[OpenWrt-Devel] [PATCH 4/6] openssl: add option to disable PSK support
Karl Palsson
karlp at tweak.net.au
Thu Jun 9 08:50:51 EDT 2016
Dirk Feytons <dirk.feytons at gmail.com> wrote:
> On 9 June 2016 at 13:55, Karl Palsson <karlp at tweak.net.au>
> wrote:
> >
> > This is turning off PSK by default right? I actually use that
> > option, and it's a relatively common use with mosquitto, which
> > supports PSK for client auth. Could you leave it on by default
> > please? PSK, and SRP are badly treated by people who wants certs
> > everywhere, but they're perfectly reasonable, if only people
> > would remember they exist.
>
> Yes, PSK would be off by default. My reasoning was that OpenSSL
> is most often used for traditional HTTPS with certs and the
> default OpenSSL would support that but not (much) more. I know
> that Mosquitto requires it (IIRC it also needs
> CONFIG_OPENSSL_WITH_DEPRECATED but that's still enabled by
> default). I'm working on a patch for Mosquitto to depend on
> CONFIG_OPENSSL_WITH_PSK and CONFIG_OPENSSL_WITH_DEPRECATED.
> Would that be OK for you or do you still want the default for
> PSK to be 'y'?
Can people still do opkg install mosquitto-ssl? If they have to
recompile their own image, I think it's a no-go
Cheers,
Karl P
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP Digital Signature
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20160609/dc7c69f8/attachment.sig>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list