From: Kai Kang <[email protected]> Check distro feature 'openssl-no-weak-ciphers' to disable weak ciphers provided by openssl:
* des * ec * ecdh * ecdsa * md2 * mdc2 Signed-off-by: Kai Kang <[email protected]> --- meta/recipes-connectivity/openssl/openssl.inc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 3980ec2..69845df 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -52,6 +52,11 @@ RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" # vulnerability EXTRA_OECONF = " -no-ssl3" +WEAKCIPHERS = "${@bb.utils.contains('DISTRO_FEATURES', 'openssl-no-weak-ciphers', \ + 'no-des no-ec no-ecdh no-ecdsa no-md2 no-mdc2', '', d)}" +EXTRA_OECONF_append_class-target = " ${WEAKCIPHERS}" +EXTRA_OECONF_append_class-nativesdk = " ${WEAKCIPHERS}" + do_configure_prepend_darwin () { sed -i -e '/version-script=openssl\.ld/d' Configure } -- 2.10.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
