package/mbedtls: fix zlib support

To enable compression support using zlib it is necessary to uncomment the define for MBEDTLS_ZLIB_SUPPORT in config.h [1]. Note, that enabling TLS compression may make mbedTLS vulnerable to the CRIME attack [1]. It should not be enabled unless is is sure CRIME and similar attacks are not applicable to the particulare situation. As zlib is probably enabled in most systems, maybe it is best to make the compression support a user choice and add the warning from [1]? [1] https://tls.mbed.org/kb/how-to/deflate-compression-in-ssl-tls Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
author: Jörg Krause <joerg.krause@embedded.rocks> 2017-01-29 22:15:11 +0100
committer: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2017-02-06 13:53:01 +0100
commit: c1a77961c1aca6cd50e3ad44b5b39350f1070286 (patch)
tree: d7aff59fbe228f19ee9f060a887decfcac0bc601
parent: 412e6c80ad56181546f29f2add405fa595116271 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/package/mbedtls/mbedtls.mk b/package/mbedtls/mbedtls.mk
index a8bd61f12..7171af9f9 100644
--- a/package/mbedtls/mbedtls.mk
+++ b/package/mbedtls/mbedtls.mk
@@ -42,6 +42,11 @@ endif
 ifeq ($(BR2_PACKAGE_ZLIB),y)
 MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=ON
 MBEDTLS_DEPENDENCIES += zlib
+define MBEDTLS_ENABLE_ZLIB
+	$(SED) "s://#define MBEDTLS_ZLIB_SUPPORT:#define MBEDTLS_ZLIB_SUPPORT:" \
+		$(@D)/include/mbedtls/config.h
+endef
+MBEDTLS_POST_PATCH_HOOKS += MBEDTLS_ENABLE_ZLIB
 else
 MBEDTLS_CONF_OPTS += -DENABLE_ZLIB_SUPPORT=OFF
 endif
author	Jörg Krause <joerg.krause@embedded.rocks>	2017-01-29 22:15:11 +0100
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2017-02-06 13:53:01 +0100
commit	c1a77961c1aca6cd50e3ad44b5b39350f1070286 (patch)
tree	d7aff59fbe228f19ee9f060a887decfcac0bc601
parent	412e6c80ad56181546f29f2add405fa595116271 (diff)