Henrique de Moraes Holschuh <[email protected]> [2020-07-24 13:02:30]: > On 24/07/2020 11:29, Petr Štetiar wrote: > > As there is now WolfSSL included by default due to SAE/WPA3 we can > > finally switch to TLS/SSL in other parts as well. > > > +DEFAULT_PACKAGES:= \ > > + base-files libc libgcc busybox dropbear mtd uci opkg netifd \ > > + fstools uclient-fetch logd urandom-seed urngd libustream-wolfssl \ > > + ca-certificates > > Can we fix anything that requires ca-bundle and consider that a bug that > blocks new packages from being accepted? Because ca-certificates + > ca-bundle on the same system is really awful FLASH-wise. > > Alternatively, fix anything that requires ca-certificates and keep > ca-bundle. The issue is not which one is used (IMHO): as far as I am > concerned, either one is fine as long as we never need *both* at the same > time.
I've looked at it and it seems to me, that ca-bundle makes more sense. It's smaller and already used in curl and in hostapd for EAP (both having hardcoded path to the ca-bundle file). Those packages are using ca-certificates: admin/openwisp-config devel/asu multimedia/youtube-dl net/esniper net/gnunet net/inadyn utils/docker-ce and those ca-bundle: libs/measurement-kit mail/msmtp net/acme net/adblock net/banip net/dnscrypt-proxy2 net/https-dns-proxy net/lynx net/netifyd net/nextdns net/noddos utils/cache-domains So I assume you either install ca-certificates or add support for the ca-bundle to the corresponding application in order to avoid wasting the flash space. -- ynezz _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
