On Tue, Apr 16, 2019 at 10:12 PM Eneas U de Queiroz via openwrt-devel <[email protected]> wrote: > > The sender domain has a DMARC Reject/Quarantine policy which disallows > sending mailing list messages using the original "From" header. > > To mitigate this problem, the original message has been wrapped > automatically by the mailing list software. > > > ---------- Forwarded message ---------- > From: Eneas U de Queiroz <[email protected]> > To: [email protected] > Cc: Eneas U de Queiroz <[email protected]> > Bcc: > Date: Tue, 16 Apr 2019 17:12:15 -0300 > Subject: [PATCH v2] openssl: change defaults: ENGINE:on, NPN:off, misc > Enable engine support by default. Right now, some packages require > this, so it is always enabled by the bots. Many packages will compile > differently when engine support is detected, needing engine symbols from > the libraries. > > However, being off by default, a user compiling its own image will fail > to run some popular packages from the official repo. > Note that disabling engines did not work in 1.0.2, so this problem never > showed up before. > > NPN support has been removed in major browsers & servers, and has become > a small bloat, so it does not make sense to leave it on by default. > > Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed. > > Signed-off-by: Eneas U de Queiroz <[email protected]> Patch pushed to master (https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=450d44a8ead2217f8acf541a4eaa4ad560b3e5ac); thx
Hans > --- > ChangeLog: > v2: increase PKG_RELEASE > > diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in > index ecb9eea389..49f136e845 100644 > --- a/package/libs/openssl/Config.in > +++ b/package/libs/openssl/Config.in > @@ -96,7 +96,6 @@ config OPENSSL_WITH_DTLS > > config OPENSSL_WITH_NPN > bool > - default y > prompt "Enable NPN support" > help > NPN is a TLS extension, obsoleted and replaced with ALPN, > @@ -246,10 +245,15 @@ comment "Engine/Hardware Support" > > config OPENSSL_ENGINE > bool "Enable engine support" > + default y > help > This enables alternative cryptography implementations, > most commonly for interfacing with external crypto devices, > or supporting new/alternative ciphers and digests. > + If you compile the library with this option disabled, > packages built > + using an engine-enabled library (i.e. from the official repo) > may > + fail to run. Compile and install the packages with engine > support > + disabled, and you should be fine. > Note that you need to enable KERNEL_AIO to be able to build > the > afalg engine package. > > @@ -271,12 +275,6 @@ config OPENSSL_ENGINE_BUILTIN_AFALG > This enables use of hardware acceleration through the > AF_ALG kernel interface. > > -config OPENSSL_ENGINE_CRYPTO > - # This symbol is deprecated. Currently it is used by the openssh > package. > - # Once openwrt/packages#8272 is merged, this can be safely removed. > - bool > - default OPENSSL_ENGINE_BUILTIN_DEVCRYPTO || > PACKAGE_libopenssl-devcrypto > - > config OPENSSL_ENGINE_BUILTIN_DEVCRYPTO > bool > prompt "Acceleration support through /dev/crypto" > diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile > index cb25c5557c..49cea8e45a 100644 > --- a/package/libs/openssl/Makefile > +++ b/package/libs/openssl/Makefile > @@ -11,7 +11,7 @@ PKG_NAME:=openssl > PKG_BASE:=1.1.1 > PKG_BUGFIX:=b > PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) > -PKG_RELEASE:=3 > +PKG_RELEASE:=4 > PKG_USE_MIPS16:=0 > ENGINES_DIR=engines-1.1 > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
