package/gnutls: add options to enable/disable legacy features

GnuTls implements old, unsafe or unused protocols and cyphers
Secure embedded systems shall disable them in order to be certified.
This patch allows to select/deselect SSLv2 protocol and gost cipher.

Signed-off-by: Erwan GAUTRON <erwan.gautron@bertin.fr>
[Peter: default options to 'n', move next to _GNUTLS_TOOLS, explicit
 	--enable]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/gnutls/Config.in

@@ -27,6 +27,16 @@ config BR2_PACKAGE_GNUTLS_TOOLS
 	  Install GnuTLS command line tools for various cryptographic
 	  tasks.
 
+config BR2_PACKAGE_GNUTLS_ENABLE_SSL2
+	bool "enable SSLv2"
+	help
+	  Enable SSLv2 protocol.
+
+config BR2_PACKAGE_GNUTLS_ENABLE_GOST
+	bool "enable GOST"
+	help
+	  Enable GOST cipher.
+
 endif
 
 comment "gnutls needs a toolchain w/ wchar, dynamic library"

package/gnutls/gnutls.mk

@@ -29,7 +29,9 @@ GNUTLS_CONF_OPTS = \
 	--with-librt-prefix=$(STAGING_DIR) \
 	--without-tpm \
 	$(if $(BR2_PACKAGE_GNUTLS_OPENSSL),--enable,--disable)-openssl-compatibility \
-	$(if $(BR2_PACKAGE_GNUTLS_TOOLS),--enable-tools,--disable-tools)
+	$(if $(BR2_PACKAGE_GNUTLS_TOOLS),--enable-tools,--disable-tools) \
+	$(if $(BR2_PACKAGE_GNUTLS_ENABLE_SSL2),--enable,--disable)-ssl2-support \
+	$(if $(BR2_PACKAGE_GNUTLS_ENABLE_GOST),--enable,--disable)-gost
 GNUTLS_CONF_ENV = gl_cv_socket_ipv6=yes \
 	ac_cv_header_wchar_h=$(if $(BR2_USE_WCHAR),yes,no) \
 	gt_cv_c_wchar_t=$(if $(BR2_USE_WCHAR),yes,no) \