@@ -20,6 +20,11 @@ config OPENSSL_WITH_DEPRECATED
default y
prompt "Include deprecated APIs"
+config OPENSSL_WITH_COMPRESSION
+ bool
+ default n
+ prompt "Enable compression support"
+
config OPENSSL_ENGINE_DIGEST
bool
depends on OPENSSL_ENGINE_CRYPTO
@@ -34,7 +34,8 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_OPENSSL_WITH_EC2M \
CONFIG_OPENSSL_WITH_SSL3 \
CONFIG_OPENSSL_HARDWARE_SUPPORT \
- CONFIG_OPENSSL_WITH_DEPRECATED
+ CONFIG_OPENSSL_WITH_DEPRECATED \
+ CONFIG_OPENSSL_WITH_COMPRESSION
include $(INCLUDE_DIR)/package.mk
@@ -64,7 +65,7 @@ $(call Package/openssl/Default)
SECTION:=libs
SUBMENU:=SSL
CATEGORY:=Libraries
- DEPENDS:=+zlib
+ DEPENDS:=+OPENSSL_WITH_COMPRESSION:zlib
TITLE+= (libraries)
ABI_VERSION:=$(PKG_VERSION)
MENU:=1
@@ -94,7 +95,7 @@ endef
OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia no-krb5
-OPENSSL_OPTIONS:= shared no-err zlib-dynamic no-sse2 no-ssl2
+OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2
ifdef CONFIG_OPENSSL_ENGINE_CRYPTO
OPENSSL_OPTIONS += -DHAVE_CRYPTODEV
@@ -125,6 +126,12 @@ ifndef CONFIG_OPENSSL_WITH_DEPRECATED
OPENSSL_OPTIONS += no-deprecated
endif
+ifdef CONFIG_OPENSSL_WITH_COMPRESSION
+ OPENSSL_OPTIONS += zlib-dynamic
+else
+ OPENSSL_OPTIONS += no-comp
+endif
+
ifeq ($(CONFIG_x86_64),y)
OPENSSL_TARGET:=linux-x86_64-openwrt
OPENSSL_MAKEFLAGS += LIBDIR=lib
By default it's disabled. After the CRIME attack it seems the use of compression is discouraged. Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com> --- package/libs/openssl/Config.in | 5 +++++ package/libs/openssl/Makefile | 13 ++++++++++--- 2 files changed, 15 insertions(+), 3 deletions(-)