Using user_settings.h with wolfSSL

    • wolfSSL has various examples of user_settings.h files that you could use to configure your build.

    For users who can’t make use of Autotools, want to build with a custom IDE, or would like to track and manage their wolfSSL build configuration in a header file, we recommend the use of a custom user_settings.h header file. If WOLFSSL_USER_SETTINGS is defined when compiling the wolfSSL source files, wolfSSL will automatically include a custom header file called user_settings.h. With Autotools, --enable-usersettings can also be used with the configure command to define WOLFSSL_USER_SETTINGS. The header should be created by the user and placed on the include path. This allows users to maintain one single file for their wolfSSL build.

    Some example user_settings.h files can be found in the wolfSSL repo here https://github.com/wolfSSL/wolfssl/tree/master/examples/configs. They are listed below.

    • user_settings_template.h: Template that allows modular algorithm and feature selection using #if 0 logic.
    • user_settings_all.h: This is wolfSSL with all features enabled. Equivalent to ./configure --enable-all.
    • user_settings_min_ecc.h: This is ECC and SHA-256 only. For ECC verify only add BUILD_VERIFY_ONLY.
    • user_settings_wolfboot_keytools.h: This is from wolfBoot tools/keytools and is ECC, RSA, ED25519, and ChaCha20.
    • user_settings_fipsv2.h: The FIPS v2 (3389) 140-2 certificate build options.
    • user_settings_fipsv5.h: The FIPS v5 (ready) 140-3 build options. Equivalent to ./configure --enable-fips=v5-dev.
    • user_settings_stm32.h: Example configuration file generated from the wolfSSL STM32 Cube pack.

    To use these example configurations:

    1. Copy to your local project and rename to user_settings.h.
    2. Add pre-processor macro WOLFSSL_USER_SETTINGS to your project.
    3. Make sure and include #include <wolfssl/wolfcrypt/settings.h> prior to any other wolfSSL headers in your application.

    Do you need any guidance configuring your wolfSSL build? If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247. The wolfSSL embedded SSL/TLS library supports up to TLS 1.3 and DTLS 1.3, and offers certified versions of wolfCrypt for FIPS 140-2 and DO-178C.