| Message ID | 1465468590-1961-4-git-send-email-dirk.feytons@gmail.com |
|---|---|
| State | Changes Requested |
| Headers | show |
You've changed the default for compression in this patch, was that intentional? Dirk Feytons <dirk.feytons@gmail.com> wrote: > Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> > --- > package/libs/openssl/Config.in | 5 +++++ > package/libs/openssl/Makefile | 13 ++++++++++--- > 2 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/package/libs/openssl/Config.in > b/package/libs/openssl/Config.in index aa94300..02b5da9 100644 > --- a/package/libs/openssl/Config.in > +++ b/package/libs/openssl/Config.in > @@ -20,6 +20,11 @@ config OPENSSL_WITH_DEPRECATED > default y > prompt "Include deprecated APIs" > > +config OPENSSL_WITH_COMPRESSION > + bool > + default n > + prompt "Enable compression support" > + > config OPENSSL_ENGINE_DIGEST > bool > depends on OPENSSL_ENGINE_CRYPTO > diff --git a/package/libs/openssl/Makefile > b/package/libs/openssl/Makefile index bf040a3..c6824f3 100644 > --- a/package/libs/openssl/Makefile > +++ b/package/libs/openssl/Makefile > @@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \ > CONFIG_OPENSSL_WITH_EC2M \ > CONFIG_OPENSSL_WITH_SSL3 \ > CONFIG_OPENSSL_HARDWARE_SUPPORT \ > - CONFIG_OPENSSL_WITH_DEPRECATED > + CONFIG_OPENSSL_WITH_DEPRECATED \ > + CONFIG_OPENSSL_WITH_COMPRESSION > > include $(INCLUDE_DIR)/package.mk > > @@ -64,7 +65,7 @@ $(call Package/openssl/Default) > SECTION:=libs > SUBMENU:=SSL > CATEGORY:=Libraries > - DEPENDS:=+zlib > + DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib > TITLE+= (libraries) > ABI_VERSION:=$(PKG_VERSION) > MENU:=1 > @@ -94,7 +95,7 @@ endef > > > OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 > -OPENSSL_OPTIONS:= shared no-err zlib-dynamic no-sse2 no-ssl2 > +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 > > ifdef CONFIG_OPENSSL_ENGINE_CRYPTO > OPENSSL_OPTIONS += -DHAVE_CRYPTODEV > @@ -125,6 +126,12 @@ ifndef CONFIG_OPENSSL_WITH_DEPRECATED > OPENSSL_OPTIONS += no-deprecated > endif > > +ifndef CONFIG_OPENSSL_WITH_COMPRESSION > + OPENSSL_OPTIONS += no-comp > +else > + OPENSSL_OPTIONS += zlib-dynamic > +endif > + You could use positive logic here if you like. > ifeq ($(CONFIG_x86_64),y) > OPENSSL_TARGET:=linux-x86_64-openwrt > OPENSSL_MAKEFLAGS += LIBDIR=lib > -- > 1.7.9.5 > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
On 9 June 2016 at 13:51, Karl Palsson <karlp@tweak.net.au> wrote: > > You've changed the default for compression in this patch, was > that intentional? Yes. From what I gathered after attacks like CRIME the use of TLS compression seems to be discouraged. > Dirk Feytons <dirk.feytons@gmail.com> wrote: >> Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> >> --- >> package/libs/openssl/Config.in | 5 +++++ >> package/libs/openssl/Makefile | 13 ++++++++++--- >> 2 files changed, 15 insertions(+), 3 deletions(-) >> >> diff --git a/package/libs/openssl/Config.in >> b/package/libs/openssl/Config.in index aa94300..02b5da9 100644 >> --- a/package/libs/openssl/Config.in >> +++ b/package/libs/openssl/Config.in >> @@ -20,6 +20,11 @@ config OPENSSL_WITH_DEPRECATED >> default y >> prompt "Include deprecated APIs" >> >> +config OPENSSL_WITH_COMPRESSION >> + bool >> + default n >> + prompt "Enable compression support" >> + >> config OPENSSL_ENGINE_DIGEST >> bool >> depends on OPENSSL_ENGINE_CRYPTO >> diff --git a/package/libs/openssl/Makefile >> b/package/libs/openssl/Makefile index bf040a3..c6824f3 100644 >> --- a/package/libs/openssl/Makefile >> +++ b/package/libs/openssl/Makefile >> @@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \ >> CONFIG_OPENSSL_WITH_EC2M \ >> CONFIG_OPENSSL_WITH_SSL3 \ >> CONFIG_OPENSSL_HARDWARE_SUPPORT \ >> - CONFIG_OPENSSL_WITH_DEPRECATED >> + CONFIG_OPENSSL_WITH_DEPRECATED \ >> + CONFIG_OPENSSL_WITH_COMPRESSION >> >> include $(INCLUDE_DIR)/package.mk >> >> @@ -64,7 +65,7 @@ $(call Package/openssl/Default) >> SECTION:=libs >> SUBMENU:=SSL >> CATEGORY:=Libraries >> - DEPENDS:=+zlib >> + DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib >> TITLE+= (libraries) >> ABI_VERSION:=$(PKG_VERSION) >> MENU:=1 >> @@ -94,7 +95,7 @@ endef >> >> >> OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 >> -OPENSSL_OPTIONS:= shared no-err zlib-dynamic no-sse2 no-ssl2 >> +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 >> >> ifdef CONFIG_OPENSSL_ENGINE_CRYPTO >> OPENSSL_OPTIONS += -DHAVE_CRYPTODEV >> @@ -125,6 +126,12 @@ ifndef CONFIG_OPENSSL_WITH_DEPRECATED >> OPENSSL_OPTIONS += no-deprecated >> endif >> >> +ifndef CONFIG_OPENSSL_WITH_COMPRESSION >> + OPENSSL_OPTIONS += no-comp >> +else >> + OPENSSL_OPTIONS += zlib-dynamic >> +endif >> + > > You could use positive logic here if you like. Sure; I'll swap it around. >> ifeq ($(CONFIG_x86_64),y) >> OPENSSL_TARGET:=linux-x86_64-openwrt >> OPENSSL_MAKEFLAGS += LIBDIR=lib
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index aa94300..02b5da9 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -20,6 +20,11 @@ config OPENSSL_WITH_DEPRECATED default y prompt "Include deprecated APIs" +config OPENSSL_WITH_COMPRESSION + bool + default n + prompt "Enable compression support" + config OPENSSL_ENGINE_DIGEST bool depends on OPENSSL_ENGINE_CRYPTO diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index bf040a3..c6824f3 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_WITH_EC2M \ CONFIG_OPENSSL_WITH_SSL3 \ CONFIG_OPENSSL_HARDWARE_SUPPORT \ - CONFIG_OPENSSL_WITH_DEPRECATED + CONFIG_OPENSSL_WITH_DEPRECATED \ + CONFIG_OPENSSL_WITH_COMPRESSION include $(INCLUDE_DIR)/package.mk @@ -64,7 +65,7 @@ $(call Package/openssl/Default) SECTION:=libs SUBMENU:=SSL CATEGORY:=Libraries - DEPENDS:=+zlib + DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib TITLE+= (libraries) ABI_VERSION:=$(PKG_VERSION) MENU:=1 @@ -94,7 +95,7 @@ endef OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5 -OPENSSL_OPTIONS:= shared no-err zlib-dynamic no-sse2 no-ssl2 +OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 ifdef CONFIG_OPENSSL_ENGINE_CRYPTO OPENSSL_OPTIONS += -DHAVE_CRYPTODEV @@ -125,6 +126,12 @@ ifndef CONFIG_OPENSSL_WITH_DEPRECATED OPENSSL_OPTIONS += no-deprecated endif +ifndef CONFIG_OPENSSL_WITH_COMPRESSION + OPENSSL_OPTIONS += no-comp +else + OPENSSL_OPTIONS += zlib-dynamic +endif + ifeq ($(CONFIG_x86_64),y) OPENSSL_TARGET:=linux-x86_64-openwrt OPENSSL_MAKEFLAGS += LIBDIR=lib
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> --- package/libs/openssl/Config.in | 5 +++++ package/libs/openssl/Makefile | 13 ++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-)