From 414e86b45d58c566f2b48d2dcc0880466fccde8f Mon Sep 17 00:00:00 2001
From: Frank Mertens <frank@cyblogic.de>
Date: Tue, 5 Nov 2024 20:24:54 +0100
Subject: [PATCH] Added option to disable time checks

---
 Kconfig              | 18 ++++++++++++------
 port/user_settings.h | 11 ++++++++---
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/Kconfig b/Kconfig
index aafa15c..10e0a59 100644
--- a/Kconfig
+++ b/Kconfig
@@ -35,12 +35,12 @@ menu "wolfSSL"
         help
             Enables support for key exchange algorithms based on RSA.
 
-    config WOLFSSL_DEBUGGING
-        bool "Enable wolfSSL debugging"
-        default n
+    config WOLFSSL_HAVE_SYSTEM_TIME
+        bool "Check certificate validity time"
+        default y
         help
-            Enable wolfSSL debugging. Once debugging is enabled sections of code between wolfSSL_Debugging_ON() and
-            wolfSSL_Debugging_OFF() will generate detailed debug messages.
+            Enable certificate validity checks based on current system time.
+            This is also needed for the generation of certificates.
 
     config WOLFSSL_HAVE_ISSUER_NAMES
         bool "Enable issuer name in DecodedCert structure"
@@ -48,6 +48,13 @@ menu "wolfSSL"
         help
             Enable wolfSSL to include the issuer names in the DecodedCert structure.
 
+    config WOLFSSL_DEBUGGING
+        bool "Enable wolfSSL debugging"
+        default n
+        help
+            Enable wolfSSL debugging. Once debugging is enabled sections of code between wolfSSL_Debugging_ON() and
+            wolfSSL_Debugging_OFF() will generate detailed debug messages.
+
     config WOLFSSL_HAVE_CRYPT_BENCHMARK
         bool "Enable wolfSSL benchmark module"
         default n
@@ -60,5 +67,4 @@ menu "wolfSSL"
         help
             Enable wolfSSL cryptography benchmark.
 
-
 endmenu # wolfSSL
diff --git a/port/user_settings.h b/port/user_settings.h
index 1870169..e0fbbd9 100755
--- a/port/user_settings.h
+++ b/port/user_settings.h
@@ -375,11 +375,10 @@
 
 /* #define WOLFSSL_ATECC508A_DEBUG         */
 
-/* date/time                               */
-/* if it cannot adjust time in the device, */
-/* enable macro below                      */
+#ifndef CONFIG_WOLFSSL_HAVE_SYSTEM_TIME
 #define NO_ASN_TIME
 // #define XTIME time
+#endif
 
 
 /* adjust wait-timeout count if you see timeout in RSA HW acceleration */
@@ -901,3 +900,9 @@ Turn on timer debugging (used when CPU cycles not available)
 #ifdef CONFIG_WOLFSSL_HAVE_ISSUER_NAMES
 #define WOLFSSL_HAVE_ISSUER_NAMES
 #endif
+
+/** Add support for custom OID extensions for certificate generation
+  */
+#define WOLFSSL_MULTI_ATTRIB
+#define WOLFSSL_CUSTOM_OID
+#define HAVE_OID_ENCODING