[OpenWrt-Devel] [PATCH v2] openssl: change defaults: ENGINE:on, NPN:off, misc
Hans Dedecker
dedeckeh at gmail.com
Wed Apr 17 05:28:10 EDT 2019
On Tue, Apr 16, 2019 at 10:12 PM Eneas U de Queiroz via openwrt-devel
<openwrt-devel at lists.openwrt.org> wrote:
>
> The sender domain has a DMARC Reject/Quarantine policy which disallows
> sending mailing list messages using the original "From" header.
>
> To mitigate this problem, the original message has been wrapped
> automatically by the mailing list software.
>
>
> ---------- Forwarded message ----------
> From: Eneas U de Queiroz <cote2004-github at yahoo.com>
> To: openwrt-devel at lists.openwrt.org
> Cc: Eneas U de Queiroz <cote2004-github at yahoo.com>
> Bcc:
> Date: Tue, 16 Apr 2019 17:12:15 -0300
> Subject: [PATCH v2] openssl: change defaults: ENGINE:on, NPN:off, misc
> Enable engine support by default. Right now, some packages require
> this, so it is always enabled by the bots. Many packages will compile
> differently when engine support is detected, needing engine symbols from
> the libraries.
>
> However, being off by default, a user compiling its own image will fail
> to run some popular packages from the official repo.
> Note that disabling engines did not work in 1.0.2, so this problem never
> showed up before.
>
> NPN support has been removed in major browsers & servers, and has become
> a small bloat, so it does not make sense to leave it on by default.
>
> Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.
>
> Signed-off-by: Eneas U de Queiroz <cote2004-github at yahoo.com>
Patch pushed to master
(https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=450d44a8ead2217f8acf541a4eaa4ad560b3e5ac);
thx
Hans
> ---
> ChangeLog:
> v2: increase PKG_RELEASE
>
> diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
> index ecb9eea389..49f136e845 100644
> --- a/package/libs/openssl/Config.in
> +++ b/package/libs/openssl/Config.in
> @@ -96,7 +96,6 @@ config OPENSSL_WITH_DTLS
>
> config OPENSSL_WITH_NPN
> bool
> - default y
> prompt "Enable NPN support"
> help
> NPN is a TLS extension, obsoleted and replaced with ALPN,
> @@ -246,10 +245,15 @@ comment "Engine/Hardware Support"
>
> config OPENSSL_ENGINE
> bool "Enable engine support"
> + default y
> help
> This enables alternative cryptography implementations,
> most commonly for interfacing with external crypto devices,
> or supporting new/alternative ciphers and digests.
> + If you compile the library with this option disabled, packages built
> + using an engine-enabled library (i.e. from the official repo) may
> + fail to run. Compile and install the packages with engine support
> + disabled, and you should be fine.
> Note that you need to enable KERNEL_AIO to be able to build the
> afalg engine package.
>
> @@ -271,12 +275,6 @@ config OPENSSL_ENGINE_BUILTIN_AFALG
> This enables use of hardware acceleration through the
> AF_ALG kernel interface.
>
> -config OPENSSL_ENGINE_CRYPTO
> - # This symbol is deprecated. Currently it is used by the openssh package.
> - # Once openwrt/packages#8272 is merged, this can be safely removed.
> - bool
> - default OPENSSL_ENGINE_BUILTIN_DEVCRYPTO || PACKAGE_libopenssl-devcrypto
> -
> config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
> bool
> prompt "Acceleration support through /dev/crypto"
> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
> index cb25c5557c..49cea8e45a 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -11,7 +11,7 @@ PKG_NAME:=openssl
> PKG_BASE:=1.1.1
> PKG_BUGFIX:=b
> PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
> -PKG_RELEASE:=3
> +PKG_RELEASE:=4
> PKG_USE_MIPS16:=0
> ENGINES_DIR=engines-1.1
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list