Advice on polarssl deprecation

There is no need to manually remove packages from .config any more, as Polarssl has been removed from LEDE.

If you have has polarssl (or its derivatives) in your config, those packages will be removed automatically.

You may still need to adjust your .config, e.g. by selecting new variant in curl etc.


  • libustream-polarssl was removed today from LEDE. The other libustream variants (mbedtls, cyassl and openssl) are still there. libustream-mbedtls is the current default.
  • px5g has only the mbedtls variant left.
  • libpolarssl itself is still left in the source repo, but it will be removed soon. Only a few packages reference it: bmx7 and shadowsocks-libev . Other packages have already been converted to use other SSL libraries.

You should check your build config for libpolarssl and manually de-select it (Libraries/SSL section in menuconfig), as there is really no need for it any more unless you are using bmx7 or shadowsocks-libev .

Config system does not automatically de-select packages in an existing .config, so it is easy to accumulate unnecessary package in .config when dependencies to old default packages change.

Will the build system still select Polarssl by default? For example, someone who creates a fresh .config file, selects a target platform/device and issues a make defconfig, will polarssl still be enabled by default?

And for us users who already have created .config files, it's as simple as removing (all together?), or setting to "not selected" (I believe is the deselected option) is good enough to remove it completely from the build. Or is it more wise to create a new .config?

I assume easy enough to just de-select. However always err on the side of caution, hence me asking :slight_smile:

No. Polarssl will not be selected by default. Only if you select one of those few packets that still use it, bmx7 etc.

You can actually see pretty easily in menuconfig, which other packages select a package:
press "/" (slash) to start search and then just write the string to search for, e.g. polarssl in the dialog box.

You will get a scrollable listing of all config options where polarssl is mentioned. The package itself is included in the listing, as well are its dependencies and selectors (and the current status y/n for each):

  │ Symbol: DEFAULT_libpolarssl [=DEFAULT_libpolarssl]                                                                                          │  
  │ Type  : unknown                                                                                                                             │  
  │ Symbol: PACKAGE_libpolarssl [=n]                                                                                                            │  
  │ Type  : tristate                                                                                                                            │  
  │ Prompt: libpolarssl....................................... Embedded SSL (library)                                                           │  
  │   Location:                                                                                                                                 │  
  │     -> Libraries                                                                                                                            │  
  │ (1)   -> SSL                                                                                                                                │  
  │   Defined at tmp/                                                                                                   │  
  │   Selects: PACKAGE_librt [=y] && PACKAGE_libssp [=n] && PACKAGE_libc [=y] && PACKAGE_libpthread [=y]                                        │  
  │   Selected by: PACKAGE_shadowsocks-libev-polarssl [=n] && PACKAGE_iptables [=y] || PACKAGE_umurmur-polarssl [=n] || PACKAGE_bmx7 [=n]       │  

You can see that it is selected only by shadowsoscks-libev, umurmur and bmx7.

There is no need to manually remove packages from .config any more, as Polarssl has been removed from LEDE.