Enhancing wolfSSL’s CMake Build System: Adding WOLFSSL_CLU Support

    • The wolfSSL team recently merged a significant improvement to their CMake build system with Pull Request #8548. This enhancement adds a new WOLFSSL_CLU option to CMakeLists.txt, providing CMake users with the same functionality that was previously only available through the –enable-wolfclu option in the autotools build system.

    What is wolfCLU?

    Before diving into the technical details, let’s understand what wolfCLU is. The wolfSSL Command Line Utility (wolfCLU) is a powerful tool that provides cryptographic operations through a command-line interface. It leverages wolfSSL’s cryptographic library (wolfCrypt) to perform common operations such as:

    • Creating certificates and certificate requests
    • Generating public/private key pairs
    • Creating and verifying digital signatures
    • Encrypting and decrypting files
    • Parsing X.509 certificates
    • Establishing certificate chains with a Certificate Authority

    wolfCLU serves as an alternative to OpenSSL’s command-line tools, particularly for environments where OpenSSL is not installed or for users who prefer wolfSSL’s lightweight and security-focused implementation.

    The Technical Enhancement

    The PR adds a new WOLFSSL_CLU option to wolfSSL’s CMakeLists.txt that, when enabled, automatically configures wolfSSL with all the features required by wolfCLU. This includes:

    1. Certificate Operations:
      • Certificate Generation (WOLFSSL_CERTGEN)
      • Certificate Request Generation (WOLFSSL_CERTREQ)
      • Certificate Extensions (WOLFSSL_CERTEXT)
    2. Cryptographic Algorithms:
      • MD5 (WOLFSSL_MD5)
      • AES Counter Mode (WOLFSSL_AESCTR)
      • ED25519 for digital signatures (WOLFSSL_ED25519)
      • SHA-512 (WOLFSSL_SHA512)
      • Triple DES (WOLFSSL_DES3)
    3. Additional Features:
      • Key Generation (WOLFSSL_KEYGEN)
      • OpenSSL Compatibility (WOLFSSL_OPENSSLALL)
      • PKCS#7 Support (WOLFSSL_PKCS7)
    4. Compiler Flags:
      • -DHAVE_OID_ENCODING: Enables OID encoding functionality
      • -DWOLFSSL_NO_ASN_STRICT: Disables strict ASN.1 parsing
      • -DWOLFSSL_ALT_NAMES: Enables alternative name support
      • -DOPENSSL_ALL: Ensures OpenSSL compatibility functions are available

    The PR also updates the GitHub Actions workflow to test this new option, ensuring it works correctly in the CI environment.

    How to Use It

    To build wolfSSL with wolfCLU support using CMake, simply add the -DWOLFSSL_CLU=yes option to your CMake command:

    mkdir build
cd build
cmake .. -DWOLFSSL_CLU=yes
make

    This will configure wolfSSL with all the necessary features and compiler flags to support wolfCLU.

    Conclusion

    This PR demonstrates wolfSSL’s commitment to providing consistent build options across different build systems and improving the developer experience. By adding the WOLFSSL_CLU option to CMakeLists.txt, the wolfSSL team has made it easier for developers to build and use wolfCLU with wolfSSL, regardless of their preferred build system.

    For more information about wolfCLU and its capabilities, visit the wolfSSL website or check out the wolfCLU GitHub repository.

    If you have questions about any of the above, please contact us at facts@wolfSSL.com or call us at +1 425 245 8247.

    Download wolfSSL Now