Add wolfSSL support

.github/workflows/test.yaml

@@ -77,7 +77,7 @@ jobs:
       (github.event_name == 'workflow_dispatch' && github.event.inputs.test_linux == 'true')
     strategy:
       matrix:
-        tls_backend: [openssl, mbedtls]
+        tls_backend: [openssl, mbedtls, wolfssl]
     name: ubuntu (${{ matrix.tls_backend }})
     steps:
       - name: checkout
@@ -92,6 +92,9 @@ jobs:
       - name: install Mbed TLS
         if: matrix.tls_backend == 'mbedtls'
         run: sudo apt-get install -y libmbedtls-dev
+      - name: install wolfSSL
+        if: matrix.tls_backend == 'wolfssl'
+        run: sudo apt-get install -y libwolfssl-dev
       - name: build and run tests (OpenSSL)
         if: matrix.tls_backend == 'openssl'
         run: cd test && make test_split && make test_openssl_parallel
@@ -100,6 +103,9 @@ jobs:
       - name: build and run tests (Mbed TLS)
         if: matrix.tls_backend == 'mbedtls'
         run: cd test && make test_split_mbedtls && make test_mbedtls_parallel
+      - name: build and run tests (wolfSSL)
+        if: matrix.tls_backend == 'wolfssl'
+        run: cd test && make test_split_wolfssl && make test_wolfssl_parallel
       - name: run fuzz test target
         if: matrix.tls_backend == 'openssl'
         run: cd test && make fuzz_test
@@ -118,14 +124,17 @@ jobs:
       (github.event_name == 'workflow_dispatch' && github.event.inputs.test_macos == 'true')
     strategy:
       matrix:
-        tls_backend: [openssl, mbedtls]
+        tls_backend: [openssl, mbedtls, wolfssl]
     name: macos (${{ matrix.tls_backend }})
     steps:
       - name: checkout
         uses: actions/checkout@v4
       - name: install Mbed TLS
         if: matrix.tls_backend == 'mbedtls'
         run: brew install mbedtls@3
+      - name: install wolfSSL
+        if: matrix.tls_backend == 'wolfssl'
+        run: brew install wolfssl
       - name: build and run tests (OpenSSL)
         if: matrix.tls_backend == 'openssl'
         run: cd test && make test_split && make test_openssl_parallel
@@ -134,6 +143,9 @@ jobs:
       - name: build and run tests (Mbed TLS)
         if: matrix.tls_backend == 'mbedtls'
         run: cd test && make test_split_mbedtls && make test_mbedtls_parallel
+      - name: build and run tests (wolfSSL)
+        if: matrix.tls_backend == 'wolfssl'
+        run: cd test && make test_split_wolfssl && make test_wolfssl_parallel
       - name: run fuzz test target
         if: matrix.tls_backend == 'openssl'
         run: cd test && make fuzz_test

.gitignore

@@ -36,12 +36,14 @@ test/httplib.cc
 test/httplib.h
 test/test
 test/test_mbedtls
+test/test_wolfssl
 test/test_no_tls
 test/server_fuzzer
 test/test_proxy
 test/test_proxy_mbedtls
 test/test_split
 test/test_split_mbedtls
+test/test_split_wolfssl
 test/test_split_no_tls
 test/test_websocket_heartbeat
 test/test_thread_pool

README.md

@@ -12,7 +12,7 @@ It's extremely easy to set up. Just include the **httplib.h** file in your code!
 ## Main Features
 
 - HTTP Server/Client
-- SSL/TLS support (OpenSSL, MbedTLS)
+- SSL/TLS support (OpenSSL, MbedTLS, wolfSSL)
 - [Stream API](README-stream.md)
 - [Server-Sent Events](README-sse.md)
 - [WebSocket](README-websocket.md)
@@ -64,19 +64,26 @@ cpp-httplib supports multiple TLS backends through an abstraction layer:
 | :------ | :----- | :-------- |
 | OpenSSL | `CPPHTTPLIB_OPENSSL_SUPPORT` | `libssl`, `libcrypto` |
 | Mbed TLS | `CPPHTTPLIB_MBEDTLS_SUPPORT` | `libmbedtls`, `libmbedx509`, `libmbedcrypto` |
+| wolfSSL | `CPPHTTPLIB_WOLFSSL_SUPPORT` | `libwolfssl` |
 
 > [!NOTE]
 > OpenSSL 3.0 or later is required. Please see [this page](https://www.openssl.org/policies/releasestrat.html) for more information.
 
 > [!NOTE]
 > Mbed TLS 2.x and 3.x are supported. The library automatically detects the version and uses the appropriate API.
 
+> [!NOTE]
+> wolfSSL must be built with OpenSSL compatibility layer enabled (`--enable-opensslall`). wolfSSL 5.x is supported.
+
+> [!NOTE]
+> **Mbed TLS / wolfSSL limitation:** `get_ca_certs()` and `get_ca_names()` only reflect CA certificates loaded via `load_ca_cert_store()` or `load_ca_cert_store(pem, size)`. Certificates loaded through `set_ca_cert_path()` or system certificates (`load_system_certs`) are not enumerable with these backends.
+
 > [!TIP]
 > For macOS: cpp-httplib can use system certs with `CPPHTTPLIB_USE_CERTS_FROM_MACOSX_KEYCHAIN`. `CoreFoundation` and `Security` should be linked with `-framework`.
 
 ```c++
-// Use either OpenSSL or Mbed TLS
-#define CPPHTTPLIB_OPENSSL_SUPPORT   // or CPPHTTPLIB_MBEDTLS_SUPPORT
+// Use either OpenSSL, Mbed TLS, or wolfSSL
+#define CPPHTTPLIB_OPENSSL_SUPPORT   // or CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT
 #include "path/to/httplib.h"
 
 // Server
@@ -102,10 +109,10 @@ cli.enable_server_hostname_verification(false);
 When SSL operations fail, cpp-httplib provides detailed error information through `ssl_error()` and `ssl_backend_error()`:
 
 - `ssl_error()` - Returns the TLS-level error code (e.g., `SSL_ERROR_SSL` for OpenSSL)
-- `ssl_backend_error()` - Returns the backend-specific error code (e.g., `ERR_get_error()` for OpenSSL, return value for Mbed TLS)
+- `ssl_backend_error()` - Returns the backend-specific error code (e.g., `ERR_get_error()` for OpenSSL/wolfSSL, return value for Mbed TLS)
 
 ```c++
-#define CPPHTTPLIB_OPENSSL_SUPPORT  // or CPPHTTPLIB_MBEDTLS_SUPPORT
+#define CPPHTTPLIB_OPENSSL_SUPPORT  // or CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT
 #include "path/to/httplib.h"
 
 httplib::Client cli("https://example.com");
@@ -188,7 +195,7 @@ svr.Get("/", [](const httplib::Request &req, httplib::Response &res) {
 
 ### Windows Certificate Verification
 
-On Windows, cpp-httplib automatically performs additional certificate verification using the Windows certificate store via CryptoAPI (`CertGetCertificateChain` / `CertVerifyCertificateChainPolicy`). This works with both OpenSSL and Mbed TLS backends, providing:
+On Windows, cpp-httplib automatically performs additional certificate verification using the Windows certificate store via CryptoAPI (`CertGetCertificateChain` / `CertVerifyCertificateChainPolicy`). This works with all TLS backends (OpenSSL, Mbed TLS, and wolfSSL), providing:
 
 - Real-time certificate validation integrated with Windows Update
 - Certificate revocation checking
@@ -197,7 +204,7 @@ On Windows, cpp-httplib automatically performs additional certificate verificati
 This feature is enabled by default and can be controlled at runtime:
 
 ```c++
-// Disable Windows certificate verification (use only OpenSSL/Mbed TLS verification)
+// Disable Windows certificate verification (use only OpenSSL/Mbed TLS/wolfSSL verification)
 cli.enable_windows_certificate_verification(false);
 ```