upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disable MK_OPENSSL_KTLS for stable/13.

Browse source 
Due to the pending release of 13.0 and the recent bug in serf exposed
by the KTLS changes, disable OpenSSL's KTLS by default.  This keeps
crypto/openssl in sync with main while lowering the risk of introducing
instability into 13.0.

Discussed with:	gjb (re), jkim, emaste (secteam)
This commit is contained in:
John Baldwin 2021-02-04 13:40:25 -08:00
parent 3e09120f79
commit 3cf25a7802
1 changed files with 1 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
share/mk/src.opts.mk
View file

@ -212,6 +212,7 @@ __DEFAULT_NO_OPTIONS = \
LOADER_VERIEXEC_PASS_MANIFEST \
OFED_EXTRA \
OPENLDAP \
OPENSSL_KTLS \
RPCBIND_WARMSTART_SUPPORT \
SORT_THREADS \
SVN \
@ -330,13 +331,6 @@ BROKEN_OPTIONS+=LOADER_UBOOT
BROKEN_OPTIONS+=LOADER_GELI LOADER_LUA
.endif
# Kernel TLS is enabled by default on amd64
.if ${__T} == "amd64"
__DEFAULT_YES_OPTIONS+=OPENSSL_KTLS
.else
__DEFAULT_NO_OPTIONS+=OPENSSL_KTLS
.endif
.if ${__T:Mmips64*}
# profiling won't work on MIPS64 because there is only assembly for o32
BROKEN_OPTIONS+=PROFILE