summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl
diff options
context:
space:
mode:
authorBrendan Le Foll <brendan.le.foll@intel.com>2015-02-16 11:18:29 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-02-19 07:51:39 +0000
commit0a5395738b0c5c41e48b882a5fb7c671b98dc732 (patch)
tree4f31e31a76927a12d47e3370bcb8b4b7f8678245 /meta/recipes-connectivity/openssl
parent0aa5ea125181364ddb7de67cc3f006f1d3926dd3 (diff)
downloadpoky-0a5395738b0c5c41e48b882a5fb7c671b98dc732.tar.gz
openssl: disable SSLv3 by default
Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV (From OE-Core rev: 4e691d06ffdb4d1fd940996f419308fe53454df7) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl')
-rw-r--r--meta/recipes-connectivity/openssl/openssl.inc4
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc
index 6eb1b5eac9..ba9bca6af4 100644
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
50RRECOMMENDS_libcrypto += "openssl-conf" 50RRECOMMENDS_libcrypto += "openssl-conf"
51RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc" 51RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
52 52
53# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
54# vulnerability
55EXTRA_OECONF = " -no-ssl3"
56
53do_configure_prepend_darwin () { 57do_configure_prepend_darwin () {
54 sed -i -e '/version-script=openssl\.ld/d' Configure 58 sed -i -e '/version-script=openssl\.ld/d' Configure
55} 59}