openssl: disable SSLv3 by default

author Brendan Le Foll <brendan.le.foll@intel.com>

Mon, 16 Feb 2015 11:18:29 +0000 (11:18 +0000)

committer Richard Purdie <richard.purdie@linuxfoundation.org>

Thu, 19 Feb 2015 07:50:44 +0000 (07:50 +0000)
author Brendan Le Foll <brendan.le.foll@intel.com>
Mon, 16 Feb 2015 11:18:29 +0000 (11:18 +0000)
committer Richard Purdie <richard.purdie@linuxfoundation.org>
Thu, 19 Feb 2015 07:50:44 +0000 (07:50 +0000)
diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc

index 6eb1b5eac9982e266557dc9217782ffe203dae4b..ba9bca6af4a0bb328ec3f9d24c451ef1f427e751 100644 (file)
--- a/meta/recipes-connectivity/openssl/openssl.inc
+++ b/meta/recipes-connectivity/openssl/openssl.inc
@@ -50,6 +50,10 @@ CONFFILES_openssl-conf = "${libdir}/ssl/openssl.cnf"
  RRECOMMENDS_libcrypto += "openssl-conf"
  RDEPENDS_${PN}-ptest += "${PN}-misc make perl perl-module-filehandle bc"
  
+# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE
+# vulnerability
+EXTRA_OECONF = " -no-ssl3"
+
  do_configure_prepend_darwin () {
         sed -i -e '/version-script=openssl\.ld/d' Configure
  }
author	Brendan Le Foll <brendan.le.foll@intel.com>
	Mon, 16 Feb 2015 11:18:29 +0000 (11:18 +0000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 19 Feb 2015 07:50:44 +0000 (07:50 +0000)