From 7d376e6e528f2d34e2f71f99f2f2f545a4dd63f2 Mon Sep 17 00:00:00 2001 From: "Sergey V. Lobanov" Date: Sat, 25 Dec 2021 02:04:50 +0300 Subject: [PATCH] libs/wolfssl: add SAN (Subject Alternative Name) support x509v3 SAN extension is required to generate a certificate compatible with chromium-based web browsers (version >58) It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES Signed-off-by: Sergey V. Lobanov (cherry picked from commit dfd695f4b9f364a7c7db646d2cada10fdf304f02) --- package/libs/wolfssl/Config.in | 4 ++++ package/libs/wolfssl/Makefile | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in index e78974c23d..9b5ee6f021 100644 --- a/package/libs/wolfssl/Config.in +++ b/package/libs/wolfssl/Config.in @@ -51,6 +51,10 @@ config WOLFSSL_HAS_ECC25519 bool "Include ECC Curve 25519 support" default y +config WOLFSSL_ALT_NAMES + bool "Include SAN (Subject Alternative Name) support" + default y + config WOLFSSL_HAS_DEVCRYPTO bool diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 47501306c8..1b6dca09a3 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -31,7 +31,8 @@ PKG_CONFIG_DEPENDS:=\ CONFIG_WOLFSSL_HAS_DH CONFIG_WOLFSSL_HAS_DTLS \ CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \ CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \ - CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN + CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \ + CONFIG_WOLFSSL_ALT_NAMES PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS))) @@ -63,7 +64,8 @@ TARGET_CFLAGS += \ -fomit-frame-pointer \ -flto \ -DFP_MAX_BITS=8192 \ - -DWOLFSSL_ALT_CERT_CHAINS + -DWOLFSSL_ALT_CERT_CHAINS \ + $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES) TARGET_LDFLAGS += -flto -- 2.30.2