aboutsummaryrefslogtreecommitdiff
path: root/package/openvpn/openvpn-allow-polarssl-1.2.patch
blob: 0aeb2f2db4e16f5db38670ce2692461b568306e0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Allow OpenVPN to use newer (1.2+) PolarSSL versions.
https://community.openvpn.net/openvpn/ticket/250

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

--- a/src/openvpn/crypto_polarssl.h.ori	2013-01-10 21:38:23.213885934 +0100
+++ a/src/openvpn/crypto_polarssl.h	2013-01-10 21:40:20.597883460 +0100
@@ -60,7 +60,11 @@
 #define OPENVPN_MODE_OFB 	POLARSSL_MODE_OFB
 
 /** Cipher is in CFB mode */
+#if POLARSSL_VERSION_NUMBER < 0x01020000
 #define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB128
+#else
+#define OPENVPN_MODE_CFB 	POLARSSL_MODE_CFB
+#endif
 
 /** Cipher should encrypt */
 #define OPENVPN_OP_ENCRYPT 	POLARSSL_ENCRYPT
--- a/src/openvpn/ssl_polarssl.c.ori	2013-01-10 21:50:16.041870946 +0100
+++ a/src/openvpn/ssl_polarssl.c	2013-01-10 21:54:35.261865496 +0100
@@ -67,6 +67,20 @@
 
 static int default_ciphersuites[] =
 {
+#if POLARSSL_VERSION_NUMBER >= 0x0102000
+    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_AES_256_CBC_SHA,
+    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
+    TLS_RSA_WITH_AES_128_CBC_SHA,
+    TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
+    TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+    TLS_RSA_WITH_RC4_128_SHA,
+    TLS_RSA_WITH_RC4_128_MD5,
+#else
     SSL_EDH_RSA_AES_256_SHA,
     SSL_EDH_RSA_CAMELLIA_256_SHA,
     SSL_EDH_RSA_AES_128_SHA,
@@ -79,6 +93,7 @@
     SSL_RSA_DES_168_SHA,
     SSL_RSA_RC4_128_SHA,
     SSL_RSA_RC4_128_MD5,
+#endif
     0
 };
 
@@ -515,7 +530,9 @@
       ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());
 
       ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
+#if  POLARSSL_VERSION_NUMBER < 0x01020000
       ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
+#endif
       if (ssl_ctx->allowed_ciphers)
 	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
       else
@@ -828,7 +845,11 @@
 		    ssl_get_version (ks_ssl->ctx),
 		    ssl_get_ciphersuite(ks_ssl->ctx));
 
+#if POLARSSL_VERSION_NUMBER >= 0x01020000
+  cert = ks_ssl->ssn->peer_cert;
+#else
   cert = ks_ssl->ctx->peer_cert;
+#endif
   if (cert != NULL)
     {
       openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);