[Buildroot] [PATCH v2, 1/1] package/openvpn: add mbedtls support
Ed Spiridonov
edo.rus at gmail.com
Fri Oct 30 00:28:35 UTC 2020
On Fri, Oct 30, 2020 at 1:57 AM Fabrice Fontaine
<fontaine.fabrice at gmail.com> wrote:
> > IMO mbedtls could be selected by default.
> I don't agree as this will break backward compatibility which should
> really be avoided.
> Moreover, it should also be noted that upstream openvpn uses openssl,
> and not mbedtls, by default:
> https://github.com/OpenVPN/openvpn/blob/master/configure.ac#L267
AFAIK openvpn for Android and iOS uses mbedtls. So it is a well-tested
configuration.
I offered mbedtls as the default option because it is much more
compact (the difference in the size of the uncompressed image is about
2 MB).
BTW, I have been using my patch on 100+ devices since May with no issues at all.
> We could add a Config option to allow the user to select the crypto
> backend as some buildroot packages have such an option (libcurl,
> libssh) however most don't (shairport-sync, uacme, ustream-ssl,
> libnice, efl, lftp ...).
> To conclude, I would advise that you send a v2 of your patch.
Indeed I would be happy with your patch as well if openssl should
remain the default choice.
More information about the buildroot
mailing list