| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days. Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself. User
applications must include that directly.
Signed-off-by: Karl Palsson <karlp@etactica.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
|
| |
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48616
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
The activation of SSLv3 support is needed for curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791
|
| |
|
|
|
|
|
|
|
| |
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46168
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46167
|
| |
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 45215
|
| |
|
|
|
|
|
|
|
| |
This fixes a security problem:
Security fix for RSA Padding check vulnerability
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 42526
|
| |
|
|
| |
SVN-Revision: 42063
|
| |
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 40621
|
| |
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 39151
|
| |
|
|
| |
SVN-Revision: 38610
|
| |
|
|
|
|
|
|
|
| |
Un-reverts the previous update commit and forward-ports the patch
to improve legacy SSLv2 handshake handling.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38609
|
| |
|
|
|
|
|
|
|
|
| |
Reverts the CyaSSL version bump for now since the update completely broke
trunk building due to incompatible changes in the IO callback API which in
turn breaks the core ustream-ssl package.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38576
|
| |
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 38558
|
| |
|
|
|
|
|
|
|
| |
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.
SVN-Revision: 33675
|
|
|
SVN-Revision: 33657
|
