On 9 June 2016 at 13:55, Karl Palsson <ka...@tweak.net.au> wrote: > > This is turning off PSK by default right? I actually use that > option, and it's a relatively common use with mosquitto, which > supports PSK for client auth. Could you leave it on by default > please? PSK, and SRP are badly treated by people who wants certs > everywhere, but they're perfectly reasonable, if only people > would remember they exist.
Yes, PSK would be off by default. My reasoning was that OpenSSL is most often used for traditional HTTPS with certs and the default OpenSSL would support that but not (much) more. I know that Mosquitto requires it (IIRC it also needs CONFIG_OPENSSL_WITH_DEPRECATED but that's still enabled by default). I'm working on a patch for Mosquitto to depend on CONFIG_OPENSSL_WITH_PSK and CONFIG_OPENSSL_WITH_DEPRECATED. Would that be OK for you or do you still want the default for PSK to be 'y'? > > Cheers, > Karl P > > Dirk Feytons <dirk.feyt...@gmail.com> wrote: >> Signed-off-by: Dirk Feytons <dirk.feyt...@gmail.com> >> --- >> package/libs/openssl/Config.in | 5 +++++ >> package/libs/openssl/Makefile | 7 ++++++- >> 2 files changed, 11 insertions(+), 1 deletion(-) >> >> diff --git a/package/libs/openssl/Config.in >> b/package/libs/openssl/Config.in index 492b042..47b9fb5 100644 >> --- a/package/libs/openssl/Config.in >> +++ b/package/libs/openssl/Config.in >> @@ -30,6 +30,11 @@ config OPENSSL_WITH_NPN >> default n >> prompt "Enable NPN support" >> >> +config OPENSSL_WITH_PSK >> + bool >> + default n >> + prompt "Enable PSK support" >> + >> config OPENSSL_ENGINE_DIGEST >> bool >> depends on OPENSSL_ENGINE_CRYPTO >> diff --git a/package/libs/openssl/Makefile >> b/package/libs/openssl/Makefile index 61022dc..129061e 100644 >> --- a/package/libs/openssl/Makefile >> +++ b/package/libs/openssl/Makefile >> @@ -36,7 +36,8 @@ PKG_CONFIG_DEPENDS:= \ >> CONFIG_OPENSSL_HARDWARE_SUPPORT \ >> CONFIG_OPENSSL_WITH_DEPRECATED \ >> CONFIG_OPENSSL_WITH_COMPRESSION \ >> - CONFIG_OPENSSL_WITH_NPN >> + CONFIG_OPENSSL_WITH_NPN \ >> + CONFIG_OPENSSL_WITH_PSK >> >> include $(INCLUDE_DIR)/package.mk >> >> @@ -137,6 +138,10 @@ ifndef CONFIG_OPENSSL_WITH_NPN >> OPENSSL_OPTIONS += no-nextprotoneg >> endif >> >> +ifndef CONFIG_OPENSSL_WITH_PSK >> + OPENSSL_OPTIONS += no-psk >> +endif >> + >> ifeq ($(CONFIG_x86_64),y) >> OPENSSL_TARGET:=linux-x86_64-openwrt >> OPENSSL_MAKEFLAGS += LIBDIR=lib >> -- >> 1.7.9.5 >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
