
| |
| Regarding the two options that were added via C_EXTRA_FLAGS: |
| |
| FP_MAX_BITS=16384 |
| http://www.yassl.com/forums/topic423-cacertorgs-ca-cert-verify-failed-but-withdisablefastmath-it-works.html |
| "Since root.crt uses a 4096-bit RSA key, you'll need to increase the fastmath |
| buffer size. You can do this using the define: |
| FP_MAX_BITS and setting it to 8192." |
| |
| TFM_TIMING_RESISTANT |
| https://wolfssl.com/wolfSSL/Docs-wolfssl-manual-2-building-wolfssl.html |
| From section 2.4.5 Increasing Performance, USE_FAST_MATH: |
| "Because the stack memory usage can be larger when using fastmath, we recommend |
| defining TFM_TIMING_RESISTANT as well when using this option." |
| */ |
| |
| /* wolfssl options.h |
| * generated from configure options |
| * |
| * Copyright (C) 2006-2015 wolfSSL Inc. |
| * |
| * This file is part of wolfSSL. (formerly known as CyaSSL) |
| * |
| */ |
| |
| #pragma once |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| #undef FP_MAX_BITS |
| #define FP_MAX_BITS 16384 |
| |
| #undef TFM_TIMING_RESISTANT |
| #define TFM_TIMING_RESISTANT |
| |
| #undef OPENSSL_EXTRA |
| #define OPENSSL_EXTRA |
| |
| #undef HAVE_AESGCM |
| #define HAVE_AESGCM |
| |
| #undef WOLFSSL_RIPEMD |
| #define WOLFSSL_RIPEMD |
| |
| #undef WOLFSSL_SHA512 |
| #define WOLFSSL_SHA512 |
| |
| #undef WOLFSSL_SHA384 |
| #define WOLFSSL_SHA384 |
| |
| #undef SESSION_CERTS |
| #define SESSION_CERTS |
| |
| #undef WOLFSSL_CERT_GEN |
| #define WOLFSSL_CERT_GEN |
| |
| #undef HAVE_ECC |
| #define HAVE_ECC |
| |
| #undef TFM_ECC256 |
| #define TFM_ECC256 |
| |
| #undef ECC_SHAMIR |
| #define ECC_SHAMIR |
| |
| #undef NO_PSK |
| #define NO_PSK |
| |
| #undef NO_RC4 |
| #define NO_RC4 |
| |
| #undef NO_MD4 |
| #define NO_MD4 |
| |
| #undef NO_HC128 |
| #define NO_HC128 |
| |
| #undef NO_RABBIT |
| #define NO_RABBIT |
| |
| #undef HAVE_POLY1305 |
| #define HAVE_POLY1305 |
| |
| #undef HAVE_ONE_TIME_AUTH |
| #define HAVE_ONE_TIME_AUTH |
| |
| #undef HAVE_CHACHA |
| #define HAVE_CHACHA |
| |
| #undef HAVE_HASHDRBG |
| #define HAVE_HASHDRBG |
| |
| #undef HAVE_TLS_EXTENSIONS |
| #define HAVE_TLS_EXTENSIONS |
| |
| #undef HAVE_SNI |
| #define HAVE_SNI |
| |
| #undef WOLFSSL_TEST_CERT |
| #define WOLFSSL_TEST_CERT |
| |
| #undef USE_FAST_MATH |
| #define USE_FAST_MATH |
| |
| |
| #ifdef __cplusplus |
| } |
| #endif |
| |