libs/wolfssl: add SAN (Subject Alternative Name) support

x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>

diff --git a/package/libs/wolfssl/Config.in b/package/libs/wolfssl/Config.in
index 99c156292c7878ecffcbc37e704999e64f0e4d85..b32d5ab6cbe631c5d42a47ad3b044c6d4b97ef9f 100644 (file)
--- a/package/libs/wolfssl/Config.in
+++ b/package/libs/wolfssl/Config.in
@@ -55,6 +55,10 @@ config WOLFSSL_HAS_OPENVPN
        bool "Include OpenVPN support"
        default n
 
+config WOLFSSL_ALT_NAMES
+       bool "Include SAN (Subject Alternative Name) support"
+       default y
+
 config WOLFSSL_HAS_DEVCRYPTO
        bool
 

diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile
index 93f2cc3ac3022fff26cb6637681eb346d861bd4e..15cfd430eba0766bf37159fb945576c0deff9b6b 100644 (file)
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -32,7 +32,7 @@ PKG_CONFIG_DEPENDS:=\
        CONFIG_WOLFSSL_HAS_ECC25519 CONFIG_WOLFSSL_HAS_OCSP \
        CONFIG_WOLFSSL_HAS_SESSION_TICKET CONFIG_WOLFSSL_HAS_TLSV10 \
        CONFIG_WOLFSSL_HAS_TLSV13 CONFIG_WOLFSSL_HAS_WPAS CONFIG_WOLFSSL_HAS_CERTGEN \
-       CONFIG_WOLFSSL_HAS_OPENVPN
+       CONFIG_WOLFSSL_HAS_OPENVPN CONFIG_WOLFSSL_ALT_NAMES
 
 PKG_ABI_VERSION=$(patsubst %-stable,%,$(PKG_VERSION)).$(call version_abbrev,$(call confvar,$(PKG_CONFIG_DEPENDS)))
 
@@ -64,7 +64,8 @@ TARGET_CFLAGS += \
        -fomit-frame-pointer \
        -flto \
        -DFP_MAX_BITS=8192 \
-       -DWOLFSSL_ALT_CERT_CHAINS
+       -DWOLFSSL_ALT_CERT_CHAINS \
+       $(if $(CONFIG_WOLFSSL_ALT_NAMES),-DWOLFSSL_ALT_NAMES)
 
 TARGET_LDFLAGS += -flto