aboutsummaryrefslogtreecommitdiff
path: root/package/openvpn/openvpn-allow-polarssl-1.2.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/openvpn/openvpn-allow-polarssl-1.2.patch')
-rw-r--r--package/openvpn/openvpn-allow-polarssl-1.2.patch72
1 files changed, 72 insertions, 0 deletions
diff --git a/package/openvpn/openvpn-allow-polarssl-1.2.patch b/package/openvpn/openvpn-allow-polarssl-1.2.patch
new file mode 100644
index 0000000000..0aeb2f2db4
--- /dev/null
+++ b/package/openvpn/openvpn-allow-polarssl-1.2.patch
@@ -0,0 +1,72 @@
+Allow OpenVPN to use newer (1.2+) PolarSSL versions.
+https://community.openvpn.net/openvpn/ticket/250
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+--- a/src/openvpn/crypto_polarssl.h.ori 2013-01-10 21:38:23.213885934 +0100
++++ a/src/openvpn/crypto_polarssl.h 2013-01-10 21:40:20.597883460 +0100
+@@ -60,7 +60,11 @@
+ #define OPENVPN_MODE_OFB POLARSSL_MODE_OFB
+
+ /** Cipher is in CFB mode */
++#if POLARSSL_VERSION_NUMBER < 0x01020000
+ #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128
++#else
++#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
++#endif
+
+ /** Cipher should encrypt */
+ #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
+--- a/src/openvpn/ssl_polarssl.c.ori 2013-01-10 21:50:16.041870946 +0100
++++ a/src/openvpn/ssl_polarssl.c 2013-01-10 21:54:35.261865496 +0100
+@@ -67,6 +67,20 @@
+
+ static int default_ciphersuites[] =
+ {
++#if POLARSSL_VERSION_NUMBER >= 0x0102000
++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
++ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
++ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
++ TLS_RSA_WITH_AES_256_CBC_SHA,
++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
++ TLS_RSA_WITH_AES_128_CBC_SHA,
++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
++ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
++ TLS_RSA_WITH_RC4_128_SHA,
++ TLS_RSA_WITH_RC4_128_MD5,
++#else
+ SSL_EDH_RSA_AES_256_SHA,
+ SSL_EDH_RSA_CAMELLIA_256_SHA,
+ SSL_EDH_RSA_AES_128_SHA,
+@@ -79,6 +93,7 @@
+ SSL_RSA_DES_168_SHA,
+ SSL_RSA_RC4_128_SHA,
+ SSL_RSA_RC4_128_MD5,
++#endif
+ 0
+ };
+
+@@ -515,7 +530,9 @@
+ ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());
+
+ ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
++#if POLARSSL_VERSION_NUMBER < 0x01020000
+ ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
++#endif
+ if (ssl_ctx->allowed_ciphers)
+ ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
+ else
+@@ -828,7 +845,11 @@
+ ssl_get_version (ks_ssl->ctx),
+ ssl_get_ciphersuite(ks_ssl->ctx));
+
++#if POLARSSL_VERSION_NUMBER >= 0x01020000
++ cert = ks_ssl->ssn->peer_cert;
++#else
+ cert = ks_ssl->ctx->peer_cert;
++#endif
+ if (cert != NULL)
+ {
+ openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);