Skip to content

Commit

Permalink
Add --disable-tls option that can be used with --enable-all to di…
Browse files Browse the repository at this point in the history
…sable TLS features and set `NO_TLS`. Useful for allowing certificate manager and crypto compatibility API's only.
  • Loading branch information
dgarske authored and gasbytes committed Dec 21, 2024
1 parent 8a2cb9b commit 8c4f5b4
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 13 deletions.
52 changes: 44 additions & 8 deletions configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -917,6 +917,50 @@ then
ENABLED_SP_MATH_ALL="no"
fi

# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])

AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])

# TLS
AC_ARG_ENABLE([tls],
[AS_HELP_STRING([--enable-tls],[Enable TLS support (default: enabled)])],
[ ENABLED_TLS=$enableval ],
[ ENABLED_TLS=yes ]
)

if test "$ENABLED_CRYPTONLY" = "yes"
then
ENABLED_TLS=no
fi
if test "$ENABLED_TLS" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_TLS"
test "$enable_tls13" = "" && enable_tls13=no
test "$enable_tlsv12" = "" && enable_tlsv12=no
test "$enable_tlsv10" = "" && enable_tlsv10=no
test "$enable_dtls" = "" && enable_dtls=no
test "$enable_dtls13" = "" && enable_dtls13=no
test "$enable_mcast" = "" && enable_mcast=no
test "$enable_srtp" = "" && enable_srtp=no
test "$enable_ocsp" = "" && enable_ocsp=no
test "$enable_tlsx" = "" && enable_tlsx=no
test "$enable_sni" = "" && enable_sni=no
test "$enable_sni" = "" && enable_sni=no
test "$enable_crl_monitor" = "" && enable_crl_monitor=no
test "$enable_alpn" = "" && enable_alpn=no
test "$enable_pkcallbacks" = "" && enable_pkcallbacks=no
test "$enable_quic" = "" && enable_quic=no
test "$enable_ech" = "" && enable_ech=no
test "$enable_ocspstapling" = "" && enable_ocspstapling=no

# Disable all open source compatibility enables that might get set with all
test "$enable_all_osp" = "" && enable_all_osp=no
fi


# All features, except conflicting or experimental:
AC_ARG_ENABLE([all],
Expand Down Expand Up @@ -1751,14 +1795,6 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_USE_RWLOCK"
fi

# wolfCrypt Only Build
AC_ARG_ENABLE([cryptonly],
[AS_HELP_STRING([--enable-cryptonly],[Enable wolfCrypt Only build (default: disabled)])],
[ENABLED_CRYPTONLY=$enableval],
[ENABLED_CRYPTONLY=no])

AS_IF([test "x$FIPS_VERSION" = "xrand"],[ENABLED_CRYPTONLY="yes"])

# ECH
AC_ARG_ENABLE([ech],
[AS_HELP_STRING([--enable-ech],[Enable ECH (default: disabled)])],
Expand Down
4 changes: 2 additions & 2 deletions src/internal.c
Original file line number Diff line number Diff line change
Expand Up @@ -13503,8 +13503,8 @@ int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert)
#endif /* WOLFSSL_ACERT */


#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
(defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12))
#if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && !defined(WOLFSSL_NO_TLS12)
static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx,
word32 status_length, int idx)
{
Expand Down
6 changes: 3 additions & 3 deletions tests/api.c
Original file line number Diff line number Diff line change
Expand Up @@ -2341,7 +2341,7 @@ static int test_wolfSSL_CTX_trust_peer_cert(void)
{
EXPECT_DECLS;
#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
!defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
WOLFSSL_CTX *ctx = NULL;
WOLFSSL* ssl = NULL;

Expand Down Expand Up @@ -14580,7 +14580,7 @@ static int test_wolfSSL_UseOCSPStapling(void)
{
EXPECT_DECLS;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
!defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;

Expand Down Expand Up @@ -14625,7 +14625,7 @@ static int test_wolfSSL_UseOCSPStaplingV2(void)
{
EXPECT_DECLS;
#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
!defined(NO_WOLFSSL_CLIENT)
!defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;

Expand Down

0 comments on commit 8c4f5b4

Please sign in to comment.