[OpenWrt-Devel] [PATCH 1/4] openssl: disable sslv2, add an option to enable sslv3

Etienne CHAMPETIER champetier.etienne at gmail.com
Wed Oct 22 15:28:00 EDT 2014


disabling sslv2 save 10kb, disabling sslv3 save 1kb more
for now leave sslv3 enable by default

Signed-off-by: Etienne CHAMPETIER <champetier.etienne at gmail.com>
---
 package/libs/openssl/Config.in |  5 +++++
 package/libs/openssl/Makefile  | 14 +++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in
index 34eff28..3008eab 100644
--- a/package/libs/openssl/Config.in
+++ b/package/libs/openssl/Config.in
@@ -11,6 +11,11 @@ config OPENSSL_WITH_EC2M
         depends on OPENSSL_WITH_EC
         prompt "Enable ec2m support"
 
+config OPENSSL_WITH_SSL3
+	bool
+	default y
+	prompt "Enable sslv3 support"
+
 config OPENSSL_ENGINE_CRYPTO
 	bool
 	prompt "Crypto acceleration support"
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index b51808b..707c314 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -23,8 +23,12 @@ PKG_MD5SUM:=f7175c9cd3c39bb1907ac8bba9df8ed3
 PKG_LICENSE:=SSLEAY OPENSSL
 PKG_LICENSE_FILES:=LICENSE
 PKG_BUILD_DEPENDS:=ocf-crypto-headers
-PKG_CONFIG_DEPENDS:=CONFIG_OPENSSL_ENGINE_CRYPTO CONFIG_OPENSSL_ENGINE_DIGEST \
-	CONFIG_OPENSSL_WITH_EC CONFIG_OPENSSL_WITH_EC2M
+PKG_CONFIG_DEPENDS:= \
+	CONFIG_OPENSSL_ENGINE_CRYPTO \
+	CONFIG_OPENSSL_ENGINE_DIGEST \
+	CONFIG_OPENSSL_WITH_EC \
+	CONFIG_OPENSSL_WITH_EC2M \
+	CONFIG_OPENSSL_WITH_SSL3
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -85,7 +89,7 @@ endef
 
 OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-smime \
 	no-aes192 no-camellia no-ans1 no-krb5
-OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2
+OPENSSL_OPTIONS:= shared no-err no-hw zlib-dynamic no-sse2 no-ssl2
 
 ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
   OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
@@ -104,6 +108,10 @@ ifndef CONFIG_OPENSSL_WITH_EC2M
   OPENSSL_OPTIONS += no-ec2m
 endif
 
+ifndef CONFIG_OPENSSL_WITH_SSL3
+  OPENSSL_OPTIONS += no-ssl3
+endif
+
 ifeq ($(CONFIG_x86_64),y)
   OPENSSL_TARGET:=linux-x86_64
   OPENSSL_MAKEFLAGS += LIBDIR=lib
-- 
1.9.3
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list