From 4237c9d899a7e5dfb9d62644601bcbfa1574ab82 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Wed, 28 Sep 2016 19:04:37 +0200 Subject: remove OpenSSL support I thought some time about this, we have it in parallel some time and it have issues for allmodconfig builds. Anyway I have no fun doing openssl updates twice a week. We just can not support stunnel/ssltunnel anymore. For nodejs we use bundled openssl. I am an old OpenBSD geek anyway, so get rid of OpenSSL. --- package/strongswan/Makefile | 10 +--------- .../patch-src_libstrongswan_plugins_openssl_openssl_plugin_c | 11 +++++++++++ package/strongswan/patches/patch-src_starter_netkey_c | 8 ++++---- 3 files changed, 16 insertions(+), 13 deletions(-) create mode 100644 package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c (limited to 'package/strongswan') diff --git a/package/strongswan/Makefile b/package/strongswan/Makefile index 4cc1cd177..97d7bdb03 100644 --- a/package/strongswan/Makefile +++ b/package/strongswan/Makefile @@ -15,13 +15,10 @@ PKG_SITES:= http://download.strongswan.org/ DISTFILES:= ${PKG_NAME}-${PKG_VERSION}.tar.gz -PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_OPENSSL WITH_GMP +PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_GMP PKGCD_WITH_GMP:= use gmp for crypto PKGCS_WITH_GMP:= libgmp PKGCB_WITH_GMP:= gmp -PKGCD_WITH_OPENSSL:= use openssl for crypto -PKGCS_WITH_OPENSSL:= libopenssl -PKGCB_WITH_OPENSSL:= openssl PKGCD_WITH_LIBRESSL:= use libressl for crypto PKGCS_WITH_LIBRESSL:= libressl PKGCB_WITH_LIBRESSL:= libressl @@ -33,11 +30,6 @@ include $(ADK_TOPDIR)/mk/package.mk $(eval $(call PKG_template,STRONGSWAN,strongswan,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_OPENSSL},y) -CONFIGURE_ARGS+= --enable-openssl \ - --disable-gcrypt \ - --disable-gmp -endif ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_LIBRESSL},y) CONFIGURE_ARGS+= --enable-openssl \ --disable-gcrypt \ diff --git a/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c b/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c new file mode 100644 index 000000000..401bd7a64 --- /dev/null +++ b/package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c @@ -0,0 +1,11 @@ +--- strongswan-5.5.0.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-06-30 16:20:10.000000000 +0200 ++++ strongswan-5.5.0/src/libstrongswan/plugins/openssl/openssl_plugin.c 2016-09-30 05:36:45.015692462 +0200 +@@ -573,7 +573,7 @@ plugin_t *openssl_plugin_create() + }, + ); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | diff --git a/package/strongswan/patches/patch-src_starter_netkey_c b/package/strongswan/patches/patch-src_starter_netkey_c index b87895eeb..adb7e09eb 100644 --- a/package/strongswan/patches/patch-src_starter_netkey_c +++ b/package/strongswan/patches/patch-src_starter_netkey_c @@ -1,6 +1,6 @@ ---- strongswan-5.0.0.orig/src/starter/netkey.c 2012-06-13 06:32:03.000000000 +0200 -+++ strongswan-5.0.0/src/starter/netkey.c 2012-07-26 16:55:59.000000000 +0200 -@@ -43,6 +43,7 @@ bool starter_netkey_init(void) +--- strongswan-5.5.0.orig/src/starter/netkey.c 2016-04-22 22:01:35.000000000 +0200 ++++ strongswan-5.5.0/src/starter/netkey.c 2016-09-30 05:30:43.681874545 +0200 +@@ -42,6 +42,7 @@ bool starter_netkey_init(void) } /* make sure that all required IPsec modules are loaded */ @@ -8,7 +8,7 @@ if (stat(PROC_MODULES, &stb) == 0) { ignore_result(system("modprobe -qv ah4")); -@@ -51,6 +52,7 @@ bool starter_netkey_init(void) +@@ -50,6 +51,7 @@ bool starter_netkey_init(void) ignore_result(system("modprobe -qv xfrm4_tunnel")); ignore_result(system("modprobe -qv xfrm_user")); } -- cgit v1.2.3