mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-30 10:39:04 +00:00
mbedtls: Re-allow SHA1-signed certificates
Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. This breaks openvpn clients that try to connect to servers that present a TLS certificate signed with SHA1, which is fairly common. Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. Fixes: FS#942 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
This commit is contained in:
parent
ff414fb575
commit
3e35eb13ad
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||||||
|
|
||||||
PKG_NAME:=mbedtls
|
PKG_NAME:=mbedtls
|
||||||
PKG_VERSION:=2.5.1
|
PKG_VERSION:=2.5.1
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
|
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
|
||||||
|
@ -269,3 +269,12 @@
|
|||||||
|
|
||||||
/* \} name SECTION: mbed TLS modules */
|
/* \} name SECTION: mbed TLS modules */
|
||||||
|
|
||||||
|
@@ -2646,7 +2646,7 @@
|
||||||
|
* recommended because of it is possible to generte SHA-1 collisions, however
|
||||||
|
* this may be safe for legacy infrastructure where additional controls apply.
|
||||||
|
*/
|
||||||
|
-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
|
||||||
|
Loading…
Reference in New Issue
Block a user