[OpenWrt-Devel] [PATCH 4/6] openssl: add option to disable PSK support

Karl Palsson karlp at tweak.net.au
Thu Jun 9 07:55:36 EDT 2016


This is turning off PSK by default right? I actually use that
option, and it's a relatively common use with mosquitto, which
supports PSK for client auth. Could you leave it on by default
please? PSK, and SRP are badly treated by people who wants certs
everywhere, but they're perfectly reasonable, if only people
would remember they exist.

Cheers,
Karl P

Dirk Feytons <dirk.feytons at gmail.com> wrote:
> Signed-off-by: Dirk Feytons <dirk.feytons at gmail.com>
> ---
>  package/libs/openssl/Config.in |    5 +++++
>  package/libs/openssl/Makefile  |    7 ++++++-
>  2 files changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/package/libs/openssl/Config.in
> b/package/libs/openssl/Config.in index 492b042..47b9fb5 100644
> --- a/package/libs/openssl/Config.in
> +++ b/package/libs/openssl/Config.in
> @@ -30,6 +30,11 @@ config OPENSSL_WITH_NPN
>  	default n
>  	prompt "Enable NPN support"
>  
> +config OPENSSL_WITH_PSK
> +	bool
> +	default n
> +	prompt "Enable PSK support"
> +
>  config OPENSSL_ENGINE_DIGEST
>  	bool
>  	depends on OPENSSL_ENGINE_CRYPTO
> diff --git a/package/libs/openssl/Makefile
> b/package/libs/openssl/Makefile index 61022dc..129061e 100644
> --- a/package/libs/openssl/Makefile
> +++ b/package/libs/openssl/Makefile
> @@ -36,7 +36,8 @@ PKG_CONFIG_DEPENDS:= \
>  	CONFIG_OPENSSL_HARDWARE_SUPPORT \
>  	CONFIG_OPENSSL_WITH_DEPRECATED \
>  	CONFIG_OPENSSL_WITH_COMPRESSION \
> -	CONFIG_OPENSSL_WITH_NPN
> +	CONFIG_OPENSSL_WITH_NPN \
> +	CONFIG_OPENSSL_WITH_PSK
>  
>  include $(INCLUDE_DIR)/package.mk
>  
> @@ -137,6 +138,10 @@ ifndef CONFIG_OPENSSL_WITH_NPN
>    OPENSSL_OPTIONS += no-nextprotoneg
>  endif
>  
> +ifndef CONFIG_OPENSSL_WITH_PSK
> +  OPENSSL_OPTIONS += no-psk
> +endif
> +
>  ifeq ($(CONFIG_x86_64),y)
>    OPENSSL_TARGET:=linux-x86_64-openwrt
>    OPENSSL_MAKEFLAGS += LIBDIR=lib
> -- 
> 1.7.9.5
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20160609/bdae101a/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list