openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Enable engine support by default. Right now, some packages require this, so it is always enabled by the bots. Many packages will compile differently when engine support is detected, needing engine symbols from the libraries. However, being off by default, a user compiling its own image will fail to run some popular packages from the official repo. Note that disabling engines did not work in 1.0.2, so this problem never showed up before. NPN support has been removed in major browsers & servers, and has become a small bloat, so it does not make sense to leave it on by default. Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This commit is contained in:
Eneas U de Queiroz
Hans Dedecker
parent
e762f5d44a
commit
450d44a8ea
@ -96,7 +96,6 @@ config OPENSSL_WITH_DTLS
|
|||||||
|
|
||||||
config OPENSSL_WITH_NPN
|
config OPENSSL_WITH_NPN
|
||||||
bool
|
bool
|
||||||
default y
|
|
||||||
prompt "Enable NPN support"
|
prompt "Enable NPN support"
|
||||||
help
|
help
|
||||||
NPN is a TLS extension, obsoleted and replaced with ALPN,
|
NPN is a TLS extension, obsoleted and replaced with ALPN,
|
||||||
@ -246,10 +245,15 @@ comment "Engine/Hardware Support"
|
|||||||
|
|
||||||
config OPENSSL_ENGINE
|
config OPENSSL_ENGINE
|
||||||
bool "Enable engine support"
|
bool "Enable engine support"
|
||||||
|
default y
|
||||||
help
|
help
|
||||||
This enables alternative cryptography implementations,
|
This enables alternative cryptography implementations,
|
||||||
most commonly for interfacing with external crypto devices,
|
most commonly for interfacing with external crypto devices,
|
||||||
or supporting new/alternative ciphers and digests.
|
or supporting new/alternative ciphers and digests.
|
||||||
|
If you compile the library with this option disabled, packages built
|
||||||
|
using an engine-enabled library (i.e. from the official repo) may
|
||||||
|
fail to run. Compile and install the packages with engine support
|
||||||
|
disabled, and you should be fine.
|
||||||
Note that you need to enable KERNEL_AIO to be able to build the
|
Note that you need to enable KERNEL_AIO to be able to build the
|
||||||
afalg engine package.
|
afalg engine package.
|
||||||
|
|
||||||
@ -271,12 +275,6 @@ config OPENSSL_ENGINE_BUILTIN_AFALG
|
|||||||
This enables use of hardware acceleration through the
|
This enables use of hardware acceleration through the
|
||||||
AF_ALG kernel interface.
|
AF_ALG kernel interface.
|
||||||
|
|
||||||
config OPENSSL_ENGINE_CRYPTO
|
|
||||||
# This symbol is deprecated. Currently it is used by the openssh package.
|
|
||||||
# Once openwrt/packages#8272 is merged, this can be safely removed.
|
|
||||||
bool
|
|
||||||
default OPENSSL_ENGINE_BUILTIN_DEVCRYPTO || PACKAGE_libopenssl-devcrypto
|
|
||||||
|
|
||||||
config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
|
config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO
|
||||||
bool
|
bool
|
||||||
prompt "Acceleration support through /dev/crypto"
|
prompt "Acceleration support through /dev/crypto"
|
||||||
|
|||||||
@ -11,7 +11,7 @@ PKG_NAME:=openssl
|
|||||||
PKG_BASE:=1.1.1
|
PKG_BASE:=1.1.1
|
||||||
PKG_BUGFIX:=b
|
PKG_BUGFIX:=b
|
||||||
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
|
||||||
PKG_RELEASE:=3
|
PKG_RELEASE:=4
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
ENGINES_DIR=engines-1.1
|
ENGINES_DIR=engines-1.1
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user