DOC: install: add details about WolfSSL
Add details about WolfSSL compilation and support.
This commit is contained in:
parent
425d7ad89d
commit
44c73cea08
20
INSTALL
20
INSTALL
|
@ -256,12 +256,14 @@ locally. See the section about QUIC in this document.
|
||||||
A fifth option is wolfSSL (https://github.com/wolfSSL/wolfssl). It is the only
|
A fifth option is wolfSSL (https://github.com/wolfSSL/wolfssl). It is the only
|
||||||
supported alternative stack not based on OpenSSL, yet which implements almost
|
supported alternative stack not based on OpenSSL, yet which implements almost
|
||||||
all of its API and natively supports QUIC. At the time of writing, the vast
|
all of its API and natively supports QUIC. At the time of writing, the vast
|
||||||
majority of SSL features are well supported by wolfSSL though advanced users
|
majority of SSL features are well supported by wolfSSL though not everything is
|
||||||
might notice tiny differences that the wolfSSL and HAProxy teams are working on
|
exposed in haproxy yet, advanced users might notice tiny differences that the
|
||||||
together to address in the wolfSSL code base as of May 2023. This stack is not
|
wolfSSL and HAProxy teams are working on together to address in the wolfSSL
|
||||||
affected by OpenSSL's design issue regarding multi-processor systems and is
|
code base. Features like SSL resume, crt-list and client auth might not work as
|
||||||
viewed by the HAProxy team as the most promising mid-term solution for general
|
expected. As of May 2023, wolfSSL support is considered experimental. This
|
||||||
deployments and QUIC deployments.
|
stack is not affected by OpenSSL's design issue regarding multi-processor
|
||||||
|
systems and is viewed by the HAProxy team as the most promising mid-term
|
||||||
|
solution for general deployments and QUIC deployments.
|
||||||
|
|
||||||
In order to enable SSL/TLS support, simply pass "USE_OPENSSL=1" on the command
|
In order to enable SSL/TLS support, simply pass "USE_OPENSSL=1" on the command
|
||||||
line and the default library present on your system will be used :
|
line and the default library present on your system will be used :
|
||||||
|
@ -276,6 +278,12 @@ SSL library files using SSL_LIB. Example :
|
||||||
$ make TARGET=generic \
|
$ make TARGET=generic \
|
||||||
USE_OPENSSL=1 SSL_INC=/opt/ssl-1.1.1/include SSL_LIB=/opt/ssl-1.1.1/lib
|
USE_OPENSSL=1 SSL_INC=/opt/ssl-1.1.1/include SSL_LIB=/opt/ssl-1.1.1/lib
|
||||||
|
|
||||||
|
To use HAProxy with WolfSSL, WolfSSL must be built with haproxy support, at
|
||||||
|
least WolfSSL 5.6.0 is needed, but a development version migh be needed for
|
||||||
|
some of the features:
|
||||||
|
|
||||||
|
$ ./configure --enable-haproxy --enable-quic --prefix=/opt/wolfssl-5.6.0/
|
||||||
|
|
||||||
Building with wolfSSL requires to specify the API variant on the "make"
|
Building with wolfSSL requires to specify the API variant on the "make"
|
||||||
command line, for example:
|
command line, for example:
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue