mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add REAMDE note about static cipher suites disabled and compiler error detection

Browse Source
This commit is contained in:
toddouska 2015-08-20 17:11:00 -07:00
parent 2f1836d985
commit a47af476d1
3 changed files with 36 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
README
View File

@ -1,24 +1,22 @@
*** Notes, Please read *** *** Notes, Please read ***
Note 1) Note 1)
wolfSSL now needs all examples and tests to be run from the wolfSSL home wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
directory. This is because it finds certs and keys from ./certs/. Trying to longer supports static key cipher suites with PSK, RSA, or ECDH. This means
maintain the ability to run each program from its own directory, the testsuite if you plan to use TLS cipher suites you must enable DH (DH is on by default),
directory, the main directory (for make check/test), and for the various or enable ECC (ECC is on by default on 64bit systems), or you must enable static
different project layouts (with or without config) was becoming harder and key cipher suites with
harder. Now to run testsuite just do: WOLFSSL_STATI_DH
WOLFSSL_STATIC_RSA
or
WOLFSSL_STATIC_PSK
./testsuite/testsuite though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS.
or
make check (when using autoconf)
On *nix or Windows the examples and testsuite will check to see if the current
directory is the source directory and if so, attempt to change to the wolfSSL
home directory. This should work in most setup cases, if not, just follow the
beginning of the note and specify the full path.
When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
in the event that you desire that, i.e., you're not using TLS cipher suites.
Note 2) Note 2)
wolfSSL takes a different approach to certificate verification than OpenSSL wolfSSL takes a different approach to certificate verification than OpenSSL

33
README.md
View File

@ -2,27 +2,27 @@
## Note 1 ## Note 1
``` ```
wolfSSL now needs all examples and tests to be run from the wolfSSL home wolfSSL as of 3.6.6 no longer enables SSLv3 by default. wolfSSL also no
directory. This is because it finds certs and keys from ./certs/. Trying to longer supports static key cipher suites with PSK, RSA, or ECDH. This means
maintain the ability to run each program from its own directory, the testsuite if you plan to use TLS cipher suites you must enable DH (DH is on by default),
directory, the main directory (for make check/test), and for the various or enable ECC (ECC is on by default on 64bit systems), or you must enable static
different project layouts (with or without config) was becoming harder and key cipher suites with
harder. Now to run testsuite just do: WOLFSSL_STATI_DH
WOLFSSL_STATIC_RSA
or
WOLFSSL_STATIC_PSK
./testsuite/testsuite though static key cipher suites are deprecated and will be removed from future
versions of TLS. They also lower your security by removing PFS.
or When compiling ssl.c wolfSSL will now issue a comipler error if no cipher suites
are available. You can remove this error by defining WOLFSSL_ALLOW_NO_SUITES
make check (when using autoconf) in the event that you desire that, i.e., you're not using TLS cipher suites.
On *nix or Windows the examples and testsuite will check to see if the current
directory is the source directory and if so, attempt to change to the wolfSSL
home directory. This should work in most setup cases, if not, just follow the
beginning of the note and specify the full path.
``` ```
## Note 2 ## Note 2
``` ```
wolfSSL takes a different approach to certificate verification than OpenSSL wolfSSL takes a different approach to certificate verification than OpenSSL
does. The default policy for the client is to verify the server, this means does. The default policy for the client is to verify the server, this means
that if you don't load CAs to verify the server you'll get a connect error, that if you don't load CAs to verify the server you'll get a connect error,
@ -35,9 +35,6 @@ wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new(); Though it's not recommended. before calling wolfSSL_new(); Though it's not recommended.
``` ```
- GNU Binutils 2.24 ld has problems with some debug builds, to fix an ld error
add -fdebug-types-section to C_EXTRA_FLAGS
#wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015) #wolfSSL (Formerly CyaSSL) Release 3.6.6 (08/20/2015)
##Release 3.6.6 of wolfSSL has bug fixes and new features including: ##Release 3.6.6 of wolfSSL has bug fixes and new features including:

7
src/ssl.c
View File

@ -33,6 +33,13 @@
#include <wolfssl/error-ssl.h> #include <wolfssl/error-ssl.h>
#include <wolfssl/wolfcrypt/coding.h> #include <wolfssl/wolfcrypt/coding.h>
#ifndef WOLFSSL_ALLOW_NO_SUITES
#if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
&& !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK)
#error "No cipher suites defined becuase DH disabled, ECC disabled, and no static suites defined. Please see top of README"
#endif
#endif
#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
defined(WOLFSSL_KEY_GEN) defined(WOLFSSL_KEY_GEN)
#include <wolfssl/openssl/evp.h> #include <wolfssl/openssl/evp.h>