ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-19 05:38:00 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

libs/wolfssl: add SAN (Subject Alternative Name) support

Browse Source 
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit dfd695f4b9)
This commit is contained in:
Sergey V. Lobanov 2021-12-25 02:04:50 +03:00 committed by Hauke Mehrtens
parent 5ea2e1d5ba
commit 7d376e6e52
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/libs/wolfssl/Config.in
View File

@ -51,6 +51,10 @@ config WOLFSSL_HAS_ECC25519
bool "Include ECC Curve 25519 support"
default y
config WOLFSSL_ALT_NAMES
bool "Include SAN (Subject Alternative Name) support"
default y
config WOLFSSL_HAS_DEVCRYPTO
bool

6
package/libs/wolfssl/Makefile
View File

@ -31,7 +31,8 @@ PKG_CONFIG_DEPENDS:=\
CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN
CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
CONFIG_WOLFSSL_ALT_NAMES
PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
@ -63,7 +64,8 @@ TARGET_CFLAGS += \
-fomit-frame-pointer \
-flto \
-DFP_MAX_BITS=8192 \
-DWOLFSSL_ALT_CERT_CHAINS
-DWOLFSSL_ALT_CERT_CHAINS \
$(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
TARGET_LDFLAGS += -flto