[OpenWrt-Devel] [PATCH 1/4] openssl: disable sslv2, add an option to enable sslv3
Etienne CHAMPETIER
champetier.etienne at gmail.com
Wed Oct 22 15:28:00 EDT 2014
disabling sslv2 save 10kb, disabling sslv3 save 1kb more
for now leave sslv3 enable by default
Signed-off-by: Etienne CHAMPETIER <champetier.etienne at gmail.com>
---
package/libs/openssl/Config.in | 5 +++++
package/libs/openssl/Makefile | 14 +++++++++++---
2 files changed, 16 insertions(+), 3 deletions(-)
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 34eff28..3008eab 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -11,6 +11,11 @@ config OPENSSL_WITH_EC2M
depends on OPENSSL_WITH_EC
prompt "Enable ec2m support"
+config OPENSSL_WITH_SSL3
+ bool
+ default y
+ prompt "Enable sslv3 support"
+
config OPENSSL_ENGINE_CRYPTO
bool
prompt "Crypto acceleration support"
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b51808b..707c314 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -23,8 +23,12 @@ PKG_MD5SUM:=f7175c9cd3c39bb1907ac8bba9df8ed3
PKG_LICENSE:=SSLEAY OPENSSL
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_DEPENDS:=ocf-crypto-headers
-PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE_CRYPTO CONFIG_OPENSSL_ENGINE_DIGEST \
- CONFIG_OPENSSL_WITH_EC CONFIG_OPENSSL_WITH_EC2M
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_OPENSSL_ENGINE_CRYPTO \
+ CONFIG_OPENSSL_ENGINE_DIGEST \
+ CONFIG_OPENSSL_WITH_EC \
+ CONFIG_OPENSSL_WITH_EC2M \
+ CONFIG_OPENSSL_WITH_SSL3
include $(INCLUDE_DIR)/package.mk
@@ -85,7 +89,7 @@ endef
OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-smime \
no-aes192 no-camellia no-ans1 no-krb5
-OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2
+OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2 no-ssl2
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
@@ -104,6 +108,10 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
OPENSSL_OPTIONS += no-ec2m
endif
+ifndef CONFIG_OPENSSL_WITH_SSL3
+ OPENSSL_OPTIONS += no-ssl3
+endif
+
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64
OPENSSL_MAKEFLAGS += LIBDIR=lib
--
1.9.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list