On Thu, 22 Jan 2026 at 03:57, Colin McAllister via lists.openembedded.org <[email protected]> wrote: > > Fixes [YOCTO #15416] > > Adds legacy-openssl packageconfig option to allow users to specify > if they would like the cryptography module to support the legacy OpenSSL > module or not. The legacy-openssl packageconfig option ensures the > openssl-ossl-module-legacy package is set as a runtime dependency. If > the packageconfig option is disabled, > CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY will prevent the library from ever > attempting to load the legacy provdier. > > Signed-off-by: Colin Pinnell McAllister <[email protected]> > --- > > I wasn't sure if this new packageconfig option should be enabled or > disabled by default. Leaving it enabled seems like the less disruptive > option, although it's leaving the module in a less secure state by > default. > > I'm happy to update the patch to leave the option disabled by default > if others think that would be better.
It would help to understand what this legacy module is for. 'Legacy' and 'crypto' together aren't a great pair of words. In master it's possible to break such defaults. If the outcome is a more secure system, it's even desirable. Alex
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#229977): https://lists.openembedded.org/g/openembedded-core/message/229977 Mute This Topic: https://lists.openembedded.org/mt/117394116/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
