[openwrt/openwrt] libs/wolfssl: add SAN (Subject Alternative Name) support
LEDE Commits
lede-commits at lists.infradead.org
Sat Feb 12 15:32:46 PST 2022
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-21.02:
https://git.openwrt.org/7d376e6e528f2d34e2f71f99f2f2f545a4dd63f2
commit 7d376e6e528f2d34e2f71f99f2f2f545a4dd63f2
Author: Sergey V. Lobanov <sergey at lobanov.in>
AuthorDate: Sat Dec 25 02:04:50 2021 +0300
libs/wolfssl: add SAN (Subject Alternative Name) support
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey at lobanov.in>
(cherry picked from commit dfd695f4b9f364a7c7db646d2cada10fdf304f02)
---
package/libs/wolfssl/Config.in | 4 ++++
package/libs/wolfssl/Makefile | 6 ++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index e78974c23d..9b5ee6f021 100644
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -51,6 +51,10 @@ config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 25519 support"
default y
+config WOLFSSL_ALT_NAMES
+ bool "Include SAN (Subject Alternative Name) support"
+ default y
+
config WOLFSSL_HAS_DEVCRYPTO
bool
diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 47501306c8..1b6dca09a3 100644
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -31,7 +31,8 @@ PKG_CONFIG_DEPENDS:=\
CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
- CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN
+ CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
+ CONFIG_WOLFSSL_ALT_NAMES
PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
@@ -63,7 +64,8 @@ TARGET_CFLAGS += \
-fomit-frame-pointer \
-flto \
-DFP_MAX_BITS=8192 \
- -DWOLFSSL_ALT_CERT_CHAINS
+ -DWOLFSSL_ALT_CERT_CHAINS \
+ $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
TARGET_LDFLAGS += -flto
More information about the lede-commits
mailing list