libs/wolfssl: add SAN (Subject Alternative Name) support
authorSergey V. Lobanov <sergey@lobanov.in>
Fri, 24 Dec 2021 23:04:50 +0000 (02:04 +0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Sat, 12 Feb 2022 19:27:27 +0000 (20:27 +0100)
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit dfd695f4b9f364a7c7db646d2cada10fdf304f02)

package/libs/wolfssl/Config.in
package/libs/wolfssl/Makefile

index e78974c23d12c4620ccbdce0951efc75a544d255..9b5ee6f021897dedac45ae6477a8732a489beb83 100644 (file)
@@ -51,6 +51,10 @@ config WOLFSSL_HAS_ECC25519
        bool "Include ECC Curve 25519 support"
        default y
 
+config WOLFSSL_ALT_NAMES
+       bool "Include SAN (Subject Alternative Name) support"
+       default y
+
 config WOLFSSL_HAS_DEVCRYPTO
        bool
 
index 47501306c88c8be72dc88f39ddfdea323a4823c9..1b6dca09a3b09a52f8683c91cd10199d51fb85eb 100644 (file)
@@ -31,7 +31,8 @@ PKG_CONFIG_DEPENDS:=\
        CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \
        CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
        CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
-       CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN
+       CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
+       CONFIG_WOLFSSL_ALT_NAMES
 
 PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
 
@@ -63,7 +64,8 @@ TARGET_CFLAGS += \
        -fomit-frame-pointer \
        -flto \
        -DFP_MAX_BITS=8192 \
-       -DWOLFSSL_ALT_CERT_CHAINS
+       -DWOLFSSL_ALT_CERT_CHAINS \
+       $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
 
 TARGET_LDFLAGS += -flto