This is turning off PSK by default right? I actually use that option, and it's a relatively common use with mosquitto, which supports PSK for client auth. Could you leave it on by default please? PSK, and SRP are badly treated by people who wants certs everywhere, but they're perfectly reasonable, if only people would remember they exist.
Cheers, Karl P Dirk Feytons <[email protected]> wrote: > Signed-off-by: Dirk Feytons <[email protected]> > --- > package/libs/openssl/Config.in | 5 +++++ > package/libs/openssl/Makefile | 7 ++++++- > 2 files changed, 11 insertions(+), 1 deletion(-) > > diff --git a/package/libs/openssl/Config.in > b/package/libs/openssl/Config.in index 492b042..47b9fb5 100644 > --- a/package/libs/openssl/Config.in > +++ b/package/libs/openssl/Config.in > @@ -30,6 +30,11 @@ config OPENSSL_WITH_NPN > default n > prompt "Enable NPN support" > > +config OPENSSL_WITH_PSK > + bool > + default n > + prompt "Enable PSK support" > + > config OPENSSL_ENGINE_DIGEST > bool > depends on OPENSSL_ENGINE_CRYPTO > diff --git a/package/libs/openssl/Makefile > b/package/libs/openssl/Makefile index 61022dc..129061e 100644 > --- a/package/libs/openssl/Makefile > +++ b/package/libs/openssl/Makefile > @@ -36,7 +36,8 @@ PKG_CONFIG_DEPENDS:= \ > CONFIG_OPENSSL_HARDWARE_SUPPORT \ > CONFIG_OPENSSL_WITH_DEPRECATED \ > CONFIG_OPENSSL_WITH_COMPRESSION \ > - CONFIG_OPENSSL_WITH_NPN > + CONFIG_OPENSSL_WITH_NPN \ > + CONFIG_OPENSSL_WITH_PSK > > include $(INCLUDE_DIR)/package.mk > > @@ -137,6 +138,10 @@ ifndef CONFIG_OPENSSL_WITH_NPN > OPENSSL_OPTIONS += no-nextprotoneg > endif > > +ifndef CONFIG_OPENSSL_WITH_PSK > + OPENSSL_OPTIONS += no-psk > +endif > + > ifeq ($(CONFIG_x86_64),y) > OPENSSL_TARGET:=linux-x86_64-openwrt > OPENSSL_MAKEFLAGS += LIBDIR=lib > -- > 1.7.9.5 > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
signature.asc
Description: OpenPGP Digital Signature
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
