summaryrefslogtreecommitdiffstats
path: root/package/network/services/openvpn/patches
diff options
context:
space:
mode:
authornbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2013-01-30 20:07:15 +0000
committernbd <nbd@3c298f89-4303-0410-b956-a3cf2f4a3e73>2013-01-30 20:07:15 +0000
commit1b45e669d20b66dc18333227c205f64ff102e7de (patch)
treeb96ea80f8828cc65ebf714db1504da203dee8bc4 /package/network/services/openvpn/patches
parent36183f83dc4dd26ddb8c060e2f2c5bef13039632 (diff)
openvpn: add from openvpn-devel from /packages, fix support for current polarssl
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35412 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'package/network/services/openvpn/patches')
-rw-r--r--package/network/services/openvpn/patches/100-polarssl_update.patch60
1 files changed, 60 insertions, 0 deletions
diff --git a/package/network/services/openvpn/patches/100-polarssl_update.patch b/package/network/services/openvpn/patches/100-polarssl_update.patch
new file mode 100644
index 000000000..c5c8faf78
--- /dev/null
+++ b/package/network/services/openvpn/patches/100-polarssl_update.patch
@@ -0,0 +1,60 @@
+--- a/src/openvpn/crypto_polarssl.h
++++ b/src/openvpn/crypto_polarssl.h
+@@ -60,7 +60,7 @@ typedef md_context_t hmac_ctx_t;
+ #define OPENVPN_MODE_OFB POLARSSL_MODE_OFB
+
+ /** Cipher is in CFB mode */
+-#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128
++#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
+
+ /** Cipher should encrypt */
+ #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -65,23 +65,6 @@ tls_clear_error()
+ {
+ }
+
+-static int default_ciphersuites[] =
+-{
+- SSL_EDH_RSA_AES_256_SHA,
+- SSL_EDH_RSA_CAMELLIA_256_SHA,
+- SSL_EDH_RSA_AES_128_SHA,
+- SSL_EDH_RSA_CAMELLIA_128_SHA,
+- SSL_EDH_RSA_DES_168_SHA,
+- SSL_RSA_AES_256_SHA,
+- SSL_RSA_CAMELLIA_256_SHA,
+- SSL_RSA_AES_128_SHA,
+- SSL_RSA_CAMELLIA_128_SHA,
+- SSL_RSA_DES_168_SHA,
+- SSL_RSA_RC4_128_SHA,
+- SSL_RSA_RC4_128_MD5,
+- 0
+-};
+-
+ void
+ tls_ctx_server_new(struct tls_root_ctx *ctx)
+ {
+@@ -515,11 +498,11 @@ void key_state_ssl_init(struct key_state
+ ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());
+
+ ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
+- ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
++ ssl_set_session (ks_ssl->ctx, ks_ssl->ssn );
+ if (ssl_ctx->allowed_ciphers)
+ ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
+ else
+- ssl_set_ciphersuites (ks_ssl->ctx, default_ciphersuites);
++ ssl_set_ciphersuites (ks_ssl->ctx, ssl_default_ciphersuites);
+
+ /* Initialise authentication information */
+ if (is_server)
+@@ -828,7 +811,7 @@ print_details (struct key_state_ssl * ks
+ ssl_get_version (ks_ssl->ctx),
+ ssl_get_ciphersuite(ks_ssl->ctx));
+
+- cert = ks_ssl->ctx->peer_cert;
++ cert = ssl_get_peer_cert(ks_ssl->ctx);
+ if (cert != NULL)
+ {
+ openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);