On Mon, Feb 16, 2015 at 11:18:29AM +0000, brendan.le.f...@intel.com wrote:
> From: Brendan Le Foll <brendan.le.f...@intel.com>
>
> Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable
> SSLv3 even if patched with the TLS_FALLBACK_SCSV
>
> Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com>
> ---
> meta/recipes-connectivity/openssl/openssl.inc | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-connectivity/openssl/openssl.inc
> b/meta/recipes-connectivity/openssl/openssl.inc
> index 6eb1b5e..ba9bca6 100644
> --- a/meta/recipes-connectivity/openssl/openssl.inc
> +++ b/meta/recipes-connectivity/openssl/openssl.inc
> @@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
> RRECOMMENDS_libcrypto += "openssl-conf"
> RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
>
> +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the
> POODLE
> +# vulnerability
> +EXTRA_OECONF = " -no-ssl3"
Why not use PACKAGECONFIG to make it easier to enable from distro
config or bbappend?
> +
> do_configure_prepend_darwin () {
> sed -i -e '/version-script=openssl\.ld/d' Configure
> }
> --
> 2.2.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com
signature.asc
Description: Digital signature
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
