| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
add preprocessor option to force crypto lib used by lighttpd base
-DFORCE_MBEDTLS_CRYPTO for mbed TLS
or -DFORCE_WOLFSSL_CRYPTO for WolfSSL
This allows building lighttpd with support for multiple TLS modules,
and at the same time specifying the lighttpd base crypto lib dependency.
(Packages such as OpenWRT lighttpd package would need to update
package dependency along with specifying the preprocessor define)
If lighttpd is built with meson and without "-Dwith_nettle=true",
then lighttpd will use mbed TLS if built with "-Dwith_mbedtls",
so the preprocessor option is not strictly necessary for mbed TLS.
However, if built with "-Dwith_mbedtls" and "-Dwith_wolfssl" *and*
without "-Dwith_nettle=true" *and* lighttpd base crypto dependency
on WolfSSL is desired, then CFLAGS -DFORCE_WOLFSSL_CRYPTO is needed,
e.g. with a patch to add it to 'defs' near the top of src/meson.build.
x-ref:
"lighttpd authentication modules depends on libnettle"
https://github.com/openwrt/packages/issues/18851
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
include wolfssl/options.h crypto lib config
after selecting crypto lib to use
wolfSSL does not prefix its defines with a wolfSSL-specific namespace
(so we would like to avoid unnecessarily polluting preproc namespace)
This commit further isolates wolfSSL after split from mod_openssl.
Cleans up some preprocessor logic that was put in place when using
the wolfSSL compatibility layer for openssl, before creating a
dedicated mod_wolfssl.
|
|
|
|
|
| |
include mbedtls/config.h crypto lib config
after selecting crypto lib to use
|
|
|
|
| |
adjust wolfssl types.h workaround for another edge case
|
|
|
|
|
|
|
|
|
|
| |
workaround fragile code in wolfssl/wolfcrypto/types.h
Including header blows up compile in 32-bit when lighttpd meson build
in OpenWRT on a 32-bit platform generates lighttpd config.h containing
define of SIZEOF_LONG, but not SIZEOF_LONG_LONG, and the wolfssl types.h
flubs and fails to choose an enum value used by a macro that is unused
by most consumers of the wolfssl header.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(not (yet?) an end-user option in the build system)
(If extended to build system, build system should also unset CRYPTO_LIB)
If WITHOUT_LIB_CRYPTO is defined in sys-crypto.h, then non-TLS modules
will have access to MD5() and SHA1() built with lighttpd (algo_md5.[ch]
and algo_sha1.[ch]), but not to other message digest algorithms.
As of this commit, this affects only mod_secdownload with SHA256 digest
and mod_auth* modules using HTTP Digest Auth with digest=SHA-256, which
is not currently well-supported by client browers (besides Opera)
|
| |
|
|
|
|
|
| |
some distro packages deploy NSS includes under nss/, others nss3/
(and similar for nspr/ vs nspr4/)
|
|
|
|
|
|
|
| |
use NSS crypto if no other crypto avail, but NSS crypto is available
"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
|
|
|
|
| |
standalone module forked from mod_openssl
|
|
|
|
|
|
|
|
| |
Prefer some WolfSSL native APIs when building with WolfSSL.
However, some functionality in WolfSSL is available only through the
WolfSSL compatibility layer for OpenSSL, so the effort to create a
native mod_wolfssl halted here.
|
|
|
|
|
|
|
|
|
|
|
|
| |
(experimental)
WARNING: EXPERIMENTAL code sketch; mod_nss is INCOMPLETE and UNTESTED
mod_nss supports most ssl.* config options supported by mod_openssl
x-ref:
"alternate ssl backend"
https://redmine.lighttpd.net/issues/1218
|
|
|
|
|
|
|
|
|
|
| |
(experimental)
mod_gnutls supports most ssl.* config options supported by mod_openssl
x-ref:
"GnuTLS support for the mod_ssl"
https://redmine.lighttpd.net/issues/109
|
|
|
|
|
|
|
|
|
| |
(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
|
|
|
|
|
|
|
|
|
| |
./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS.
x-ref:
"How to use SHA-256 without OpenSSL?"
https://redmine.lighttpd.net/boards/2/topics/8903
|
|
|
|
|
|
|
|
|
|
|
|
| |
requires wolfSSL library version 3.15.3 or later
https://www.wolfssl.com/
https://github.com/wolfSSL/wolfssl
(thx dgarske)
x-ref:
"Adds support for building Lighttpd with wolfSSL"
https://github.com/lighttpd/lighttpd1.4/pull/92
|
|
(add the header)
|