require OPENSSL_EXTRA, and allow NO_FILESYSTEM.

src/ssl.c

@@ -1038,7 +1038,6 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
         Suites* suites, const char* list);
 #endif
 
-
 #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #endif
@@ -6037,6 +6036,7 @@ static int crypto_policy_parse(void)
     return WOLFSSL_SUCCESS;
 }
 
+#ifndef NO_FILESYSTEM
 /* Enables wolfSSL system wide crypto-policy, using the given policy
  * file arg. If NULL is passed, then the default system crypto-policy
  * file that was set at configure time will be used instead.
@@ -6126,6 +6126,7 @@ int wolfSSL_crypto_policy_enable(const char * policy_file)
 
     return crypto_policy_parse();
 }
+#endif /* ! NO_FILESYSTEM */
 
 /* Same behavior as wolfSSL_crypto_policy_enable, but loads
  * via memory buf instead of file.

wolfssl/ssl.h

@@ -3194,7 +3194,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void);
 WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void);
 
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
+#ifndef NO_FILESYSTEM
 WOLFSSL_API int    wolfSSL_crypto_policy_enable(const char * policy);
+#endif /* ! NO_FILESYSTEM */
 WOLFSSL_API int    wolfSSL_crypto_policy_enable_buffer(const char * buf);
 WOLFSSL_API void   wolfSSL_crypto_policy_disable(void);
 WOLFSSL_API int    wolfSSL_crypto_policy_is_enabled(void);

wolfssl/wolfcrypt/settings.h

@@ -4256,6 +4256,10 @@ extern void uITRON4_free(void *p) ;
     #if !defined(WOLFSSL_CRYPTO_POLICY_FILE)
         #error "WOLFSSL_SYS_CRYPTO_POLICY requires a crypto policy file"
     #endif /* ! WOLFSSL_CRYPTO_POLICY_FILE */
+
+    #if !defined(OPENSSL_EXTRA)
+        #error "WOLFSSL_SYS_CRYPTO_POLICY requires OPENSSL_EXTRA"
+    #endif /* ! OPENSSL_EXTRA */
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
 /* if configure.ac turned on this feature, HAVE_ENTROPY_MEMUSE will be set,