openvpn: update to 2.5.3
Remove upstreamed patch and fix test.sh script. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This commit is contained in:
Magnus Kroken
parent
1216b02d4b
commit
29eab35c68
4 changed files with 3 additions and 45 deletions
|
|
@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=openvpn
|
||||
|
||||
PKG_VERSION:=2.5.2
|
||||
PKG_VERSION:=2.5.3
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL:=\
|
||||
https://build.openvpn.net/downloads/releases/ \
|
||||
https://swupdate.openvpn.net/community/releases/
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_HASH:=b12743836901f365efaf82ab2493967e1b21c21eb43ce9a8da1002a17c9c1dc8
|
||||
PKG_HASH:=fb6a9943c603a1951ca13e9267653f8dd650c02f84bccd2b9d20f06a4c9c9a7e
|
||||
|
||||
PKG_MAINTAINER:=Magnus Kroken <mkroken@gmail.com>
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
--- a/src/openvpn/ssl_mbedtls.c
|
||||
+++ b/src/openvpn/ssl_mbedtls.c
|
||||
@@ -1535,7 +1535,7 @@ const char *
|
||||
@@ -1538,7 +1538,7 @@ const char *
|
||||
get_ssl_library_version(void)
|
||||
{
|
||||
static char mbedtls_version[30];
|
||||
|
|
|
|||
|
|
@ -1,42 +0,0 @@
|
|||
From e4bd17c86e01aaf6f809d9ea355419c86c4defdc Mon Sep 17 00:00:00 2001
|
||||
From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
|
||||
Date: Mon, 12 Apr 2021 19:46:17 +0200
|
||||
Subject: [PATCH] Fix build with mbedtls w/o SSL renegotiation support
|
||||
|
||||
In mbedtls, support for SSL renegotiation can be disabled at
|
||||
compile-time. However, OpenVPN cannot be built with such a library
|
||||
because it calls mbedtls_ssl_conf_renegotiation() to disable this
|
||||
feature at runtime. This function doesn't exist when mbedtls was built
|
||||
without support for SSL renegotiation.
|
||||
|
||||
This commit fixes the build by ifdef'ing out the function call when
|
||||
mbedtls was built without support for SSL renegotiation.
|
||||
|
||||
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
|
||||
Acked-by: Antonio Quartulli <antonio@openvpn.net>
|
||||
Message-Id: <E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com>
|
||||
URL: https://www.mail-archive.com/search?l=mid&q=E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
---
|
||||
src/openvpn/ssl_mbedtls.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
--- a/src/openvpn/ssl_mbedtls.c
|
||||
+++ b/src/openvpn/ssl_mbedtls.c
|
||||
@@ -1098,10 +1098,13 @@ key_state_ssl_init(struct key_state_ssl
|
||||
{
|
||||
mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups);
|
||||
}
|
||||
- /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
|
||||
- * session and does not depend on this feature. And TLS renegotiations have
|
||||
- * been problematic in the past */
|
||||
+
|
||||
+ /* Disable TLS renegotiations if the mbedtls library supports that feature.
|
||||
+ * OpenVPN's renegotiation creates new SSL sessions and does not depend on
|
||||
+ * this feature and TLS renegotiations have been problematic in the past. */
|
||||
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
|
||||
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||
|
||||
/* Disable record splitting (for now). OpenVPN assumes records are sent
|
||||
* unfragmented, and changing that will require thorough review and
|
||||
0
net/openvpn/test.sh
Executable file → Normal file
0
net/openvpn/test.sh
Executable file → Normal file
Loading…
Reference in a new issue