Comments (11)
Invalid Version reported. r25870+1-08639a5e47
Is this from a clean repository?
from openwrt.
Invalid Version reported.
r25870+1-08639a5e47
Is this from a clean repository?
Ah yes well, not exactly. Sorry. It's one commit ahead of main, but that's not touching any relevant files.
from openwrt.
Ah, libopenssl-legacy is required for the IDEA and SEED ciphers and MDC2 and WHIRLPOOL digests.
from openwrt.
I'm confused. The hostapd-basic-* variants are PSK-only. What ciphers exactly are provided by libopenssl-legacy that hostapd-basic-openssl strictly requires? Note that I use hostapd-basic-openssl on my devices and never had any issues whatsoever (with WPA2/WPA3-mixed and OWE). Additionally, from my .config…
# CONFIG_OPENSSL_WITH_ARIA is not set
# CONFIG_OPENSSL_WITH_CAMELLIA is not set
# CONFIG_OPENSSL_WITH_IDEA is not set
# CONFIG_OPENSSL_WITH_SEED is not set
# CONFIG_OPENSSL_WITH_SM234 is not set
# CONFIG_OPENSSL_WITH_BLAKE2 is not set
# CONFIG_OPENSSL_WITH_MDC2 is not set
# CONFIG_OPENSSL_WITH_WHIRLPOOL is not set
… what am I missing?
from openwrt.
I'm confused. The hostapd-basic-* variants are PSK-only. What ciphers exactly are provided by libopenssl-legacy that hostapd-basic-openssl strictly requires? Note that I use hostapd-basic-openssl on my devices and never had any issues whatsoever (with WPA2/WPA3-mixed and OWE). Additionally, from my .config…
# CONFIG_OPENSSL_WITH_ARIA is not set # CONFIG_OPENSSL_WITH_CAMELLIA is not set # CONFIG_OPENSSL_WITH_IDEA is not set # CONFIG_OPENSSL_WITH_SEED is not set # CONFIG_OPENSSL_WITH_SM234 is not set # CONFIG_OPENSSL_WITH_BLAKE2 is not set # CONFIG_OPENSSL_WITH_MDC2 is not set # CONFIG_OPENSSL_WITH_WHIRLPOOL is not set
… what am I missing?
Huh, I'm confused as well. I tried it from a clean repository again now, deselected the default wpad-basic-mbedtls and selected hostapd-basic-openssl. This is my diffconfig:
CONFIG_TARGET_ramips=y
CONFIG_TARGET_ramips_mt7621=y
CONFIG_TARGET_ramips_mt7621_DEVICE_dlink_dap-x1860-a1=y
CONFIG_OPENSSL_ENGINE=y
CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y
CONFIG_OPENSSL_WITH_ASM=y
CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y
CONFIG_OPENSSL_WITH_CMS=y
CONFIG_OPENSSL_WITH_DEPRECATED=y
CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y
CONFIG_OPENSSL_WITH_IDEA=y
CONFIG_OPENSSL_WITH_MDC2=y
CONFIG_OPENSSL_WITH_PSK=y
CONFIG_OPENSSL_WITH_SEED=y
CONFIG_OPENSSL_WITH_SRP=y
CONFIG_OPENSSL_WITH_TLS13=y
CONFIG_OPENSSL_WITH_WHIRLPOOL=y
CONFIG_PACKAGE_hostapd-basic-openssl=y
CONFIG_PACKAGE_libatomic=y
CONFIG_PACKAGE_libopenssl=y
# CONFIG_PACKAGE_wpad-basic-mbedtls is not set
(Also @nbd168 commit includes wpad-basic-openssl; why? If these ciphers/digests are not strictly required, why include wpad but not hostapd?)
Edit: These are selected by default if SMALL_FLASH isn't set 🤔
from openwrt.
Huh, I'm confused as well. I tried it from a clean repository again now, deselected the default wpad-basic-mbedtls and selected hostapd-basic-openssl. This is my diffconfig:
CONFIG_TARGET_ramips=y CONFIG_TARGET_ramips_mt7621=y CONFIG_TARGET_ramips_mt7621_DEVICE_dlink_dap-x1860-a1=y CONFIG_OPENSSL_ENGINE=y CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM=y CONFIG_OPENSSL_WITH_ASM=y CONFIG_OPENSSL_WITH_CHACHA_POLY1305=y CONFIG_OPENSSL_WITH_CMS=y CONFIG_OPENSSL_WITH_DEPRECATED=y CONFIG_OPENSSL_WITH_ERROR_MESSAGES=y CONFIG_OPENSSL_WITH_IDEA=y CONFIG_OPENSSL_WITH_MDC2=y CONFIG_OPENSSL_WITH_PSK=y CONFIG_OPENSSL_WITH_SEED=y CONFIG_OPENSSL_WITH_SRP=y CONFIG_OPENSSL_WITH_TLS13=y CONFIG_OPENSSL_WITH_WHIRLPOOL=y CONFIG_PACKAGE_hostapd-basic-openssl=y CONFIG_PACKAGE_libatomic=y CONFIG_PACKAGE_libopenssl=y # CONFIG_PACKAGE_wpad-basic-mbedtls is not set
Those are just defaults. I do my own builds and my configuration is heavily streamlined and reduced to the bare minimum. I can assure you, however, I never had any issues without those ciphers. And I just remembered that it was actually me who added the hostapd-basic-openssl variant (10e73b1), because, well… it's the one I personally use.
(Also @nbd168 commit includes wpad-basic-openssl; why? If these ciphers/digests are not strictly required, why include wpad but not hostapd?)
Edit: These are selected by default if SMALL_FLASH isn't set 🤔
They are very likely enabled by default for other software that requires them, but certainly not hostapd-basic-openssl.
from openwrt.
Those are just defaults. I do my own builds and my configuration is heavily streamlined and reduced to the bare minimum. I can assure you, however, I never had any issues without those ciphers. And I just remembered that it was actually me who added the hostapd-basic-openssl variant (10e73b1), because, well… it's the one I personally use.
Ah, that makes sense, thank you! I'll go ahead and try it out on mine as well.
They are very likely enabled by default for other software that requires them, but certainly not hostapd-basic-openssl.
Hm, but still: Why though? hostapd-basic-openssl is the only openssl variant that's not included, every other one is. Since wpad-basic-openssl also depends on them: Does wpa_supplicant need those?
from openwrt.
Hm, but still: Why though? hostapd-basic-openssl is the only openssl variant that's not included, every other one is. Since wpad-basic-openssl also depends on them: Does wpa_supplicant need those?
No idea. @nbd168?
from openwrt.
This is an interesting one, I am tempted to merge the PR to include it for hostapd-basic-openssl
as it makes no sense why its special
from openwrt.
This is an interesting one, I am tempted to merge the PR to include it for
hostapd-basic-openssl
as it makes no sense why its special
Just my two cents, but maybe it'd be better to wait for nbd's reply? rsalvaterra is right, I've run it also with libopenssl-legacy omitted and didn't observe any obvious relevant authentication failures. Perhaps it's not required anymore and could be dropped from all other variants as well.
from openwrt.
from openwrt.
Related Issues (20)
- libext2fs.so wrong library path to libc HOT 10
- zsh: termcap.c:45:14: error: conflicting types for 'boolcodes'; have 'char *[]' HOT 7
- ASUS RT-AX53U doesn't survive first reboot HOT 19
- sed can’t handle emoji characters HOT 5
- why there no libx264 option to select HOT 8
- Comparison is always true in Realtek RTL9300 PHY/SERDES driver HOT 2
- gstreamer WARNING: erroneous pipeline: no element "h264parse" HOT 3
- snapshot: Failed to build `tools/tar` with gcc 14 HOT 14
- qmi.sh should set network modes before try to register network HOT 4
- libelf NLS supports issues HOT 1
- ip-fill is crashing HOT 2
- “Save & Apply” does not create the VXLAN interface.
- DNSMASK not listen on VIP HOT 1
- Client Isolation not working with WDS HOT 9
- [23.05] Consistent ujail crash at reboot HOT 5
- GPIO driver kernel 6.6: rtl8366s chip detection failed, err=-19 (WNDRMAC v2 / WNDR3800) HOT 70
- kernel memory corruption on Turris Omnia HOT 2
- AMPDU On N mode HOT 4
- BPI-R4: network buffering issues (with stutters) HOT 13
- “WARNING: your configuration is out of sync. Please run make menuconfig, oldconfig or defconfig!” on every build when using `make defconfig` HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openwrt.