-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathuser_settings.h.example
More file actions
73 lines (68 loc) · 3.26 KB
/
Copy pathuser_settings.h.example
File metadata and controls
73 lines (68 loc) · 3.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
* Copyright (C) 2026 wolfSSL Inc.
*
* This file is part of wolfCert.
*
* wolfCert is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfCert is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with wolfCert. If not, see <http://www.gnu.org/licenses/>.
*/
/*
* examples/user_settings.h.example - TEMPLATE.
*
* Copy this file to "user_settings.h" somewhere on your include path, edit it,
* and build wolfCert (and your application) with -DWOLFCERT_USER_SETTINGS.
* wolfcert/types.h then takes wolfCert's feature configuration from here
* instead of the build-generated wolfcert/options.h - the header-only analogue
* of running CMake/autoconf, intended for embedded/MCU toolchains that drive
* their own build. wolfcert/check_config.h validates the result at compile
* time, so a contradictory or incomplete config fails with a clear #error.
*
* The "user_settings.h" name is shared with wolfSSL's own WOLFSSL_USER_SETTINGS
* header on purpose. The macro namespaces are disjoint (wolfCert reads only
* WOLFCERT_HAVE_*; wolfSSL reads HAVE_* / NO_* / WOLFSSL_*), so a single
* user_settings.h can carry both libraries' config - the recommended setup.
* Keep only one file by this name on your include path: both wolfSSL and
* wolfCert include it unqualified, so the first one found serves both. See
* docs/EMBEDDED.md.
*
* RULES
* - To ENABLE a feature, leave its #define uncommented.
* - To DISABLE a feature, COMMENT THE LINE OUT. Do NOT write
* "#define WOLFCERT_HAVE_X 0" - the code tests presence with #ifdef, so a
* value of 0 still counts as enabled.
* - At least one key algorithm must be enabled.
* - SCEP is RSA-only (RFC 8894): enabling WOLFCERT_HAVE_SCEP requires
* WOLFCERT_HAVE_RSA.
*
* The enabled set must also be backed by the wolfSSL you link against. wolfCert
* requires a wolfSSL (>= 5.9.2) built with at least:
* --enable-pkcs7 --enable-certgen --enable-certreq --enable-certext
* --enable-keygen --enable-cryptocb --enable-base64encode --enable-opensslextra
* CPPFLAGS="-DWOLFSSL_ALT_NAMES -DWOLFSSL_CERT_NAME_ALL"
* plus AES + SHA-256 (default on) and TLS 1.2 and/or TLS 1.3, and the matching
* algorithm flags for the key types you enable below (--enable-ecc,
* --enable-ed25519, --enable-ed448, --enable-mldsa; RSA is default on).
*/
#ifndef WOLFCERT_USER_SETTINGS_H
#define WOLFCERT_USER_SETTINGS_H
/* ---- Protocols ---- */
#define WOLFCERT_HAVE_EST 1 /* EST (RFC 7030) */
#define WOLFCERT_HAVE_SCEP 1 /* SCEP (RFC 8894) - requires WOLFCERT_HAVE_RSA */
#define WOLFCERT_HAVE_SERVER 1 /* built-in EST/SCEP test server */
/* ---- Key algorithms (enable at least one) ---- */
#define WOLFCERT_HAVE_RSA 1
#define WOLFCERT_HAVE_ECC 1
#define WOLFCERT_HAVE_ED25519 1
#define WOLFCERT_HAVE_ED448 1
#define WOLFCERT_HAVE_MLDSA 1
#endif /* WOLFCERT_USER_SETTINGS_H */