diff options
author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2013-01-15 06:26:06 +0000 |
---|---|---|
committer | Peter Korsgaard <jacmet@sunsite.dk> | 2013-01-15 21:23:28 +0100 |
commit | 763ad50bd72dead80d2a50c637291f06da8caaaf (patch) | |
tree | 82b352a635533f9ead4d9b7012127b4e8c57952b /package/openvpn/openvpn-allow-polarssl-1.2.patch | |
parent | 32ab8f21e6877e47c246896c6fb962861b42717d (diff) | |
download | buildroot-novena-763ad50bd72dead80d2a50c637291f06da8caaaf.tar.gz buildroot-novena-763ad50bd72dead80d2a50c637291f06da8caaaf.zip |
openvpn: bump to version 2.3.0
Toolchain IPv6 support isn't optional any more.
New PolarSSL backend besides the usual OpenSSL one.
New small binary option, reduces binary file size ~100 KiB depending on
target architecture.
Removed no crypto option - it still requires some SSL library headers
and it's pointless anyway, after all we're talking about a VPN solution
here.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Diffstat (limited to 'package/openvpn/openvpn-allow-polarssl-1.2.patch')
-rw-r--r-- | package/openvpn/openvpn-allow-polarssl-1.2.patch | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/package/openvpn/openvpn-allow-polarssl-1.2.patch b/package/openvpn/openvpn-allow-polarssl-1.2.patch new file mode 100644 index 000000000..0aeb2f2db --- /dev/null +++ b/package/openvpn/openvpn-allow-polarssl-1.2.patch @@ -0,0 +1,72 @@ +Allow OpenVPN to use newer (1.2+) PolarSSL versions. +https://community.openvpn.net/openvpn/ticket/250 + +Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> + +--- a/src/openvpn/crypto_polarssl.h.ori 2013-01-10 21:38:23.213885934 +0100 ++++ a/src/openvpn/crypto_polarssl.h 2013-01-10 21:40:20.597883460 +0100 +@@ -60,7 +60,11 @@ + #define OPENVPN_MODE_OFB POLARSSL_MODE_OFB + + /** Cipher is in CFB mode */ ++#if POLARSSL_VERSION_NUMBER < 0x01020000 + #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128 ++#else ++#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB ++#endif + + /** Cipher should encrypt */ + #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT +--- a/src/openvpn/ssl_polarssl.c.ori 2013-01-10 21:50:16.041870946 +0100 ++++ a/src/openvpn/ssl_polarssl.c 2013-01-10 21:54:35.261865496 +0100 +@@ -67,6 +67,20 @@ + + static int default_ciphersuites[] = + { ++#if POLARSSL_VERSION_NUMBER >= 0x0102000 ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_RSA_WITH_AES_128_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_RC4_128_SHA, ++ TLS_RSA_WITH_RC4_128_MD5, ++#else + SSL_EDH_RSA_AES_256_SHA, + SSL_EDH_RSA_CAMELLIA_256_SHA, + SSL_EDH_RSA_AES_128_SHA, +@@ -79,6 +93,7 @@ + SSL_RSA_DES_168_SHA, + SSL_RSA_RC4_128_SHA, + SSL_RSA_RC4_128_MD5, ++#endif + 0 + }; + +@@ -515,7 +530,9 @@ + ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); + + ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session); ++#if POLARSSL_VERSION_NUMBER < 0x01020000 + ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn ); ++#endif + if (ssl_ctx->allowed_ciphers) + ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); + else +@@ -828,7 +845,11 @@ + ssl_get_version (ks_ssl->ctx), + ssl_get_ciphersuite(ks_ssl->ctx)); + ++#if POLARSSL_VERSION_NUMBER >= 0x01020000 ++ cert = ks_ssl->ssn->peer_cert; ++#else + cert = ks_ssl->ctx->peer_cert; ++#endif + if (cert != NULL) + { + openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8); |