Skip to content

Commit

Permalink
libs/wolfssl: add SAN (Subject Alternative Name) support
Browse files Browse the repository at this point in the history 
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
  • Loading branch information
@svlobanov @chunkeey
svlobanov authored and chunkeey committed Dec 29, 2021
1 parent 2dde241 commit dfd695f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
4 changes: 4 additions & 0 deletions package/libs/wolfssl/Config.in
View file
Expand Up @@ -55,6 +55,10 @@ config WOLFSSL_HAS_OPENVPN
bool "Include OpenVPN support"
default n

config WOLFSSL_ALT_NAMES
bool "Include SAN (Subject Alternative Name) support"
default y

config WOLFSSL_HAS_DEVCRYPTO
bool

Expand Down
5 changes: 3 additions & 2 deletions package/libs/wolfssl/Makefile
View file
Expand Up @@ -32,7 +32,7 @@ PKG_CONFIG_DEPENDS:=\
CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
CONFIG_WOLFSSL_HAS_OPENVPN
CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES

PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))

Expand Down Expand Up @@ -64,7 +64,8 @@ TARGET_CFLAGS += \
-fomit-frame-pointer \
-flto \
-DFP_MAX_BITS=8192 \
-DWOLFSSL_ALT_CERT_CHAINS
-DWOLFSSL_ALT_CERT_CHAINS \
$(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)

TARGET_LDFLAGS += -flto

Expand Down

0 comments on commit dfd695f

Please sign in to comment.