aboutsummaryrefslogtreecommitdiff
path: root/package/openvpn
diff options
context:
space:
mode:
authorGravatar Gustavo Zacarias <gustavo@zacarias.com.ar>2016-05-14 10:33:47 -0300
committerGravatar Thomas Petazzoni <thomas.petazzoni@free-electrons.com>2016-05-15 22:41:24 +0200
commit3380da69c5ab490e5c51dca0c4389b0da91743d0 (patch)
tree502f494684f9618d44262f309fe16528400cb18f /package/openvpn
parent9194be9f3acfda7eb32a1ede9918f913bb59b2c9 (diff)
downloadbuildroot-3380da69c5ab490e5c51dca0c4389b0da91743d0.tar.gz
buildroot-3380da69c5ab490e5c51dca0c4389b0da91743d0.tar.bz2
openvpn: remove polarssl crypto backend option
Now that we need to bump openvpn to version 2.3.11 for security fixes the time has come to remove the polarssl option. Add legacy handling explaining the situation: PolarSSL 1.2.x can coexist with mbedTLS 2.x+, but OpenVPN requires PolarSSL/mbedTLS 1.3.x (the transition branch) >= 1.3.8 but doesn't build/work with the 2.x series. And PolarSSL/mbedTLS 1.3.x can't coexist with mbedTLS 2.x on the same target. So, unfortunately, openssl is now the only option (until libressl arrives) which means no more backend options in general. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Diffstat (limited to 'package/openvpn')
-rw-r--r--package/openvpn/Config.in21
-rw-r--r--package/openvpn/openvpn.mk13
2 files changed, 3 insertions, 31 deletions
diff --git a/package/openvpn/Config.in b/package/openvpn/Config.in
index 2e3712554e..8ba4ea197f 100644
--- a/package/openvpn/Config.in
+++ b/package/openvpn/Config.in
@@ -1,6 +1,7 @@
config BR2_PACKAGE_OPENVPN
bool "openvpn"
depends on BR2_USE_MMU # fork()
+ select BR2_PACKAGE_OPENSSL
help
OpenVPN is a full-featured SSL VPN solution which can
accomodate a wide range of configurations, including road
@@ -33,24 +34,4 @@ config BR2_PACKAGE_OPENVPN_PWSAVE
Allow --askpass and --auth-user-pass passwords to be read
from a file.
-choice
- prompt "Crypto backend"
- default BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL
- help
- Select the cryptographic library to use.
-
- config BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL
- bool "OpenSSL"
- select BR2_PACKAGE_OPENSSL
- help
- Enable TLS-based key exchange and OpenSSL crypto support.
-
- config BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL
- bool "PolarSSL"
- select BR2_PACKAGE_POLARSSL
- help
- Enable TLS-based key exchange and PolarSSL crypto support.
-
-endchoice
-
endif
diff --git a/package/openvpn/openvpn.mk b/package/openvpn/openvpn.mk
index 8f02792c89..1d06636254 100644
--- a/package/openvpn/openvpn.mk
+++ b/package/openvpn/openvpn.mk
@@ -7,12 +7,13 @@
OPENVPN_VERSION = 2.3.9
OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
-OPENVPN_DEPENDENCIES = host-pkgconf
+OPENVPN_DEPENDENCIES = host-pkgconf openssl
OPENVPN_LICENSE = GPLv2
OPENVPN_LICENSE_FILES = COPYRIGHT.GPL
OPENVPN_CONF_OPTS = \
--disable-plugin-auth-pam \
--enable-iproute2 \
+ --with-crypto-library=openssl \
$(if $(BR2_STATIC_LIBS),--disable-plugins)
OPENVPN_CONF_ENV = IFCONFIG=/sbin/ifconfig \
NETSTAT=/bin/netstat \
@@ -47,16 +48,6 @@ else
OPENVPN_CONF_OPTS += --disable-password-save
endif
-ifeq ($(BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL),y)
-OPENVPN_CONF_OPTS += --with-crypto-library=openssl
-OPENVPN_DEPENDENCIES += openssl
-endif
-
-ifeq ($(BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL),y)
-OPENVPN_CONF_OPTS += --with-crypto-library=polarssl
-OPENVPN_DEPENDENCIES += polarssl
-endif
-
define OPENVPN_INSTALL_TARGET_CMDS
$(INSTALL) -m 755 $(@D)/src/openvpn/openvpn \
$(TARGET_DIR)/usr/sbin/openvpn