[OE-core] [PATCH 1/2] openssl: disable weak ciphers
kai.kang at windriver.com
kai.kang at windriver.com
Wed Jul 5 07:58:14 UTC 2017
From: Kai Kang <kai.kang at windriver.com>
Check distro feature 'openssl-no-weak-ciphers' to disable weak ciphers
provided by openssl:
* des
* ec
* ecdh
* ecdsa
* md2
* mdc2
Signed-off-by: Kai Kang <kai.kang at windriver.com>
---
meta/recipes-connectivity/openssl/openssl.inc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 3980ec2..69845df 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -52,6 +52,11 @@ RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
# vulnerability
EXTRA_OECONF = " -no-ssl3"
+WEAKCIPHERS = "${@bb.utils.contains('DISTRO_FEATURES', 'openssl-no-weak-ciphers', \
+ 'no-des no-ec no-ecdh no-ecdsa no-md2 no-mdc2', '', d)}"
+EXTRA_OECONF_append_class-target = " ${WEAKCIPHERS}"
+EXTRA_OECONF_append_class-nativesdk = " ${WEAKCIPHERS}"
+
do_configure_prepend_darwin () {
sed -i -e '/version-script=openssl\.ld/d' Configure
}
--
2.10.1
More information about the Openembedded-core
mailing list