From f98f4601de762251c4644047786affd34d5fb10c Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 28 Jun 2016 10:47:22 +0200 Subject: openvpn: fix missing cipher list for polarssl in v2.3.11 Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch Signed-off-by: Jo-Philipp Wich --- .../300-upstream-fix-polarssl-mbedtls-builds.patch | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch (limited to 'package/network/services/openvpn/patches') diff --git a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch new file mode 100644 index 0000000000..0a5c49c791 --- /dev/null +++ b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch @@ -0,0 +1,42 @@ +From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Fri, 13 May 2016 08:54:52 +0200 +Subject: [PATCH] Fix polarssl / mbedtls builds + +Commit 8a399cd3 hardened the OpenSSL default cipher list, +but also introduced a change in shared code that causes +polarssl / mbedtls builds to break when no --tls-cipher is +specified. + +This fix is backported code from the master branch. + +Signed-off-by: Steffan Karger +Acked-by: Gert Doering +Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> +URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 +Signed-off-by: Gert Doering +--- + src/openvpn/ssl_polarssl.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c +index 1f58369..9263698 100644 +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) + { + char *tmp_ciphers, *tmp_ciphers_orig, *token; + int i, cipher_count; +- int ciphers_len = strlen (ciphers); ++ int ciphers_len; ++ ++ if (NULL == ciphers) ++ return; /* Nothing to do */ ++ ++ ciphers_len = strlen (ciphers); + + ASSERT (NULL != ctx); + ASSERT (0 != ciphers_len); +-- +2.8.1 + -- cgit v1.2.3