aboutsummaryrefslogtreecommitdiffstats
path: root/package
diff options
context:
space:
mode:
authorEneas U de Queiroz <cote2004-github@yahoo.com>2019-04-16 20:12:47 +0000
committerHans Dedecker <dedeckeh@gmail.com>2019-04-17 11:26:55 +0200
commit450d44a8ead2217f8acf541a4eaa4ad560b3e5ac (patch)
treef8d9ede24c7386aec13e4cb69af960e350b201a1 /package
parente762f5d44a12088899486443fef70f4c9c187db7 (diff)
downloadupstream-450d44a8ead2217f8acf541a4eaa4ad560b3e5ac.tar.gz
upstream-450d44a8ead2217f8acf541a4eaa4ad560b3e5ac.tar.bz2
upstream-450d44a8ead2217f8acf541a4eaa4ad560b3e5ac.zip
openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Enable engine support by default. Right now, some packages require this, so it is always enabled by the bots. Many packages will compile differently when engine support is detected, needing engine symbols from the libraries. However, being off by default, a user compiling its own image will fail to run some popular packages from the official repo. Note that disabling engines did not work in 1.0.2, so this problem never showed up before. NPN support has been removed in major browsers & servers, and has become a small bloat, so it does not make sense to leave it on by default. Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Diffstat (limited to 'package')
-rw-r--r--package/libs/openssl/Config.in12
-rw-r--r--package/libs/openssl/Makefile2
2 files changed, 6 insertions, 8 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index ecb9eea389..49f136e845 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -96,7 +96,6 @@ config OPENSSL_WITH_DTLS
config OPENSSL_WITH_NPN
bool
- default y
prompt "Enable NPN support"
help
NPN is a TLS extension, obsoleted and replaced with ALPN,
@@ -246,10 +245,15 @@ comment "Engine/Hardware Support"
config OPENSSL_ENGINE
bool "Enable engine support"
+ default y
help
This enables alternative cryptography implementations,
most commonly for interfacing with external crypto devices,
or supporting new/alternative ciphers and digests.
+ If you compile the library with this option disabled, packages built
+ using an engine-enabled library (i.e. from the official repo) may
+ fail to run. Compile and install the packages with engine support
+ disabled, and you should be fine.
Note that you need to enable KERNEL_AIO to be able to build the
afalg engine package.
@@ -271,12 +275,6 @@ config OPENSSL_ENGINE_BUILTIN_AFALG
This enables use of hardware acceleration through the
AF_ALG kernel interface.
-config OPENSSL_ENGINE_CRYPTO
- # This symbol is deprecated. Currently it is used by the openssh package.
- # Once openwrt/packages#8272 is merged, this can be safely removed.
- bool
- default OPENSSL_ENGINE_BUILTIN_DEVCRYPTO || PACKAGE_libopenssl-devcrypto
-
config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
bool
prompt "Acceleration support through /dev/crypto"
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index cb25c5557c..49cea8e45a 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=b
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_USE_MIPS16:=0
ENGINES_DIR=engines-1.1