Only relevant for Attitude Adjustment, see trac #12982 [1]. Commit r35529 [2] upgrades polarssl from v 1.1(.3) to 1.2(.5), but introduces compile errors for openvpn-devel (2.2.2) package present in feeds, as detailed in [1].
The following small patch [3] fixes these compatibility issues. [1]. https://dev.openwrt.org/ticket/12983 [2]. https://dev.openwrt.org/changeset/35529 [3]. http://community.openvpn.net/openvpn/attachment/ticket/250/220-allow- polarssl-1.2.3.patch Signed-off-by: Tijs Van Buggenhout <[email protected]> -- Index: net/openvpn-devel/Makefile =================================================================== diff --git a/branches/packages_12.09/net/openvpn-devel/Makefile b/branches/packages_12.09/net/openvpn-devel/Makefile --- a/branches/packages_12.09/net/openvpn-devel/Makefile (revision 39304) +++ b/branches/packages_12.09/net/openvpn-devel/Makefile (working copy) @@ -11,7 +11,7 @@ PKG_REV:=5d4f5435a421299ed047485d8d99bdf9a0d22fd1 PKG_VERSION:=r$(PKG_REV) -PKG_RELEASE=1 +PKG_RELEASE=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=git://openvpn.git.sourceforge.net/gitroot/openvpn/openvpn.git Index: net/openvpn-devel/patches/010-allow-polarssl-1.2.3.patch =================================================================== diff --git a/branches/packages_12.09/net/openvpn-devel/patches/010-allow-polarssl-1.2.3.patch b/branches/packages_12.09/net/openvpn-devel/patches/010-allow-polarssl-1.2.3.patch new file mode 10644 --- /dev/null (revision 0) +++ b/branches/packages_12.09/net/openvpn-devel/patches/010-allow-polarssl-1.2.3.patch (working copy) @@ -0,0 +1,82 @@ +--- a/src/openvpn/crypto_polarssl.h ++++ b/src/openvpn/crypto_polarssl.h +@@ -60,7 +60,11 @@ + #define OPENVPN_MODE_OFB POLARSSL_MODE_OFB + + /** Cipher is in CFB mode */ ++#if POLARSSL_VERSION_NUMBER < 0x01020000 + #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128 ++#else ++#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB ++#endif + + /** Cipher should encrypt */ + #define OPENVPN_OP_ENCRYPT POLARSSL_ENCRYPT +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -67,6 +67,20 @@ + + static int default_ciphersuites[] = + { ++#if POLARSSL_VERSION_NUMBER >= 0x01020000 ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_AES_256_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, ++ TLS_RSA_WITH_AES_128_CBC_SHA, ++ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, ++ TLS_RSA_WITH_3DES_EDE_CBC_SHA, ++ TLS_RSA_WITH_RC4_128_SHA, ++ TLS_RSA_WITH_RC4_128_MD5, ++#else + SSL_EDH_RSA_AES_256_SHA, + SSL_EDH_RSA_CAMELLIA_256_SHA, + SSL_EDH_RSA_AES_128_SHA, +@@ -79,6 +93,7 @@ + SSL_RSA_DES_168_SHA, + SSL_RSA_RC4_128_SHA, + SSL_RSA_RC4_128_MD5, ++#endif + 0 + }; + +@@ -515,7 +530,9 @@ + ssl_set_rng (ks_ssl->ctx, ctr_drbg_random, rand_ctx_get()); + + ALLOC_OBJ_CLEAR (ks_ssl->ssn, ssl_session); ++#if POLARSSL_VERSION_NUMBER < 0x01020000 + ssl_set_session (ks_ssl->ctx, 0, 0, ks_ssl->ssn ); ++#endif + if (ssl_ctx->allowed_ciphers) + ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); + else +@@ -828,7 +845,11 @@ + ssl_get_version (ks_ssl->ctx), + ssl_get_ciphersuite(ks_ssl->ctx)); + ++#if POLARSSL_VERSION_NUMBER >= 0x01020000 ++ cert = ks_ssl->ssn->peer_cert; ++#else + cert = ks_ssl->ctx->peer_cert; ++#endif + if (cert != NULL) + { + openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8); +--- a/src/openvpn/options.c ++++ b/src/openvpn/options.c +@@ -827,7 +827,12 @@ + o->server_poll_timeout = 0; + #endif + #ifdef ENABLE_CRYPTO ++#ifdef ENABLE_CRYPTO_POLARSSL ++ o->ciphername = "BLOWFISH-CBC"; ++ o->keysize = 16; ++#else + o->ciphername = "BF-CBC"; ++#endif + o->ciphername_defined = true; + o->authname = "SHA1"; + o->authname_defined = true; _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
