Experimental port of wolfSSL into GnuTLS. One script builds everything and drops the bits under /opt.
git clone https://github.com/wolfssl/gnutls-wolfssl.git
cd gnutls-wolfssl
# regular build
./setup.sh
# build with FIPS 140 support
./setup.sh fips
On success you get:
/opt/wolfssl wolfSSL
/opt/gnutls GnuTLS built on wolfSSL
/opt/wolfssl-gnutls-wrapper runtime shim
If the loader can’t find the libs, add the path to LD_LIBRARY_PATH (Linux) or DYLD_LIBRARY_PATH (macOS).
| var | default | note |
|---|---|---|
| WOLFSSL_INSTALL | /opt/wolfssl | install prefix |
| GNUTLS_INSTALL | /opt/gnutls | install prefix |
| PROVIDER_PATH | /opt/wolfssl-gnutls-wrapper/ | install prefix |
| GNUTLS_FORCE_FIPS_MODE | 0 | set to 1 at runtime to enforce FIPS |
| WGW_LOGGING | 1 | By default wolfssl-gnutls-wrapper will show logging information. Set to 0 to turn off logging |
| WGW_LOGFILE | - | By default wolfssl-gnutls-wrapper will log to stderr. This can be changed to stdout or a filename |
setup.sh do‑it‑all build script
rebuild-gnutls.sh rebuild GnuTLS only
wolfssl/ upstream clone
gnutls/ upstream clone + branch gnutls-wolfssl
wolfssl-gnutls-wrapper/ thin shim + tests
cd wolfssl-gnutls-wrapper
# build wrapper
make
# full suite
make test
# fast run of the test suite
make test_fast
# test fips (only if ./setup.sh was run in fips mode)
make test_fips
Each test prints ✔️/❌ and a summary.
cc app.c \
-I/opt/gnutls/include -I/opt/wolfssl/include \
-L/opt/gnutls/lib -lgnutls \
-L/opt/wolfssl/lib -lwolfssl \
-L/opt/wolfssl-gnutls-wrapper/lib -lgnutls-wolfssl-wrapper
Make sure the wrapper comes after gnutls on the linker line.
sudo rm -rf /opt/wolfssl /opt/gnutls /opt/wolfssl-gnutls-wrapper