Comments (11)
Invalid Version reported. r25870+1-08639a5e47
Is this from a clean repository?
from openwrt.
Invalid Version reported.
r25870+1-08639a5e47
Is this from a clean repository?
Ah yes well, not exactly. Sorry. It's one commit ahead of main, but that's not touching any relevant files.
from openwrt.
Ah, libopenssl-legacy is required for the IDEA and SEED ciphers and MDC2 and WHIRLPOOL digests.
from openwrt.
I'm confused. The hostapd-basic-* variants are PSK-only. What ciphers exactly are provided by libopenssl-legacy that hostapd-basic-openssl strictly requires? Note that I use hostapd-basic-openssl on my devices and never had any issues whatsoever (with WPA2/WPA3-mixed and OWE). Additionally, from my .config…
# CONFIG_OPENSSL_WITH_ARIA is not set
# CONFIG_OPENSSL_WITH_CAMELLIA is not set
# CONFIG_OPENSSL_WITH_IDEA is not set
# CONFIG_OPENSSL_WITH_SEED is not set
# CONFIG_OPENSSL_WITH_SM234 is not set
# CONFIG_OPENSSL_WITH_BLAKE2 is not set
# CONFIG_OPENSSL_WITH_MDC2 is not set
# CONFIG_OPENSSL_WITH_WHIRLPOOL is not set
… what am I missing?
from openwrt.
I'm confused. The hostapd-basic-* variants are PSK-only. What ciphers exactly are provided by libopenssl-legacy that hostapd-basic-openssl strictly requires? Note that I use hostapd-basic-openssl on my devices and never had any issues whatsoever (with WPA2/WPA3-mixed and OWE). Additionally, from my .config…
# CONFIG_OPENSSL_WITH_ARIA is not set # CONFIG_OPENSSL_WITH_CAMELLIA is not set # CONFIG_OPENSSL_WITH_IDEA is not set # CONFIG_OPENSSL_WITH_SEED is not set # CONFIG_OPENSSL_WITH_SM234 is not set # CONFIG_OPENSSL_WITH_BLAKE2 is not set # CONFIG_OPENSSL_WITH_MDC2 is not set # CONFIG_OPENSSL_WITH_WHIRLPOOL is not set
… what am I missing?
Huh, I'm confused as well. I tried it from a clean repository again now, deselected the default wpad-basic-mbedtls and selected hostapd-basic-openssl. This is my diffconfig:
CONFIG_TARGET_ramips=y
CONFIG_TARGET_ramips_mt7621=y
CONFIG_TARGET_ramips_mt7621_DEVICE_dlink_dap-x1860-a1=y
CONFIG_OPENSSL_ENGINE=y
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y
CONFIG_OPENSSL_WITH_ASM=y
CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y
CONFIG_OPENSSL_WITH_CMS=y
CONFIG_OPENSSL_WITH_DEPRECATED=y
CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y
CONFIG_OPENSSL_WITH_IDEA=y
CONFIG_OPENSSL_WITH_MDC2=y
CONFIG_OPENSSL_WITH_PSK=y
CONFIG_OPENSSL_WITH_SEED=y
CONFIG_OPENSSL_WITH_SRP=y
CONFIG_OPENSSL_WITH_TLS13=y
CONFIG_OPENSSL_WITH_WHIRLPOOL=y
CONFIG_PACKAGE_hostapd-basic-openssl=y
CONFIG_PACKAGE_libatomic=y
CONFIG_PACKAGE_libopenssl=y
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set
(Also @nbd168 commit includes wpad-basic-openssl; why? If these ciphers/digests are not strictly required, why include wpad but not hostapd?)
Edit: These are selected by default if SMALL_FLASH isn't set 🤔
from openwrt.
Huh, I'm confused as well. I tried it from a clean repository again now, deselected the default wpad-basic-mbedtls and selected hostapd-basic-openssl. This is my diffconfig:
CONFIG_TARGET_ramips=y CONFIG_TARGET_ramips_mt7621=y CONFIG_TARGET_ramips_mt7621_DEVICE_dlink_dap-x1860-a1=y CONFIG_OPENSSL_ENGINE=y CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y CONFIG_OPENSSL_WITH_ASM=y CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y CONFIG_OPENSSL_WITH_CMS=y CONFIG_OPENSSL_WITH_DEPRECATED=y CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y CONFIG_OPENSSL_WITH_IDEA=y CONFIG_OPENSSL_WITH_MDC2=y CONFIG_OPENSSL_WITH_PSK=y CONFIG_OPENSSL_WITH_SEED=y CONFIG_OPENSSL_WITH_SRP=y CONFIG_OPENSSL_WITH_TLS13=y CONFIG_OPENSSL_WITH_WHIRLPOOL=y CONFIG_PACKAGE_hostapd-basic-openssl=y CONFIG_PACKAGE_libatomic=y CONFIG_PACKAGE_libopenssl=y # CONFIG_PACKAGE_wpad-basic-mbedtls is not set
Those are just defaults. I do my own builds and my configuration is heavily streamlined and reduced to the bare minimum. I can assure you, however, I never had any issues without those ciphers. And I just remembered that it was actually me who added the hostapd-basic-openssl variant (10e73b1), because, well… it's the one I personally use.
(Also @nbd168 commit includes wpad-basic-openssl; why? If these ciphers/digests are not strictly required, why include wpad but not hostapd?)
Edit: These are selected by default if SMALL_FLASH isn't set 🤔
They are very likely enabled by default for other software that requires them, but certainly not hostapd-basic-openssl.
from openwrt.
Those are just defaults. I do my own builds and my configuration is heavily streamlined and reduced to the bare minimum. I can assure you, however, I never had any issues without those ciphers. And I just remembered that it was actually me who added the hostapd-basic-openssl variant (10e73b1), because, well… it's the one I personally use.
Ah, that makes sense, thank you! I'll go ahead and try it out on mine as well.
They are very likely enabled by default for other software that requires them, but certainly not hostapd-basic-openssl.
Hm, but still: Why though? hostapd-basic-openssl is the only openssl variant that's not included, every other one is. Since wpad-basic-openssl also depends on them: Does wpa_supplicant need those?
from openwrt.
Hm, but still: Why though? hostapd-basic-openssl is the only openssl variant that's not included, every other one is. Since wpad-basic-openssl also depends on them: Does wpa_supplicant need those?
No idea. @nbd168?
from openwrt.
This is an interesting one, I am tempted to merge the PR to include it for hostapd-basic-openssl
as it makes no sense why its special
from openwrt.
This is an interesting one, I am tempted to merge the PR to include it for
hostapd-basic-openssl
as it makes no sense why its special
Just my two cents, but maybe it'd be better to wait for nbd's reply? rsalvaterra is right, I've run it also with libopenssl-legacy omitted and didn't observe any obvious relevant authentication failures. Perhaps it's not required anymore and could be dropped from all other variants as well.
from openwrt.
from openwrt.
Related Issues (20)
- AVM FRITZ Repeater 1200 - Using more than one of these devices breaks complete LAN HOT 4
- syslog server not receiving any rejected messages HOT 2
- EA8500 (ipq806x) macaddr for wan device same as lan1-4 HOT 2
- kernel not read correct MAC from OEM partitions HOT 3
- clients do not connect well to the asus ax53u repeater. HOT 35
- MR52 dts defines "red:user", "green:user", "blue:user" for the system LED but ls -al /sys/class/leds/ does not show any of them. HOT 3
- MR52 dts defines "red:user", "green:user", "blue:user" for the system LED but ls -al /sys/class/leds/ does not show any of them. HOT 33
- Issue with DHCP and/or Wifi introduced with OpenWrt 23.05.3 on mvebu/cortexa9 platform HOT 6
- FWD: github CI workflow question HOT 5
- xfrm: XFRM interface goes down when applying network settings HOT 2
- xfrm: Device settings don't apply on the XFRM interface HOT 2
- x86/64: Can't boot with kernel 6.6 in UEFI mode
- resizing root partition on raspberry pi 5 causes failure to boot HOT 5
- ipq40xx: `auc` upgrade - SNAPSHOT not possible HOT 12
- imagebuilder for x86/64 not creating image successfully HOT 11
- newer Snapshot than r26434 on Z800AX causes system to be unresponsive HOT 69
- NAT66 bad performance on OpenWrt master HOT 12
- Symbolic link permission wrong on ext4
- The ubus object exists, but when called by invoke, it returns the status 4 HOT 5
- Incorrect dev->cpu_port value for some routers with switches from the rtl8367, rtl8367b family HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwrt.