libs/wolfssl: add SAN (Subject Alternative Name) support

x509v3 SAN extension is required to generate a certificate compatible with chromium-based web browsers (version >58) It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit dfd695f4b9)
2021-12-25 02:04:50 +03:00 · 2021-12-25 02:04:50 +03:00 · 736a3977cf
commit 736a3977cf
parent 1689eefe60
2 changed files with 7 additions and 2 deletions
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@ -55,6 +55,10 @@ config WOLFSSL_HAS_OPENVPN
 	bool "Include OpenVPN support"
 	default n

+config WOLFSSL_ALT_NAMES
+	bool "Include SAN (Subject Alternative Name) support"
+	default y
+
 config WOLFSSL_HAS_DEVCRYPTO
 	bool

--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@ -32,7 +32,7 @@ PKG_CONFIG_DEPENDS:=\
 	CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
 	CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
 	CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
-	CONFIG_WOLFSSL_HAS_OPENVPN
+	CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES

 include $(INCLUDE_DIR)/package.mk

@ -62,7 +62,8 @@ TARGET_CFLAGS += \
 	-fomit-frame-pointer \
 	-flto \
 	-DFP_MAX_BITS=8192 \
-	-DWOLFSSL_ALT_CERT_CHAINS
+	-DWOLFSSL_ALT_CERT_CHAINS \
+	$(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)

 TARGET_LDFLAGS += -flto