Closed fabled closed 5 years ago
Can you look in opensslconf and tell me what the define is for this? It's probably OPENSSL_NO_PSK but if you could confirm we can add a conditional around this.
Are there distros considering shipping with no-psk enabled btw? We don't support the combinatorial set of all possible OpenSSL configurations as a general policy because testing all of them in CI is effectively impossible. So for a no-psk config we'd want to have a distribution that has chosen to do that before we supported it.
Yes, it is OPENSSL_NO_PSK
. Currently Alpine Linux ships with that, but I just raised the question if we want to reconsider. See https://github.com/alpinelinux/aports/commit/abe1dc5988d12f5aca771605b109390f33ce7519#commitcomment-31279291
OpenWrt's build system allows disabling PSK support.
Okay, I'm convinced we should support this config. I'll put up a PR for this soon-ish.
If openssl 1.1.1 is detected, the TLSv1.3 psk stuff is enabled unconditionally. However, it can be disabled via
no-psk
configuration.Building against such openssl will give the following: