openvpn: update to 2.3.2
this patches updates openvpn to v2.3.2 and adds a PKG_MD5SUM to the Makefile This release fixes a memory access violation when cipher none is used on ar71xx - at least with my config Signed-off-by: Peter Wagner <tripolar@gmx.at> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37560 3c298f89-4303-0410-b956-a3cf2f4a3e73master
Felix Fietkau
parent
4b105ab178
commit
ac4dea772d
|
|
@ -9,11 +9,12 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=openvpn
|
PKG_NAME:=openvpn
|
||||||
|
|
||||||
PKG_VERSION:=2.3.0
|
PKG_VERSION:=2.3.2
|
||||||
PKG_RELEASE=1
|
PKG_RELEASE=1
|
||||||
|
|
||||||
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
|
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
|
PKG_MD5SUM:=06e5f93dbf13f2c19647ca15ffc23ac1
|
||||||
|
|
||||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,60 +0,0 @@
|
||||||
--- a/src/openvpn/crypto_polarssl.h
|
|
||||||
+++ b/src/openvpn/crypto_polarssl.h
|
|
||||||
@@ -60,7 +60,7 @@ typedef md_context_t hmac_ctx_t;
|
|
||||||
#define OPENVPN_MODE_OFB POLARSSL_MODE_OFB
|
|
||||||
|
|
||||||
/** Cipher is in CFB mode */
|
|
||||||
-#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128
|
|
||||||
+#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
|
|
||||||
|
|
||||||
/** Cipher should encrypt */
|
|
||||||
#define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
|
|
||||||
--- a/src/openvpn/ssl_polarssl.c
|
|
||||||
+++ b/src/openvpn/ssl_polarssl.c
|
|
||||||
@@ -65,23 +65,6 @@ tls_clear_error()
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
-static int default_ciphersuites[] =
|
|
||||||
-{
|
|
||||||
- SSL_EDH_RSA_AES_256_SHA,
|
|
||||||
- SSL_EDH_RSA_CAMELLIA_256_SHA,
|
|
||||||
- SSL_EDH_RSA_AES_128_SHA,
|
|
||||||
- SSL_EDH_RSA_CAMELLIA_128_SHA,
|
|
||||||
- SSL_EDH_RSA_DES_168_SHA,
|
|
||||||
- SSL_RSA_AES_256_SHA,
|
|
||||||
- SSL_RSA_CAMELLIA_256_SHA,
|
|
||||||
- SSL_RSA_AES_128_SHA,
|
|
||||||
- SSL_RSA_CAMELLIA_128_SHA,
|
|
||||||
- SSL_RSA_DES_168_SHA,
|
|
||||||
- SSL_RSA_RC4_128_SHA,
|
|
||||||
- SSL_RSA_RC4_128_MD5,
|
|
||||||
- 0
|
|
||||||
-};
|
|
||||||
-
|
|
||||||
void
|
|
||||||
tls_ctx_server_new(struct tls_root_ctx *ctx)
|
|
||||||
{
|
|
||||||
@@ -515,11 +498,11 @@ void key_state_ssl_init(struct key_state
|
|
||||||
ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());
|
|
||||||
|
|
||||||
ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
|
|
||||||
- ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
|
|
||||||
+ ssl_set_session (ks_ssl->ctx, ks_ssl->ssn );
|
|
||||||
if (ssl_ctx->allowed_ciphers)
|
|
||||||
ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
|
|
||||||
else
|
|
||||||
- ssl_set_ciphersuites (ks_ssl->ctx, default_ciphersuites);
|
|
||||||
+ ssl_set_ciphersuites (ks_ssl->ctx, ssl_default_ciphersuites);
|
|
||||||
|
|
||||||
/* Initialise authentication information */
|
|
||||||
if (is_server)
|
|
||||||
@@ -828,7 +811,7 @@ print_details (struct key_state_ssl * ks
|
|
||||||
ssl_get_version (ks_ssl->ctx),
|
|
||||||
ssl_get_ciphersuite(ks_ssl->ctx));
|
|
||||||
|
|
||||||
- cert = ks_ssl->ctx->peer_cert;
|
|
||||||
+ cert = ssl_get_peer_cert(ks_ssl->ctx);
|
|
||||||
if (cert != NULL)
|
|
||||||
{
|
|
||||||
openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);
|
|
||||||
Loading…
Reference in New Issue