[Buildroot] [PATCH] package/uacme: don't allow ualpn with mbedTLS
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sat May 9 11:55:35 UTC 2020
On Sat, 9 May 2020 11:08:08 +0200
Nicola Di Lieto <nicola.dilieto at gmail.com> wrote:
> ualpn requires mbedTLS to be configured and built with
> MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
> which is not the default and can be a security risk.
>
> Therefore make BR2_PACKAGE_UACME_UALPN depend on
> BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS.
>
> Fixes http://autobuild.buildroot.net/results/d241121f8155bad9b6b25c16234576abb7fc940b
>
> See also
>
> https://github.com/ndilieto/uacme/issues/23
> https://github.com/ARMmbed/mbedtls/issues/3241
> https://github.com/ARMmbed/mbedtls/pull/3243
> http://lists.busybox.net/pipermail/buildroot/2020-April/281059.html
> http://lists.busybox.net/pipermail/buildroot/2020-April/281108.html
>
> Signed-off-by: Nicola Di Lieto <nicola.dilieto at gmail.com>
> ---
> package/uacme/Config.in | 4 ++++
> package/uacme/uacme.mk | 6 +++---
> 2 files changed, 7 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list