From 17d8d9c919117ecd7747e91226c864fcccaab2b1 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Mon, 26 Oct 2020 21:14:09 -0400
Subject: [mod_wolfssl] cripple SNI if not built OPENSSL_ALL

crippled functionality if wolfssl library not built --enable-opensslall
* SNI not handled since SNI callbacks are disabled in wolfSSL library
  unless the wolfSSL library is built with --enable-openssall

  This means that there is only one certificate per listening socket --
  no certificate selection based on server name indication (SNI)
  and is additionally a violation of the HTTP/2 specification,
  which requires SNI.

slightly reduced functionality if wolfssl not built --enable-opensslall
* disable client certificate verification (error out if in lighttpd.conf)
* omit SSL_CIPHER_USEKEYSIZE, SSL_CIPHER_ALGKEYSIZE env vars
---
 configure.ac | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index e6661867..1a6918c1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -742,7 +742,7 @@ if test "$WITH_WOLFSSL" != no; then
   )
   AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
     #include <wolfssl/options.h>
-    #if !defined(HAVE_LIGHTY) && !defined(OPENSSL_ALL)
+    #if !defined(HAVE_LIGHTY) && !defined(OPENSSL_EXTRA)
     #error HAVE_LIGHTY macro not defined
     #endif
   ]])], [], [AC_MSG_ERROR([wolfssl must be built with ./configure --enable-lighty])])
-- 
cgit v1.2.1