[Buildroot] [PATCH] package/openvpn: add option to use mbed TLS instead of OpenSSL

Ed Spiridonov edo.rus at gmail.com
Mon May 18 01:45:35 UTC 2020


On Fri, May 15, 2020 at 11:10 PM Thomas Petazzoni
<thomas.petazzoni at bootlin.com> wrote:
> Could you change this to:
>
>         select BR2_PACKAGE_OPENSSL if !BR2_PACKAGE_MBEDTLS
>
> > +choice
> > +     prompt "crypto backend"
> > +     default BR2_PACKAGE_OPENVPN_OPENSSL
> > +     help
> > +       Select crypto backend (OpenSSL/LibreSSL or mbed TLS)
> > +
> > +config BR2_PACKAGE_OPENVPN_OPENSSL
> > +     bool "openssl"
> > +     select BR2_PACKAGE_OPENSSL
> > +     help
> > +       OpenSSL/LibreSSL is a default crypto backend
> > +
> > +config BR2_PACKAGE_OPENVPN_MBEDTLS
> > +     bool "mbedtls"
> > +     select BR2_PACKAGE_MBEDTLS
> > +     help
> > +       mbed TLS is a compact crypto backend
> > +
> > +       https://community.openvpn.net/openvpn/wiki/Using-mbedtls
> > +
> > +endchoice
>
> Drop this new choice.

I thought a bit about this. Any argument against the choice?

IMHO the choice is clear and understandable.
The user explicitly selects the crypto backend. He knows what is going on.

In the case proposed by you, OpenSSL is selected automagically without
ability to unselect (until mbed TLS is selected manually).
How can the user find out that mbed TLS could be used instead of OpenSSL?
Press help on OpenVPN item? Kconfig shows dependencies here, but not a
condition (if !BR2_PACKAGE_MBEDTLS).
Look into package/openvpn/Config.in?
Of course, detailed explanation could be added into OpenVPN help. But
nobody reads help for *all* selected items.



More information about the buildroot mailing list