WolfSSL has recently added many openssl 1.1+ calls, including TLS_server_method & TLS_client_method, which were being redefined, causing compilation failure: ustream-openssl.c:113:0: error: "TLS_server_method" redefined [-Werror] ustream-openssl.c:114:0: error: "TLS_client_method" redefined [-Werror]
Only define the symbols if not previously defined. Signed-off-by: Eneas U de Queiroz <[email protected]> -- There are two CVEs with critical(CVSS 3.1)/high(CVSS2.0) base scores that have been fixed in wolfssl 4.2.0: CVE-2019-16748 & CVE-2019-15651. Before we can update wolfssl, this needs to be applied, along with https://patchwork.ozlabs.org/patch/1164316/. It's also possible to come up with a shorter patch than 1164316, doing just what's necessary for compilation. Let me know how I should go ahead with this. Here's the error after this, but without 1164316 applied: /ustream-openssl.h:47:2: error: implicit declaration of function 'SSL_set_tlsext_host_name'; did you mean 'SSL_set_tlsext_debug_arg'? [-Werror=implicit-function-declaration] SSL_set_tlsext_host_name(us->ssl, us->server_name); It's been tested on WRT3200ACM with master, using current wolfssl 4.1.0, and also with 4.2.0 + https://patchwork.ozlabs.org/patch/1164316/ running uhttpd. diff --git a/ustream-openssl.c b/ustream-openssl.c index b2df362..c09106f 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -110,8 +110,12 @@ __ustream_ssl_context_new(bool server) SSL_library_init(); _init = true; } -# define TLS_server_method SSLv23_server_method -# define TLS_client_method SSLv23_client_method +# ifndef TLS_server_method +# define TLS_server_method SSLv23_server_method +# endif +# ifndef TLS_client_method +# define TLS_client_method SSLv23_client_method +# endif #endif if (server) { _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
