On Tue, Jun 08, 2021 at 05:53:28PM +0200, Bastian Krause wrote: > Signed-off-by: Bastian Krause <[email protected]> > --- > rules/libcurl.in | 20 +++++++++++++++++++- > rules/libcurl.make | 6 +++--- > 2 files changed, 22 insertions(+), 4 deletions(-) > > diff --git a/rules/libcurl.in b/rules/libcurl.in > index 390e495ca..632ed48e4 100644 > --- a/rules/libcurl.in > +++ b/rules/libcurl.in > @@ -5,7 +5,8 @@ menuconfig LIBCURL > prompt "libcurl " > select LIBC_RT > select ZLIB > - select OPENSSL if LIBCURL_SSL > + select OPENSSL if LIBCURL_SSL_OPENSSL > + select GNUTLS if LIBCURL_SSL_GNUTLS > select LIBSSH2 if LIBCURL_LIBSSH2 > select CA_CERTIFICATES if LIBCURL_SSL_CA_CERTIFICATES && RUNTIME > select C_ARES if LIBCURL_C_ARES > @@ -58,6 +59,17 @@ config LIBCURL_SSL > > if LIBCURL_SSL > > +choice > + prompt "SSL backend" > + default LIBCURL_SSL_OPENSSL > + > + config LIBCURL_SSL_OPENSSL > + bool "OpenSSL" > + > + config LIBCURL_SSL_GNUTLS > + bool "GnuTLS" > +endchoice > + > choice > prompt "Central CA certificate storage" > > @@ -81,6 +93,12 @@ config LIBCURL_SSL_CA_CERTIFICATES_PATH > > endif > > +config LIBCURL_SSL_DEFAULT_BACKEND > + string > + default "openssl" if LIBCURL_SSL_OPENSSL > + default "gnutls" if LIBCURL_SSL_GNUTLS > + default "no" if !LIBCURL_SSL > + > config LIBCURL_SSL_CAPATH_PATH > string "CA directory path" if LIBCURL_SSL_CAPATH > default "/etc/ssl/certs" if LIBCURL_SSL_CAPATH || > (LIBCURL_SSL_CA_CERTIFICATES && LIBCURL_SSL_CA_CERTIFICATES_PATH) > diff --git a/rules/libcurl.make b/rules/libcurl.make > index 5620ba276..7a915dce3 100644 > --- a/rules/libcurl.make > +++ b/rules/libcurl.make > @@ -89,15 +89,15 @@ LIBCURL_CONF_OPT := \ > --without-brotli \ > --without-zstd \ > --without-gssapi \ > - --with-default-ssl-backend=$(call ptx/ifdef, > PTXCONF_LIBCURL_SSL,openssl,no) \ > + --with-default-ssl-backend=$(PTXCONF_LIBCURL_SSL_DEFAULT_BACKEND) \ > --without-winssl \ > --without-schannel \ > --without-darwinssl \ > --without-secure-transport \ > --without-amissl \ > - --with-ssl=$(call ptx/ifdef, PTXCONF_LIBCURL_SSL,$(SYSROOT)/usr,no) \ > + --with-ssl=$(call ptx/ifdef, > PTXCONF_LIBCURL_SSL_OPENSSL,$(SYSROOT)/usr,no) \ > --with-random=/dev/urandom \ > - --without-gnutls \ > + --with-gnutls=$(call ptx/ifdef, > PTXCONF_LIBCURL_SSL_GNUTLS,$(SYSROOT)/usr,no) \
Without having looked further into this, it looks like you could build libcurl with OpenSSL support, but use GnuTLS as default with ./configure --with-default-ssl-backend=gnutls --with-ssl=/usr --with-gnutls=/usr …? But our kconfig prevents that, so I think it's okay. - Roland > --without-mbedtls \ > --without-wolfssl \ > --without-mesalink \ > -- > 2.29.2 > > > _______________________________________________ > ptxdist mailing list > [email protected] > To unsubscribe, send a mail with subject "unsubscribe" to > [email protected] > -- Roland Hieber, Pengutronix e.K. | [email protected] | Steuerwalder Str. 21 | https://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list [email protected] To unsubscribe, send a mail with subject "unsubscribe" to [email protected]
