Merge pull request #6835 from julek-wolfssl/no-ossl-defs-in-release

JacobBarthelmeh · web-flow · commit 2c4556c7970a · 2023-10-05T10:47:50.000-06:00
Add option to disable OPENSSL_COMPATIBLE_DEFAULTS
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
@@ -16,7 +16,14 @@ jobs:
       - name: Configure wolfSSL
         run: |
           autoreconf -ivf
-          ./configure --enable-distro --disable-examples --disable-silent-rules
+          ./configure --enable-distro --enable-all \
+            --disable-openssl-compatible-defaults --enable-intelasm \
+            --enable-dtls13 --enable-dtls-mtu \
+            --enable-sp-asm --disable-examples --disable-silent-rules
+
+      - name: Make sure OPENSSL_COMPATIBLE_DEFAULTS is not present in options.h
+        run: |
+          ! grep OPENSSL_COMPATIBLE_DEFAULTS wolfssl/options.h
 
       - name: Build wolfSSL .deb
         run: make deb-docker
diff --git a/configure.ac b/configure.ac
@@ -8114,20 +8114,33 @@ AC_ARG_ENABLE([sys-ca-certs],
 # (for now checking both C_FLAGS and C_EXTRA_FLAGS)
 AS_CASE(["$CFLAGS $CPPFLAGS"],[*'WOLFSSL_TRUST_PEER_CERT'*],[ENABLED_TRUSTED_PEER_CERT=yes])
 
+# Allows disabling the OPENSSL_COMPATIBLE_DEFAULTS macro
+AC_ARG_ENABLE([openssl-compatible-defaults],
+    [AS_HELP_STRING([--disable-openssl-compatible-defaults],[Disable OpenSSL compatible defaults when enabled by other options (default: enabled)])],
+    [ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=$enableval ],
+    [ ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes ]
+    )
 
 AS_CASE(["$CFLAGS $CPPFLAGS $AM_CFLAGS"],[*'OPENSSL_COMPATIBLE_DEFAULTS'*],
-    [ENABLED_OPENSSL_COMPATIBLE_DEFAULTS=yes])
-if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
+    [FOUND_OPENSSL_COMPATIBLE_DEFAULTS=yes])
+if test "x$FOUND_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
-    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
-    ENABLED_TRUSTED_PEER_CERT=yes
+    if test "x$ENABLED_OPENSSL_COMPATIBLE_DEFAULTS" = "xyes"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TRUST_PEER_CERT"
+        AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALT_CERT_CHAINS"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PRIORITIZE_PSK"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_ALERT_ON_ERR"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_HAVE_ID"
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_OCSP_ISSUER_CHECK"
+        ENABLED_TRUSTED_PEER_CERT=yes
+    else
+        CFLAGS=$(printf "%s" "$CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+        CPPFLAGS=$(printf "%s" "$CPPFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+        AM_CFLAGS=$(printf "%s" "$AM_CFLAGS" | sed 's/-DOPENSSL_COMPATIBLE_DEFAULTS//g')
+    fi
 fi
 
 # determine if we have key validation mechanism
