Added option to disable time checks

espressif · Nov 5, 2024 · 414e86b · 414e86b
1 parent 9fa612b
commit 414e86b
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/Kconfig b/Kconfig
@@ -35,19 +35,26 @@ menu "wolfSSL"
         help
             Enables support for key exchange algorithms based on RSA.
 
-    config WOLFSSL_DEBUGGING
-        bool "Enable wolfSSL debugging"
-        default n
+    config WOLFSSL_HAVE_SYSTEM_TIME
+        bool "Check certificate validity time"
+        default y
         help
-            Enable wolfSSL debugging. Once debugging is enabled sections of code between wolfSSL_Debugging_ON() and
-            wolfSSL_Debugging_OFF() will generate detailed debug messages.
+            Enable certificate validity checks based on current system time.
+            This is also needed for the generation of certificates.
 
     config WOLFSSL_HAVE_ISSUER_NAMES
         bool "Enable issuer name in DecodedCert structure"
         default n
         help
             Enable wolfSSL to include the issuer names in the DecodedCert structure.
 
+    config WOLFSSL_DEBUGGING
+        bool "Enable wolfSSL debugging"
+        default n
+        help
+            Enable wolfSSL debugging. Once debugging is enabled sections of code between wolfSSL_Debugging_ON() and
+            wolfSSL_Debugging_OFF() will generate detailed debug messages.
+
     config WOLFSSL_HAVE_CRYPT_BENCHMARK
         bool "Enable wolfSSL benchmark module"
         default n
@@ -60,5 +67,4 @@ menu "wolfSSL"
         help
             Enable wolfSSL cryptography benchmark.
 
-
 endmenu # wolfSSL
diff --git a/port/user_settings.h b/port/user_settings.h
@@ -375,11 +375,10 @@
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
+#ifndef CONFIG_WOLFSSL_HAVE_SYSTEM_TIME
 #define NO_ASN_TIME
 // #define XTIME time
+#endif
 
 
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
@@ -901,3 +900,9 @@ Turn on timer debugging (used when CPU cycles not available)
 #ifdef CONFIG_WOLFSSL_HAVE_ISSUER_NAMES
 #define WOLFSSL_HAVE_ISSUER_NAMES
 #endif
+
+/** Add support for custom OID extensions for certificate generation
+  */
+#define WOLFSSL_MULTI_ATTRIB
+#define WOLFSSL_CUSTOM_OID
+#define HAVE_OID_ENCODING