projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3938f87)
package/uacme: don't allow mbedtls with ualpn
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sun, 26 Apr 2020 11:05:34 +0000 (13:05 +0200)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 26 Apr 2020 11:31:34 +0000 (13:31 +0200)
ualpn with mbedtls requires the activation of
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION on mbedtls which can
be a security risk.

So let the user explicitly choose the crypto library by copy/pasting
behavior of libssh and don't allow the user to select mbedtls with ualpn

Fixes:
 - http://autobuild.buildroot.org/results/5d42189299549cd655218e9e7cfcfa63e79f74ec

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/uacme/Config.in patch | blob | history
package/uacme/uacme.mk patch | blob | history

diff --git a/package/uacme/Config.in b/package/uacme/Config.in
index 58b7c534e73d147d89b1cc82f8a7141247c8ed62..ba60d787f05e88a5ccb314645eb1080aee054436 100644 (file)
--- a/package/uacme/Config.in
+++ b/package/uacme/Config.in
@@ -16,6 +16,30 @@ config BR2_PACKAGE_UACME
 
 if BR2_PACKAGE_UACME
 
+choice
+       prompt "Crypto Backend"
+       help
+         Select crypto library to be used in uacme.
+
+config BR2_PACKAGE_UACME_GNUTLS
+       bool "gnutls"
+       depends on BR2_PACKAGE_GNUTLS
+
+config BR2_PACKAGE_UACME_MBEDTLS
+       bool "mbedtls"
+       depends on BR2_PACKAGE_MBEDTLS
+       depends on !BR2_PACKAGE_UACME_UALPN
+
+comment "mbedtls crypto backend unavailable with ualpn"
+       depends on BR2_PACKAGE_MBEDTLS
+       depends on BR2_PACKAGE_UACME_UALPN
+
+config BR2_PACKAGE_UACME_OPENSSL
+       bool "openssl"
+       depends on BR2_PACKAGE_OPENSSL
+
+endchoice
+
 config BR2_PACKAGE_UACME_UALPN
        bool "enable ualpn"
        depends on BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/uacme/uacme.mk b/package/uacme/uacme.mk
index 7e544fce7901fd074d53902938d2e4790495b42a..0fb00d6c908ea88014114743972231b5e0327436 100644 (file)
--- a/package/uacme/uacme.mk
+++ b/package/uacme/uacme.mk
@@ -15,13 +15,13 @@ UACME_DEPENDENCIES = libcurl
 
 UACME_CONF_ENV = ac_cv_prog_cc_c99='-std=gnu99'
 
-ifeq ($(BR2_PACKAGE_GNUTLS),y)
+ifeq ($(BR2_PACKAGE_UACME_GNUTLS),y)
 UACME_CONF_OPTS += --with-gnutls
 UACME_DEPENDENCIES += gnutls
-else ifeq ($(BR2_PACKAGE_MBEDTLS),y)
+else ifeq ($(BR2_PACKAGE_UACME_MBEDTLS),y)
 UACME_CONF_OPTS += --with-mbedtls
 UACME_DEPENDENCIES += mbedtls
-else ifeq ($(BR2_PACKAGE_OPENSSL),y)
+else ifeq ($(BR2_PACKAGE_UACME_OPENSSL),y)
 UACME_CONF_OPTS += --with-openssl
 UACME_DEPENDENCIES += openssl
 endif