@@ -29,6 +29,18 @@ config BR2_PACKAGE_GNUTLS_TOOLS
Install GnuTLS command line tools for various cryptographic
tasks.
+config BR2_PACKAGE_GNUTLS_ENABLE_SSL2
+ bool "enable SSLv2"
+ default y
+ help
+ Enable SSLv2 protocol.
+
+config BR2_PACKAGE_GNUTLS_ENABLE_GOST
+ bool "enable GOST"
+ default y
+ help
+ Enable GOST cypher.
+
endif
comment "gnutls needs a toolchain w/ wchar, dynamic library"
@@ -36,7 +36,9 @@ GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \
GNUTLS_INSTALL_STAGING = YES
# libpthread autodetection poison the linkpath
-GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr)
+GNUTLS_CONF_OPTS += $(if $(BR2_TOOLCHAIN_HAS_THREADS),--with-libpthread-prefix=$(STAGING_DIR)/usr) \
+ $(if $(BR2_PACKAGE_GNUTLS_ENABLE_SSL2),,--disable-ssl2-support) \
+ $(if $(BR2_PACKAGE_GNUTLS_ENABLE_GOST),,--disable-gost)
# gnutls needs libregex, but pcre can be used too
# The check isn't cross-compile friendly
GnuTls implements old, unsafe or unused protocols and cyphers Secure embedded systems shall disable them in order to be certified. This patch allows to select/unselect SSLv2 protocol and gost cypher To ensure backward compatibility, all items are selected by default Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr> --- package/gnutls/Config.in | 12 ++++++++++++ package/gnutls/gnutls.mk | 4 +++- 2 files changed, 15 insertions(+), 1 deletion(-)