[PATCH 4/5] target: grand flash devices should use OpenSSL

Christian Marangi ansuelsmth at gmail.com
Thu Jun 15 07:43:08 PDT 2023


On Thu, Jun 15, 2023 at 04:32:11PM +0200, Petr Štetiar wrote:
> During the years we've learned it hard way, that we needed to make a lot
> of compromises while using flash space friendly micro TLS libraries like
> mbedTLS/wolfSSL in order to provide more or less up to date security
> features on most supported devices.
> 
> Most of the recent and decent devices have plenty of storage space, so
> there is no need to make such compromises anymore and we could simply
> use battle tested OpenSSL on such targets by default as storage space
> increase is around 1.5 MiB, which is no brainer.
> 
> So lets make it possible to use OpenSSL on grand flash devices and
> switch to libustream-openssl and wpad-basic-openssl by default there.
> 
> This should have no functional change, the target needs to actually
> explicitly define `FEATURES := grand_flash` in order to have OpenSSL by
> default.
> 
> References: #12874
> Signed-off-by: Petr Štetiar <ynezz at true.cz>

Love this and the other series, me and also other member discussed this
idea in meeting and IRC so finally this is getting proposed.

Anyway I think also other package needs to be updated for this or I
think we will have a situation where we have multiple SSL lib selected.

libcurl is the first example I can think of.

This is just to alert that we will have this situation until we migrate
each package to the new TLS_PROVIDED option.




More information about the openwrt-devel mailing list