mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-14 15:53:29 +08:00
763ad50bd7
Toolchain IPv6 support isn't optional any more. New PolarSSL backend besides the usual OpenSSL one. New small binary option, reduces binary file size ~100 KiB depending on target architecture. Removed no crypto option - it still requires some SSL library headers and it's pointless anyway, after all we're talking about a VPN solution here. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
73 lines
2.2 KiB
Diff
73 lines
2.2 KiB
Diff
Allow OpenVPN to use newer (1.2+) PolarSSL versions.
|
|
https://community.openvpn.net/openvpn/ticket/250
|
|
|
|
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
|
|
|
|
--- a/src/openvpn/crypto_polarssl.h.ori 2013-01-10 21:38:23.213885934 +0100
|
|
+++ a/src/openvpn/crypto_polarssl.h 2013-01-10 21:40:20.597883460 +0100
|
|
@@ -60,7 +60,11 @@
|
|
#define OPENVPN_MODE_OFB POLARSSL_MODE_OFB
|
|
|
|
/** Cipher is in CFB mode */
|
|
+#if POLARSSL_VERSION_NUMBER < 0x01020000
|
|
#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128
|
|
+#else
|
|
+#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB
|
|
+#endif
|
|
|
|
/** Cipher should encrypt */
|
|
#define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT
|
|
--- a/src/openvpn/ssl_polarssl.c.ori 2013-01-10 21:50:16.041870946 +0100
|
|
+++ a/src/openvpn/ssl_polarssl.c 2013-01-10 21:54:35.261865496 +0100
|
|
@@ -67,6 +67,20 @@
|
|
|
|
static int default_ciphersuites[] =
|
|
{
|
|
+#if POLARSSL_VERSION_NUMBER >= 0x0102000
|
|
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
|
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
|
|
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
+ TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
|
+ TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
|
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
+ TLS_RSA_WITH_RC4_128_SHA,
|
|
+ TLS_RSA_WITH_RC4_128_MD5,
|
|
+#else
|
|
SSL_EDH_RSA_AES_256_SHA,
|
|
SSL_EDH_RSA_CAMELLIA_256_SHA,
|
|
SSL_EDH_RSA_AES_128_SHA,
|
|
@@ -79,6 +93,7 @@
|
|
SSL_RSA_DES_168_SHA,
|
|
SSL_RSA_RC4_128_SHA,
|
|
SSL_RSA_RC4_128_MD5,
|
|
+#endif
|
|
0
|
|
};
|
|
|
|
@@ -515,7 +530,9 @@
|
|
ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get());
|
|
|
|
ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session);
|
|
+#if POLARSSL_VERSION_NUMBER < 0x01020000
|
|
ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn );
|
|
+#endif
|
|
if (ssl_ctx->allowed_ciphers)
|
|
ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
|
|
else
|
|
@@ -828,7 +845,11 @@
|
|
ssl_get_version (ks_ssl->ctx),
|
|
ssl_get_ciphersuite(ks_ssl->ctx));
|
|
|
|
+#if POLARSSL_VERSION_NUMBER >= 0x01020000
|
|
+ cert = ks_ssl->ssn->peer_cert;
|
|
+#else
|
|
cert = ks_ssl->ctx->peer_cert;
|
|
+#endif
|
|
if (cert != NULL)
|
|
{
|
|
openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8);
|