Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+PACKAGE_openvpn-mbedtls:libmbedtls)
-Package/openvpn-wolfssl=$(call Package/openvpn/Default,wolfssl,WolfSSL,+PACKAGE_openvpn-wolfssl:libwolfssl)
+Package/openvpn-wolfssl=$(call Package/openvpn/Default,wolfssl,WolfSSL,+PACKAGE_openvpn-wolfssl:libwolfssl @BROKEN)
define Package/openvpn/config/Default
source "$(SOURCE)/Config-$(1).in"
+++ /dev/null
-Subject: [PATCH] Revert "ssl_verify_openssl: use official ASN1_STRING_ API"
-
-This reverts commit 388800782687793ea968b722e22319b8a13fddbd.
-It breaks wolfSSL build on version <= 5.9.0.
----
- src/openvpn/ssl_verify_openssl.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
---- a/src/openvpn/ssl_verify_openssl.c
-+++ b/src/openvpn/ssl_verify_openssl.c
-@@ -257,7 +257,7 @@ backend_x509_get_username(char *common_n
- {
- ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);
- struct gc_arena gc = gc_new();
-- char *serial = format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1 | FHE_CAPS, NULL, &gc);
-+ char *serial = format_hex_ex(asn1_i->data, asn1_i->length, 0, 1 | FHE_CAPS, NULL, &gc);
-
- if (!serial || cn_len <= strlen(serial) + 2)
- {
-@@ -311,7 +311,7 @@ backend_x509_get_serial_hex(openvpn_x509
- {
- const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
-
-- return format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1, ":", gc);
-+ return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc);
- }
-
- result_t
-@@ -624,7 +624,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce
- {
- ASN1_BIT_STRING *ns;
- ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
-- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
-+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
- if (result == SUCCESS)
- {
- msg(M_WARN, "X509: Certificate is a client certificate yet it's purpose "
-@@ -652,7 +652,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce
- {
- ASN1_BIT_STRING *ns;
- ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
-- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
-+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
- if (result == SUCCESS)
- {
- msg(M_WARN, "X509: Certificate is a server certificate yet it's purpose "
git.99rst.org / openwrt-packages.git / commitdiff