diff --git a/certgen/README.md b/certgen/README.md index c0e57489..eba1d403 100644 --- a/certgen/README.md +++ b/certgen/README.md @@ -1,11 +1,13 @@ # Certificate Generation and Signing examples To test the certgen or csr_example example(s) configure wolfssl with -`./configure --enable-certgen --enable-certreq` or add the defines: +`./configure --enable-certgen --enable-certreq --enable-keygen` +or add the defines: ``` #define WOLFSSL_CERT_REQ #define WOLFSSL_CERT_GEN +#define WOLFSSL_KEY_GEN ``` To test the csr_w_ed25519_example configure wolfssl with: @@ -156,6 +158,18 @@ Saved CSR PEM to "ed25519-csr.pem" This example shows how to use a CSR to sign it using a CA cert and key to produce an X.509 certificate. +To test the csr_sign example configure wolfssl with +`./configure -enable-certreq --enable-certgen --enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL` +or add the defines: + +``` +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_EXT +#define OPENSSL_EXTRA_X509_SMALL +``` + ``` % ./csr_sign ecc-csr.pem ca-ecc-cert.der ca-ecc-key.der Loading CA certificate @@ -348,7 +362,7 @@ Tested with these wolfSSL build options: ```sh ./autogen.sh # If cloned from GitHub -./configure --enable-asn=template --enable-certreq --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT" +./configure --enable-certreq --enable-certext --enable-keygen --enable-certgen --enable-certext CFLAGS="-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DHAVE_OID_ENCODING -DWOLFSSL_CUSTOM_OID" make make check sudo make install diff --git a/certgen/certgen_ca_example.c b/certgen/certgen_ca_example.c index df2e9564..3e2dcdea 100644 --- a/certgen/certgen_ca_example.c +++ b/certgen/certgen_ca_example.c @@ -28,6 +28,9 @@ #include #include +#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC) + #ifdef WOLFSSL_CAAM #include static int devId = WOLFSSL_CAAM_DEVID; @@ -35,8 +38,6 @@ static int devId = INVALID_DEVID; #endif -#if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC) #define HEAP_HINT NULL #define LARGE_TEMP_SZ 4096 diff --git a/certgen/csr_sign.c b/certgen/csr_sign.c index dcd3a208..98c249a3 100644 --- a/certgen/csr_sign.c +++ b/certgen/csr_sign.c @@ -34,7 +34,7 @@ #endif #if defined(WOLFSSL_CERT_REQ) && defined(WOLFSSL_CERT_GEN) && \ - defined(HAVE_ECC) + defined(HAVE_ECC) && defined(WOLFSSL_CERT_EXT) #define HEAP_HINT NULL #define LARGE_TEMP_SZ 4096 @@ -358,9 +358,9 @@ exit: int main(int argc, char** argv) { #if !defined(WOLFSSL_CERT_REQ) || !defined(WOLFSSL_CERT_GEN) || \ - !defined(HAVE_ECC) + !defined(HAVE_ECC) || !defined(WOLFSSL_CERT_EXT) printf("Please compile wolfSSL with --enable-certreq --enable-certgen " - "--enable-ecc CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n"); + "--enable-ecc --enable-certext CFLAGS=-DOPENSSL_EXTRA_X509_SMALL\n"); return 0; #else if (argc != 4) { diff --git a/certgen/custom_ext.c b/certgen/custom_ext.c index 26f314a8..2716ea6b 100644 --- a/certgen/custom_ext.c +++ b/certgen/custom_ext.c @@ -250,9 +250,9 @@ int main(int argc, char** argv) int main(int argc, char** argv) { - printf("Please compile wolfSSL with --enable-asn=template --enable-certgen " - "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING " - "-DWOLFSSL_CERT_EXT\""); + printf("Please configure wolfSSL with --enable-certgen --enable-certext " + "--enable-keygen CFLAGS=\"-DWOLFSSL_CUSTOM_OID " + "-DHAVE_OID_ENCODING\"\n"); return 0; } diff --git a/certgen/custom_ext_callback.c b/certgen/custom_ext_callback.c index 945b691a..beb9f447 100644 --- a/certgen/custom_ext_callback.c +++ b/certgen/custom_ext_callback.c @@ -143,7 +143,10 @@ static void check_ret(char* call, int ret) int main(void) { - printf("Not compiled in: Build wolfSSL using ./configure --enable-asn=template --enable-certreq --enable-certgen CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING -DWOLFSSL_CUSTOM_OID -DWOLFSSL_CERT_EXT\"\n"); + printf("Not compiled in: Configure wolfSSL using ./configure" + "--enable-certreq --enable-certgen --enable-certext " + "CFLAGS=\"-DWOLFSSL_TEST_CERT -DHAVE_OID_DECODING " + "-DWOLFSSL_CUSTOM_OID \"\n"); return 0; }