[OE-core] [PATCH 1/2] openssl: disable weak ciphers

kai.kang at windriver.com kai.kang at windriver.com
Wed Jul 5 07:58:14 UTC 2017


From: Kai Kang <kai.kang at windriver.com>

Check distro feature 'openssl-no-weak-ciphers' to disable weak ciphers
provided by openssl:

* des
* ec
* ecdh
* ecdsa
* md2
* mdc2

Signed-off-by: Kai Kang <kai.kang at windriver.com>
---
 meta/recipes-connectivity/openssl/openssl.inc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 3980ec2..69845df 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -52,6 +52,11 @@ RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
 # vulnerability
 EXTRA_OECONF = " -no-ssl3"
 
+WEAKCIPHERS = "${@bb.utils.contains('DISTRO_FEATURES', 'openssl-no-weak-ciphers', \
+               'no-des no-ec no-ecdh no-ecdsa no-md2 no-mdc2', '', d)}"
+EXTRA_OECONF_append_class-target = " ${WEAKCIPHERS}"
+EXTRA_OECONF_append_class-nativesdk = " ${WEAKCIPHERS}"
+
 do_configure_prepend_darwin () {
 	sed -i -e '/version-script=openssl\.ld/d' Configure
 }
-- 
2.10.1




More information about the Openembedded-core mailing list