[Buildroot] [PATCH 1/3] package/mbedtls: add BR2_PACKAGE_MBEDTLS_X509_UNSUPPORTED_CRITICAL_EXTENSION
Yann E. MORIN
yann.morin.1998 at free.fr
Fri Apr 24 11:48:13 UTC 2020
Nicola, All,
On 2020-04-24 13:32 +0200, Nicola Di Lieto spake thusly:
> On Fri, Apr 24, 2020 at 01:26:39PM +0200, Nicola Di Lieto wrote:
> >>
> >>I think we should refuse to use mbedtls with uacme.
> >
> >I agree, at least until mbedTLS changes its approach.
>
> Just to clarify. It's sufficient to disable building ualpn at configure
> stage with --without-ualpn. The main binary uacme is fine, even without
> unsupported critical extensions in mbedTLS.
Still, I think we should just entirely drop support for embedtls.
Users would be surprised if they have a different behaviour between
using openssl v.s gnutls v.s embedtls.
Then, when embedtls is updated to undersdand that critical extension, we
can re-instate support for embedtls in uacme.
Until then, my opinion is that we should just stop building uacme with
embedtls.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list