RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DOC: install: add details about WolfSSL 

Add details about WolfSSL compilation and support.
This commit is contained in:
William Lallemand 2023-05-25 17:17:29 +02:00
parent 425d7ad89d
commit 44c73cea08
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
INSTALL
View File

@ -256,12 +256,14 @@ locally. See the section about QUIC in this document.
A fifth option is wolfSSL (https://github.com/wolfSSL/wolfssl). It is the only A fifth option is wolfSSL (https://github.com/wolfSSL/wolfssl). It is the only
supported alternative stack not based on OpenSSL, yet which implements almost supported alternative stack not based on OpenSSL, yet which implements almost
all of its API and natively supports QUIC. At the time of writing, the vast all of its API and natively supports QUIC. At the time of writing, the vast
majority of SSL features are well supported by wolfSSL though advanced users majority of SSL features are well supported by wolfSSL though not everything is
might notice tiny differences that the wolfSSL and HAProxy teams are working on exposed in haproxy yet, advanced users might notice tiny differences that the
together to address in the wolfSSL code base as of May 2023. This stack is not wolfSSL and HAProxy teams are working on together to address in the wolfSSL
affected by OpenSSL's design issue regarding multi-processor systems and is code base. Features like SSL resume, crt-list and client auth might not work as
viewed by the HAProxy team as the most promising mid-term solution for general expected. As of May 2023, wolfSSL support is considered experimental. This
deployments and QUIC deployments. stack is not affected by OpenSSL's design issue regarding multi-processor
systems and is viewed by the HAProxy team as the most promising mid-term
solution for general deployments and QUIC deployments.
In order to enable SSL/TLS support, simply pass "USE_OPENSSL=1" on the command In order to enable SSL/TLS support, simply pass "USE_OPENSSL=1" on the command
line and the default library present on your system will be used : line and the default library present on your system will be used :
@ -276,6 +278,12 @@ SSL library files using SSL_LIB. Example :
$ make TARGET=generic \ $ make TARGET=generic \
USE_OPENSSL=1 SSL_INC=/opt/ssl-1.1.1/include SSL_LIB=/opt/ssl-1.1.1/lib USE_OPENSSL=1 SSL_INC=/opt/ssl-1.1.1/include SSL_LIB=/opt/ssl-1.1.1/lib
To use HAProxy with WolfSSL, WolfSSL must be built with haproxy support, at
least WolfSSL 5.6.0 is needed, but a development version migh be needed for
some of the features:
$ ./configure --enable-haproxy --enable-quic --prefix=/opt/wolfssl-5.6.0/
Building with wolfSSL requires to specify the API variant on the "make" Building with wolfSSL requires to specify the API variant on the "make"
command line, for example: command line, for example: