From 126f29d85a8d54a6044caea4f758088b9b2f7787 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 16 Feb 2026 11:34:07 -0700 Subject: [PATCH 1/6] Update hitch configure --- configure.ac | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/configure.ac b/configure.ac index 606ed24118..a1f7f81d05 100644 --- a/configure.ac +++ b/configure.ac @@ -9117,6 +9117,13 @@ then ENABLED_OCSP="yes" fi + # Requires CSR for wolfSSL_set_tlsext_status_ocsp_resp + if test "x$ENABLED_CERTIFICATE_STATUS_REQUEST" = "xno" + then + ENABLED_CERTIFICATE_STATUS_REQUEST="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_CERTIFICATE_STATUS_REQUEST" + fi + # Requires ALPN if test "x$ENABLED_ALPN" = "xno" then @@ -9139,6 +9146,8 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HITCH -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME" + # wolfSSL inclusion of assert.h conflicts with hitch's assert definition + AM_CFLAGS="$AM_CFLAGS -DWC_NO_STATIC_ASSERT" fi if test "$ENABLED_MEMCACHED" = "yes" From 17a3f6f073e45e562008b5916a49082ac9b2317d Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 5 Mar 2026 16:45:30 -0700 Subject: [PATCH 2/6] Update and re-enable hitch CI/CD test. Requires https://github.com/wolfSSL/osp/pull/325. Fixes https://github.com/wolfSSL/osp/issues/218. --- .github/workflows/{disabled => }/hitch.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) rename .github/workflows/{disabled => }/hitch.yml (80%) diff --git a/.github/workflows/disabled/hitch.yml b/.github/workflows/hitch.yml similarity index 80% rename from .github/workflows/disabled/hitch.yml rename to .github/workflows/hitch.yml index 5f0b58986b..adbe7ae20e 100644 --- a/.github/workflows/disabled/hitch.yml +++ b/.github/workflows/hitch.yml @@ -44,9 +44,9 @@ jobs: matrix: # List of releases to test include: - - ref: 1.7.3 + - ref: 1.8.0 ignore-tests: >- - test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh + test12-cfg.sh test13-r82.sh test15-proxy-v2-npn.sh test39-client-cert-proxy.sh test41-client-cert-pb.sh name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-latest @@ -72,13 +72,13 @@ jobs: run: | export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install -y libev-dev libssl-dev automake python3-docutils flex bison pkg-config make + sudo apt-get install -y libev-dev automake python3-docutils flex bison pkg-config make - name: Checkout hitch uses: actions/checkout@v4 with: repository: varnish/hitch - ref: 1.7.3 + ref: 1.8.0 path: hitch # Do this before configuring so that it only detects the updated list of @@ -92,9 +92,10 @@ jobs: - name: Configure and build hitch run: | cd $GITHUB_WORKSPACE/hitch/ - patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.7.3.patch - autoreconf -ivf - SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --enable-silent-rules --enable-documentation --enable-warnings --with-lex --with-yacc --prefix=$GITHUB_WORKSPACE/build-dir + patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.8.0.patch + export SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" + export SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" + ./bootstrap --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --prefix=$GITHUB_WORKSPACE/build-dir make -j$(nproc) - name: Confirm hitch built with wolfSSL From 9dc0594a5420cc7b5960874462f6c41ad3b2aca2 Mon Sep 17 00:00:00 2001 From: Mark Atwood Date: Mon, 11 May 2026 07:57:23 -0700 Subject: [PATCH 3/6] ci: use matrix.ref in hitch.yml Address julek-wolfssl's review on wolfSSL/wolfssl#9897: replace the two remaining hardcoded 1.8.0 occurrences with ${{ matrix.ref }} so the matrix entry is the single source of truth for the hitch version under test. --- .github/workflows/hitch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/hitch.yml b/.github/workflows/hitch.yml index adbe7ae20e..b3b28f886b 100644 --- a/.github/workflows/hitch.yml +++ b/.github/workflows/hitch.yml @@ -78,7 +78,7 @@ jobs: uses: actions/checkout@v4 with: repository: varnish/hitch - ref: 1.8.0 + ref: ${{ matrix.ref }} path: hitch # Do this before configuring so that it only detects the updated list of @@ -92,7 +92,7 @@ jobs: - name: Configure and build hitch run: | cd $GITHUB_WORKSPACE/hitch/ - patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_1.8.0.patch + patch -p1 < $GITHUB_WORKSPACE/osp/hitch/hitch_${{ matrix.ref }}.patch export SSL_CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include/ -I$GITHUB_WORKSPACE/build-dir/include/wolfssl" export SSL_LIBS="-L$GITHUB_WORKSPACE/build-dir/lib -lwolfssl" ./bootstrap --with-wolfssl=$GITHUB_WORKSPACE/build-dir/ --prefix=$GITHUB_WORKSPACE/build-dir From bc8c93e1f7f267be024730d9b19f273844f2f64b Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 15:46:00 -0700 Subject: [PATCH 4/6] Code review feedback. If WC_USE_STATIC_ASSERT is not defined, then define WC_NO_STATIC_ASSERT while not building the library to avoid including assert.h in external applications like hitch. --- configure.ac | 2 -- wolfssl/wolfcrypt/types.h | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index a1f7f81d05..db955d6d1f 100644 --- a/configure.ac +++ b/configure.ac @@ -9146,8 +9146,6 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HITCH -DHAVE_EX_DATA -DWOLFSSL_SIGNER_DER_CERT" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS -DWOLFSSL_CIPHER_INTERNALNAME" - # wolfSSL inclusion of assert.h conflicts with hitch's assert definition - AM_CFLAGS="$AM_CFLAGS -DWC_NO_STATIC_ASSERT" fi if test "$ENABLED_MEMCACHED" = "yes" diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index eb11f8436e..704f55dfa3 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -2186,6 +2186,10 @@ WOLFSSL_API word32 CheckRunTimeSettings(void); #define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d #define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d) +#if !defined(BUILDING_WOLFSSL) && !defined(WC_USE_STATIC_ASSERT) && \ + !defined(WC_NO_STATIC_ASSERT) + #define WC_NO_STATIC_ASSERT +#endif #if defined(WC_NO_STATIC_ASSERT) #define wc_static_assert(expr) struct wc_static_assert_dummy_struct #define wc_static_assert2(expr, msg) wc_static_assert(expr) From c7a84a4568bde63ab270568017c5a45dd4760165 Mon Sep 17 00:00:00 2001 From: Kareem Date: Thu, 4 Jun 2026 16:29:52 -0700 Subject: [PATCH 5/6] Don't define WC_NO_STATIC_ASSERT for tests. --- wolfssl/wolfcrypt/types.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 704f55dfa3..570857f1b6 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -2186,8 +2186,8 @@ WOLFSSL_API word32 CheckRunTimeSettings(void); #define WC_CPP_CAT4_(a, b, c, d) a ## b ## c ## d #define WC_CPP_CAT4(a, b, c, d) WC_CPP_CAT4_(a, b, c, d) -#if !defined(BUILDING_WOLFSSL) && !defined(WC_USE_STATIC_ASSERT) && \ - !defined(WC_NO_STATIC_ASSERT) +#if !defined(BUILDING_WOLFSSL) && !defined(WOLFSSL_VIS_FOR_TESTS) && \ + !defined(WC_USE_STATIC_ASSERT) && !defined(WC_NO_STATIC_ASSERT) #define WC_NO_STATIC_ASSERT #endif #if defined(WC_NO_STATIC_ASSERT) From 2015159e4a8328e62671c571147faa763fb467be Mon Sep 17 00:00:00 2001 From: Kareem Date: Fri, 5 Jun 2026 14:08:04 -0700 Subject: [PATCH 6/6] Add WC_USE_STATIC_ASSERT to known macros. --- .wolfssl_known_macro_extras | 1 + 1 file changed, 1 insertion(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index a8c10deda5..cca0c70ab9 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -683,6 +683,7 @@ WC_SLHDSA_VERBOSE_DEBUG WC_SSIZE_TYPE WC_STRICT_SIG WC_USE_PIE_FENCEPOSTS_FOR_FIPS +WC_USE_STATIC_ASSERT WC_WANT_FLAG_DONT_USE_VECTOR_OPS WIFIESPAT WIFI_101