openvpn: remove polarssl crypto backend option

Now that we need to bump openvpn to version 2.3.11 for security fixes
the time has come to remove the polarssl option.
Add legacy handling explaining the situation:
PolarSSL 1.2.x can coexist with mbedTLS 2.x+, but OpenVPN requires
PolarSSL/mbedTLS 1.3.x (the transition branch) >= 1.3.8 but doesn't
build/work with the 2.x series. And PolarSSL/mbedTLS 1.3.x can't coexist
with mbedTLS 2.x on the same target.
So, unfortunately, openssl is now the only option (until libressl
arrives) which means no more backend options in general.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

Config.in.legacy

@@ -145,6 +145,17 @@ endif
 ###############################################################################
 comment "Legacy options removed in 2016.05"
 
+config BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL
+	bool "openvpn polarssl crypto backend removed"
+	select BR2_LEGACY
+	help
+	  The OpenVPN polarssl crypto backend option has been removed.
+	  Version from 2.3.10 onwards need polarssl >= 1.3.8 but aren't
+	  compatible with mbedtls (polarssl) series 2.x which is the
+	  version provided in buildroot. And both can't coexist.
+	  It now uses OpenSSL as the only option.
+
+
 config BR2_PACKAGE_NGINX_HTTP_SPDY_MODULE
 	bool "nginx http spdy module removed"
 	select BR2_LEGACY

package/openvpn/Config.in

@@ -1,6 +1,7 @@
 config BR2_PACKAGE_OPENVPN
 	bool "openvpn"
 	depends on BR2_USE_MMU # fork()
+	select BR2_PACKAGE_OPENSSL
 	help
 	  OpenVPN is a full-featured SSL VPN solution which can
 	  accomodate a wide range of configurations, including road
@@ -33,24 +34,4 @@ config BR2_PACKAGE_OPENVPN_PWSAVE
 	  Allow --askpass and --auth-user-pass passwords to be read
 	  from a file.
 
-choice
-	prompt "Crypto backend"
-	default BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL
-	help
-	  Select the cryptographic library to use.
-
-	config BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL
-	bool "OpenSSL"
-	select BR2_PACKAGE_OPENSSL
-	help
-	  Enable TLS-based key exchange and OpenSSL crypto support.
-
-	config BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL
-	bool "PolarSSL"
-	select BR2_PACKAGE_POLARSSL
-	help
-	  Enable TLS-based key exchange and PolarSSL crypto support.
-
-endchoice
-
 endif

package/openvpn/openvpn.mk

@@ -7,12 +7,13 @@
 OPENVPN_VERSION = 2.3.9
 OPENVPN_SOURCE = openvpn-$(OPENVPN_VERSION).tar.xz
 OPENVPN_SITE = http://swupdate.openvpn.net/community/releases
-OPENVPN_DEPENDENCIES = host-pkgconf
+OPENVPN_DEPENDENCIES = host-pkgconf openssl
 OPENVPN_LICENSE = GPLv2
 OPENVPN_LICENSE_FILES = COPYRIGHT.GPL
 OPENVPN_CONF_OPTS = \
 	--disable-plugin-auth-pam \
 	--enable-iproute2 \
+	--with-crypto-library=openssl \
 	$(if $(BR2_STATIC_LIBS),--disable-plugins)
 OPENVPN_CONF_ENV = IFCONFIG=/sbin/ifconfig \
 	NETSTAT=/bin/netstat \
@@ -47,16 +48,6 @@ else
 OPENVPN_CONF_OPTS += --disable-password-save
 endif
 
-ifeq ($(BR2_PACKAGE_OPENVPN_CRYPTO_OPENSSL),y)
-OPENVPN_CONF_OPTS += --with-crypto-library=openssl
-OPENVPN_DEPENDENCIES += openssl
-endif
-
-ifeq ($(BR2_PACKAGE_OPENVPN_CRYPTO_POLARSSL),y)
-OPENVPN_CONF_OPTS += --with-crypto-library=polarssl
-OPENVPN_DEPENDENCIES += polarssl
-endif
-
 define OPENVPN_INSTALL_TARGET_CMDS
 	$(INSTALL) -m 755 $(@D)/src/openvpn/openvpn \
 		$(TARGET_DIR)/usr/sbin/openvpn