projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3bf545d) | patch
package/uacme: don't allow ualpn with mbedTLS
authorNicola Di Lieto <nicola.dilieto@gmail.com>
Sat, 9 May 2020 09:08:08 +0000 (11:08 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 9 May 2020 11:54:46 +0000 (13:54 +0200)
commit96c3b52132b41716ca445b4c73a1a8886c26e5ee
tree0bded282e61e70319efd254f682d07cd727bde92tree
parent3bf545da78b831339f5f717dfb4d120d46ecd929commit | diff
package/uacme: don't allow ualpn with mbedTLS

ualpn requires mbedTLS to be configured and built with
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
which is not the default and can be a security risk.

Therefore make BR2_PACKAGE_UACME_UALPN depend on
BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS.

Fixes http://autobuild.buildroot.net/results/d241121f8155bad9b6b25c16234576abb7fc940b

See also

https://github.com/ndilieto/uacme/issues/23
https://github.com/ARMmbed/mbedtls/issues/3241
https://github.com/ARMmbed/mbedtls/pull/3243
http://lists.busybox.net/pipermail/buildroot/2020-April/281059.html
http://lists.busybox.net/pipermail/buildroot/2020-April/281108.html

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/uacme/Config.in diff | blob | history
package/uacme/uacme.mk diff | blob | history