Skip to content

Commit

Permalink
testing/openssl: update pkgdesc and disable various
Browse files Browse the repository at this point in the history 
explicitly disable
- des
- idea
- psk
- rc4
- rc5
- seed
- zlib

Those are either disabled in debian or removed in libressl.
  • Loading branch information
@J0WI @ncopa
J0WI authored and ncopa committed Oct 26, 2018
1 parent 57ba2ae commit abe1dc5
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions testing/openssl/APKBUILD
View file
Expand Up @@ -2,14 +2,13 @@
pkgname=openssl
pkgver=1.1.1
_abiver=${pkgver%.*}
pkgrel=2
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
pkgrel=3
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org"
arch="all"
license="OpenSSL"
depends_dev="zlib-dev"
makedepends_build="perl"
makedepends_host="zlib-dev linux-headers"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
Expand Down Expand Up @@ -48,8 +47,10 @@ build() {
perl ./Configure $_target --prefix=/usr \
--libdir=lib \
--openssldir=/etc/ssl \
shared zlib $_optflags \
no-async no-mdc2 no-ec2m no-sm2 no-sm4 no-ssl2 no-ssl3 no-weak-ssl-ciphers \
shared no-zlib $_optflags \
no-async no-comp no-des no-idea no-mdc2 no-rc4 no-rc5 no-ec2m \
no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed no-psk \
no-weak-ssl-ciphers \
$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
make
}
Expand Down

2 comments on commit abe1dc5

@fabled
Copy link
Contributor

@fabled fabled commented on abe1dc5 Nov 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any specific reason why no-psk is added? It is TLSv1.3 feature, and could be useful. In fact, py-cryptography is failing because of this:

$ ldd /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so
	ldd (0x7ff279843000)
	libssl.so.1.1 => /lib/libssl.so.1.1 (0x7ff279705000)
	libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x7ff279488000)
	libpython3.6m.so.1.0 => /usr/lib/libpython3.6m.so.1.0 (0x7ff279202000)
	libc.musl-x86_64.so.1 => ldd (0x7ff279843000)
Error relocating /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: SSL_CTX_set_psk_client_callback: symbol not found
Error relocating /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: SSL_CTX_use_psk_identity_hint: symbol not found
Error relocating /usr/lib/python3.6/site-packages/cryptography/hazmat/bindings/_openssl.abi3.so: SSL_CTX_set_psk_server_callback: symbol not found

This is obviously a cryptography bug. But shows at least that the feature is used (or modern bindings for it exists).

@fabled
Copy link
Contributor

@fabled fabled commented on abe1dc5 Nov 13, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems Debian does not have no-psk and libressl does not have it because they have not implemented it (yet?).

Please sign in to comment.