diff options
| author | Andre Heider <a.heider@gmail.com> | 2021-10-06 10:54:48 +0200 |
|---|---|---|
| committer | David Bauer <mail@david-bauer.net> | 2021-10-17 16:26:54 +0200 |
| commit | 4b212b1306a93b6ebd450a4b1066ddf906035f4d (patch) | |
| tree | 4a9a08a2467ad1b5861a0700ecdb70c70cd16bb2 /include/package-ipkg.mk | |
| parent | c43a5921fa7288ba183cc56da8f110a6ed0cd958 (diff) | |
| download | upstream-4b212b1306a93b6ebd450a4b1066ddf906035f4d.tar.gz upstream-4b212b1306a93b6ebd450a4b1066ddf906035f4d.tar.bz2 upstream-4b212b1306a93b6ebd450a4b1066ddf906035f4d.zip | |
wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 28d8e6a8711ba78f1684a205e11b0dbd4ff2b2f3)
Diffstat (limited to 'include/package-ipkg.mk')
0 files changed, 0 insertions, 0 deletions