Message ID | 1463808936-30306-1-git-send-email-dirkneukirchen@web.de |
---|---|
State | Accepted |
Headers | show |
Hi, On 05/21/2016 07:35 AM, Dirk Neukirchen wrote: > wolfssl has a fine grained feature and compatibility control > for compiling stunnel, lighthttp or (partly) openssl dropin > ustream-ssl uses features that require normally > HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers > > ar71xx ipkg sizes of wolfssl 3.9.0: > - with stunnel: 144022 > - this patch (w.o. stunnel): 131712 > - without openssl(extra): 111104 > - w.o openssl/sni:108515 > - w.o openssl/sni/ecc: 93954 > > so patch 300 saves around 12k compressed ipkg size > > v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl > that broke with v1 > > Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> > --- > package/libs/cyassl/Makefile | 8 +++----- > .../cyassl/patches/300-SSL_set_tlsext_host_name.patch | 19 ------------------- > ...ove_SSL_set_tlsext_host_name_outside_STUNNEL.patch | 19 +++++++++++++++++++ > .../cyassl/patches/400-additional_compatibility.patch | 2 +- > 4 files changed, 23 insertions(+), 25 deletions(-) > delete mode 100644 package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch > create mode 100644 package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch > > diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile > index 7384a3d..b6440f3 100644 > --- a/package/libs/cyassl/Makefile > +++ b/package/libs/cyassl/Makefile > @@ -8,12 +8,12 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=wolfssl > -PKG_VERSION:=3.8.0 > -PKG_RELEASE:=2 > +PKG_VERSION:=3.9.0 > +PKG_RELEASE:=1 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip > PKG_SOURCE_URL:=https://www.wolfssl.com/ > -PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb > +PKG_MD5SUM:=f3396726a9befd61443c2cce216e39ba > > PKG_FIXUP:=libtool > PKG_INSTALL:=1 > @@ -38,12 +38,10 @@ endef > TARGET_CFLAGS += $(FPIC) > > CONFIGURE_ARGS += \ > - --without-zlib \ Was the zlib dependency completely removed from wolfssl? Have you tried to compile zlib in LEDE so that configure on wolfssl would find it and made sure that wolfssl does not depend on it. > --enable-singlethreaded \ > --enable-opensslextra \ > --enable-sni \ > --enable-ecc \ > - --enable-sslv3 \ > --disable-examples > > #ifneq ($(CONFIG_TARGET_x86),) > diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch > deleted file mode 100644 > index a35cdad..0000000 > --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch > +++ /dev/null > @@ -1,19 +0,0 @@ > ---- a/wolfssl/openssl/ssl.h > -+++ b/wolfssl/openssl/ssl.h > -@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR > - /* yassl had set the default to be 500 */ > - #define SSL_get_default_timeout(ctx) 500 > - > -+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) > -+ > - /* Lighthttp compatability */ > - > - #ifdef HAVE_LIGHTY > -@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ > - #define SSL_TLSEXT_ERR_NOACK alert_warning > - #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME > - > --#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name > - #define SSL_get_servername wolfSSL_get_servername > - #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX > - #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback > diff --git a/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch > new file mode 100644 > index 0000000..51d89f7 > --- /dev/null > +++ b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch > @@ -0,0 +1,19 @@ > +--- a/wolfssl/openssl/ssl.h > ++++ b/wolfssl/openssl/ssl.h > +@@ -402,6 +402,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR > + /* yassl had set the default to be 500 */ > + #define SSL_get_default_timeout(ctx) 500 > + > ++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) > ++ > + /* Lighthttp compatibility */ > + > + #ifdef HAVE_LIGHTY > +@@ -488,7 +490,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ > + #define SSL_TLSEXT_ERR_NOACK alert_warning > + #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME > + > +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name > + #define SSL_get_servername wolfSSL_get_servername > + #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX > + #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback > diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch > index 4d75d98..1464e9d 100644 > --- a/package/libs/cyassl/patches/400-additional_compatibility.patch > +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch > @@ -1,6 +1,6 @@ > --- a/cyassl/openssl/ssl.h > +++ b/cyassl/openssl/ssl.h > -@@ -27,6 +27,9 @@ > +@@ -28,6 +28,9 @@ > #define CYASSL_OPENSSL_H_ > > #include <cyassl/ssl.h> >
On 21.05.2016 14:39, Hauke Mehrtens wrote: > Hi, > > > On 05/21/2016 07:35 AM, Dirk Neukirchen wrote: >> @@ -38,12 +38,10 @@ endef >> TARGET_CFLAGS += $(FPIC) >> >> CONFIGURE_ARGS += \ >> - --without-zlib \ > > Was the zlib dependency completely removed from wolfssl? Have you tried > to compile zlib in LEDE so that configure on wolfssl would find it and > made sure that wolfssl does not depend on it. > The zlib switch is not working, the configure.ac is "wrong" and I think its deactivated by default anyway: configure.ac has AC_ARG_WITH _libz_ so the zlib switch gets a warning that this config option is unknown in log. Then "--without" does not work if its stated - but leaving out that argument does I think its an issue like: http://www.yassl.com/forums/topic80-wolfssl-configure-zlib-check.html and the configure.ac that is "wrong" - if you try to set "--without-libz" then zlib gets enabled anyway >> --enable-singlethreaded \ >> --enable-opensslextra \ >> --enable-sni \ >> --enable-ecc \ >> - --enable-sslv3 \ >> --disable-examples >>
diff --git a/package/libs/cyassl/Makefile b/package/libs/cyassl/Makefile index 7384a3d..b6440f3 100644 --- a/package/libs/cyassl/Makefile +++ b/package/libs/cyassl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=3.8.0 -PKG_RELEASE:=2 +PKG_VERSION:=3.9.0 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip PKG_SOURCE_URL:=https://www.wolfssl.com/ -PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb +PKG_MD5SUM:=f3396726a9befd61443c2cce216e39ba PKG_FIXUP:=libtool PKG_INSTALL:=1 @@ -38,12 +38,10 @@ endef TARGET_CFLAGS += $(FPIC) CONFIGURE_ARGS += \ - --without-zlib \ --enable-singlethreaded \ --enable-opensslextra \ --enable-sni \ --enable-ecc \ - --enable-sslv3 \ --disable-examples #ifneq ($(CONFIG_TARGET_x86),) diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch deleted file mode 100644 index a35cdad..0000000 --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/wolfssl/openssl/ssl.h -+++ b/wolfssl/openssl/ssl.h -@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR - /* yassl had set the default to be 500 */ - #define SSL_get_default_timeout(ctx) 500 - -+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) -+ - /* Lighthttp compatability */ - - #ifdef HAVE_LIGHTY -@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ - #define SSL_TLSEXT_ERR_NOACK alert_warning - #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME - --#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name - #define SSL_get_servername wolfSSL_get_servername - #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX - #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch new file mode 100644 index 0000000..51d89f7 --- /dev/null +++ b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch @@ -0,0 +1,19 @@ +--- a/wolfssl/openssl/ssl.h ++++ b/wolfssl/openssl/ssl.h +@@ -402,6 +402,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR + /* yassl had set the default to be 500 */ + #define SSL_get_default_timeout(ctx) 500 + ++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) ++ + /* Lighthttp compatibility */ + + #ifdef HAVE_LIGHTY +@@ -488,7 +490,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ + #define SSL_TLSEXT_ERR_NOACK alert_warning + #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME + +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name + #define SSL_get_servername wolfSSL_get_servername + #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX + #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch index 4d75d98..1464e9d 100644 --- a/package/libs/cyassl/patches/400-additional_compatibility.patch +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch @@ -1,6 +1,6 @@ --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h -@@ -27,6 +27,9 @@ +@@ -28,6 +28,9 @@ #define CYASSL_OPENSSL_H_ #include <cyassl/ssl.h>
wolfssl has a fine grained feature and compatibility control for compiling stunnel, lighthttp or (partly) openssl dropin ustream-ssl uses features that require normally HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers ar71xx ipkg sizes of wolfssl 3.9.0: - with stunnel: 144022 - this patch (w.o. stunnel): 131712 - without openssl(extra): 111104 - w.o openssl/sni:108515 - w.o openssl/sni/ecc: 93954 so patch 300 saves around 12k compressed ipkg size v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl that broke with v1 Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> --- package/libs/cyassl/Makefile | 8 +++----- .../cyassl/patches/300-SSL_set_tlsext_host_name.patch | 19 ------------------- ...ove_SSL_set_tlsext_host_name_outside_STUNNEL.patch | 19 +++++++++++++++++++ .../cyassl/patches/400-additional_compatibility.patch | 2 +- 4 files changed, 23 insertions(+), 25 deletions(-) delete mode 100644 package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch create mode 100644 package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch