mirrors/buildroot
0
0
Fork 0
mirror of https://git.busybox.net/buildroot.git synced 2024-11-27 07:23:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
2020.02.x
buildroot/package/uacme/Config.in
Nicola Di Lieto 37b5713442 package/uacme: don't allow ualpn with mbedTLS 
ualpn requires mbedTLS to be configured and built with
MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
which is not the default and can be a security risk.

Therefore make BR2_PACKAGE_UACME_UALPN depend on
BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS.

Fixes http://autobuild.buildroot.net/results/d241121f8155bad9b6b25c16234576abb7fc940b

See also

https://github.com/ndilieto/uacme/issues/23
https://github.com/ARMmbed/mbedtls/issues/3241
https://github.com/ARMmbed/mbedtls/pull/3243
http://lists.busybox.net/pipermail/buildroot/2020-April/281059.html
http://lists.busybox.net/pipermail/buildroot/2020-April/281108.html

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 96c3b52132)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-07-27 22:06:31 +02:00

35 lines
1.0 KiB
Plaintext
Raw Permalink Blame History

config BR2_PACKAGE_UACME
bool "uacme"
depends on BR2_USE_MMU # fork()
select BR2_PACKAGE_OPENSSL if !(BR2_PACKAGE_GNUTLS || BR2_PACKAGE_MBEDTLS)
select BR2_PACKAGE_LIBCURL
help
uacme is a client for the ACMEv2 protocol described in
RFC8555, written in plain C with minimal dependencies
(libcurl and either of GnuTLS, OpenSSL or mbedTLS). The
ACMEv2 protocol allows a Certificate Authority
(https://letsencrypt.org is a popular one) and an applicant
to automate the process of verification and certificate
issuance.
https://github.com/ndilieto/uacme
if BR2_PACKAGE_UACME
config BR2_PACKAGE_UACME_UALPN
bool "enable ualpn"
depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS
select BR2_PACKAGE_LIBEV
help
Build and install ualpn, the transparent proxying tls-alpn-01
challenge responder.
comment "ualpn needs a toolchain w/ threads"
depends on !BR2_TOOLCHAIN_HAS_THREADS
comment "ualpn needs either OpenSSL or GnuTLS"
depends on !(BR2_PACKAGE_OPENSSL || BR2_PACKAGE_GNUTLS)
endif
Reference in New Issue View Git Blame Copy Permalink