forked from lede-project/source
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
openvpn: fix missing cipher list for polarssl in v2.3.11
Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <[email protected]> Signed-off-by: Jo-Philipp Wich <[email protected]>
- Loading branch information
Showing
2 changed files
with
43 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 | ||
| From: Steffan Karger <[email protected]> | ||
| Date: Fri, 13 May 2016 08:54:52 +0200 | ||
| Subject: [PATCH] Fix polarssl / mbedtls builds | ||
|
|
||
| Commit 8a399cd3 hardened the OpenSSL default cipher list, | ||
| but also introduced a change in shared code that causes | ||
| polarssl / mbedtls builds to break when no --tls-cipher is | ||
| specified. | ||
|
|
||
| This fix is backported code from the master branch. | ||
|
|
||
| Signed-off-by: Steffan Karger <[email protected]> | ||
| Acked-by: Gert Doering <[email protected]> | ||
| Message-Id: <[email protected]> | ||
| URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 | ||
| Signed-off-by: Gert Doering <[email protected]> | ||
| --- | ||
| src/openvpn/ssl_polarssl.c | 7 ++++++- | ||
| 1 file changed, 6 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c | ||
| index 1f58369..9263698 100644 | ||
| --- a/src/openvpn/ssl_polarssl.c | ||
| +++ b/src/openvpn/ssl_polarssl.c | ||
| @@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) | ||
| { | ||
| char *tmp_ciphers, *tmp_ciphers_orig, *token; | ||
| int i, cipher_count; | ||
| - int ciphers_len = strlen (ciphers); | ||
| + int ciphers_len; | ||
| + | ||
| + if (NULL == ciphers) | ||
| + return; /* Nothing to do */ | ||
| + | ||
| + ciphers_len = strlen (ciphers); | ||
|
|
||
| ASSERT (NULL != ctx); | ||
| ASSERT (0 != ciphers_len); | ||
| -- | ||
| 2.8.1 | ||
|
|