From f767bd2851d66071ab45817a890974e5f5e0eb89 Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 9 Oct 2025 17:33:14 -0500
Subject: [PATCH] .github/workflows/symbol-prefixes.yml: add PQC,
 --enable-acert, and --with-sys-crypto-policy to configuration;

wolfssl/ssl.h: make sure WOLFSSL_NO_TLS12 is defined in the TLS layer when NO_TLS.
---
 .github/workflows/symbol-prefixes.yml | 2 +-
 wolfssl/ssl.h                         | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/symbol-prefixes.yml b/.github/workflows/symbol-prefixes.yml
index 8c8ab7821..84a0e75e9 100644
--- a/.github/workflows/symbol-prefixes.yml
+++ b/.github/workflows/symbol-prefixes.yml
@@ -17,7 +17,7 @@ jobs:
     strategy:
       matrix:
         config: [
-          '--enable-all CFLAGS=-DWOLFSSL_API_PREFIX_MAP'
+          '--enable-all --enable-mlkem --enable-mldsa --enable-xmss --enable-lms --enable-acert --with-sys-crypto-policy CFLAGS=-DWOLFSSL_API_PREFIX_MAP'
         ]
     name: make and analyze
     if: github.repository_owner == 'wolfssl'
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 8c0c0d1d8..d503aeac7 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -45,6 +45,14 @@
 #include "wolfssl/wolfcrypt/asn.h"
 #endif
 
+#if defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12)
+    /* in NO_TLS builds, WOLFSSL_NO_TLS12 must be defined in the TLS layer, but
+     * must not be defined in the crypto layer, to allow building the TLS12
+     * KDFs.
+     */
+    #define WOLFSSL_NO_TLS12
+#endif
+
 /* For the types */
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
 #include <wolfssl/openssl/compat_types.h>