net-wireless/hostapd: drop defunct "ssl" USE flag, add "internal-tls"

Since hostapd-2.5, USE=-ssl fails to build.

Appears USE=-ssl was used to avoid openssl. Since libressl support was
added in 2.6-r3 ebuild, there is an alternative way to avoid openssl
now.

This commit adds another alternative, to use internal TLSv1
implementation instead of openssl/libressl. It doesn't allow to build
hostapd with all the features which are enabled with openssl, though.

I don't anticipate user need for USE=-ssl to have a build which does not
support any encryption at all. Of course I am open to such users'
requests, but at last they have "savedconfig" option to help themselves.

Acked-by: zerochaos@gentoo.org
Bug: https://bugs.gentoo.org/578798
Package-Manager: Portage-2.3.31, Repoman-2.3.9

2 files changed, 24 insertions, 8 deletions

diff --git a/net-wireless/hostapd/hostapd-2.6-r4.ebuild b/net-wireless/hostapd/hostapd-2.6-r4.ebuild
index feebb2eda45e..ffc16c5ae29b 100644
--- a/net-wireless/hostapd/hostapd-2.6-r4.ebuild
+++ b/net-wireless/hostapd/hostapd-2.6-r4.ebuild
@@ -12,12 +12,13 @@ SRC_URI="http://hostap.epitest.fi/releases/${P}.tar.gz"
 LICENSE="BSD"
 SLOT="0"
 KEYWORDS="~amd64 ~arm ~mips ~ppc ~x86"
-IUSE="ipv6 libressl logwatch netlink sqlite +ssl +wps +crda"
+IUSE="internal-tls ipv6 libressl logwatch netlink sqlite +wps +crda"
 
 DEPEND="
-	ssl? (
-		!libressl? ( dev-libs/openssl:0=[-bindist] )
-		libressl? ( dev-libs/libressl:0= )
+	libressl? ( dev-libs/libressl:0= )
+	!libressl? (
+		internal-tls? ( dev-libs/libtommath )
+		!internal-tls? ( dev-libs/openssl:0=[-bindist] )
 	)
 	kernel_linux? (
 		dev-libs/libnl:3
@@ -30,6 +31,16 @@ RDEPEND="${DEPEND}"
 
 S="${S}/${PN}"
 
+pkg_pretend() {
+	if use internal-tls; then
+		if use libressl; then
+			elog "libressl flag takes precedence over internal-tls"
+		else
+			ewarn "internal-tls implementation is experimental and provides fewer features"
+		fi
+	fi
+}
+
 src_prepare() {
 	# Allow users to apply patches to src/drivers for example,
 	# i.e. anything outside ${S}/${PN}
@@ -71,7 +82,9 @@ src_configure() {
 	echo "CONFIG_ERP=y" >> ${CONFIG}
 	echo "CONFIG_EAP_MD5=y" >> ${CONFIG}
 
-	if use ssl; then
+	if use internal-tls && !use libressl; then
+		echo "CONFIG_TLS=internal" >> ${CONFIG}
+	else
 		# SSL authentication methods
 		echo "CONFIG_EAP_FAST=y" >> ${CONFIG}
 		echo "CONFIG_EAP_TLS=y" >> ${CONFIG}
@@ -80,6 +93,7 @@ src_configure() {
 		echo "CONFIG_EAP_PEAP=y" >> ${CONFIG}
 		echo "CONFIG_TLSV11=y" >> ${CONFIG}
 		echo "CONFIG_TLSV12=y" >> ${CONFIG}
+		echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
 	fi
 
 	if use wps; then
@@ -103,7 +117,6 @@ src_configure() {
 	echo "CONFIG_EAP_SAKE=y" >> ${CONFIG}
 	echo "CONFIG_EAP_GPSK=y" >> ${CONFIG}
 	echo "CONFIG_EAP_GPSK_SHA256=y" >> ${CONFIG}
-	echo "CONFIG_EAP_PWD=y" >> ${CONFIG}
 
 	einfo "Enabling drivers: "
 
@@ -170,7 +183,7 @@ src_configure() {
 src_compile() {
 	emake V=1
 
-	if use ssl; then
+	if use libressl || !use internal-tls; then
 		emake V=1 nt_password_hash
 		emake V=1 hlr_auc_gw
 	fi
@@ -185,7 +198,9 @@ src_install() {
 	dosbin ${PN}
 	dobin ${PN}_cli
 
-	use ssl && dobin nt_password_hash hlr_auc_gw
+	if use libressl || !use internal-tls; then
+		dobin nt_password_hash hlr_auc_gw
+	fi
 
 	newinitd "${FILESDIR}"/${PN}-init.d ${PN}
 	newconfd "${FILESDIR}"/${PN}-conf.d ${PN}
diff --git a/net-wireless/hostapd/metadata.xml b/net-wireless/hostapd/metadata.xml
index 59217d505469..458eddb04591 100644
--- a/net-wireless/hostapd/metadata.xml
+++ b/net-wireless/hostapd/metadata.xml
@@ -8,6 +8,7 @@
 	</longdescription>
 	<use>
 		<flag name="crda">Add CRDA support</flag>
+		<flag name="internal-tls">Use internal TLSv1 implementation instead of depending on OpenSSL, LibreSSL or GnuTLS</flag>
 		<flag name="logwatch">Install support files for 
 			<pkg>sys-apps/logwatch</pkg></flag>
 		<flag name="netlink">Adding support for using netlink to create VLANs</flag>