[Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri May 15 21:18:28 UTC 2020
Hello,
On Sat, 16 May 2020 00:03:10 +0300
Ed Spiridonov <edo.rus at gmail.com> wrote:
> > The idea of using select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_MBEDTLS
> > was to keep the current behavior, i.e be backward compatible.
>
> Does it make sense?
> If OpenSSL is selected, it will be used as a crypto backend. So any
> build based on an existing .config remains the same.
What you say will work if:
(1) Your .mk file tests BR2_PACKAGE_OPENSSL and uses openssl if set,
before using mbedtls
(2) Users are using full .config and not defconfig files. Indeed, a
defconfig file today that has BR2_PACKAGE_OPENVPN=y will not have
BR2_PACKAGE_OPENSSL=y, because this is implied by
BR2_PACKAGE_OPENVPN=y. So such users would transition from using
OpenSSL as the crypto backend for openvpn to mbedtls.
I don't have a very strong feeling on this. I agree that on the other
hand, it's good to use a smaller crypto library by default if possible.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list