Sergey V. Lobanov 6bfc8bb4a3 utils/px5g-wolfssl: make selfsigned certicates compatible with chromium
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication

SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00

51 lines
1.1 KiB
Makefile

# Copyright (C) 2020 Paul Spooren <mail@aparcar.org>
#
# SPDX-License-Identifier: GPL-2.0-or-later
include $(TOPDIR)/rules.mk
PKG_NAME:=px5g-wolfssl
PKG_RELEASE:=$(COMMITCOUNT)
PKG_LICENSE:=GPL-2.0-or-later
PKG_USE_MIPS16:=0
PKG_MAINTAINER:=Paul Spooren <mail@aparcar.org>
PKG_CONFIG_DEPENDS:=CONFIG_WOLFSSL_ALT_NAMES
include $(INCLUDE_DIR)/package.mk
define Package/px5g-wolfssl
SECTION:=utils
CATEGORY:=Utilities
SUBMENU:=Encryption
TITLE:=X.509 certificate generator (using WolfSSL)
DEPENDS:=+libwolfssl
PROVIDES:=px5g
VARIANT:=wolfssl
endef
define Package/px5g-wolfssl/description
Px5g is a tiny X.509 certificate generator.
It suitable to create key files and certificates in DER
and PEM format for use with stunnel, uhttpd and others.
endef
TARGET_LDFLAGS += -lwolfssl
TARGET_CFLAGS += -Wl,--gc-sections
define Build/Compile
$(TARGET_CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) \
-o $(PKG_BUILD_DIR)/px5g px5g-wolfssl.c $(TARGET_LDFLAGS)
endef
define Package/px5g-wolfssl/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/px5g $(1)/usr/sbin/px5g
endef
$(eval $(call BuildPackage,px5g-wolfssl))