Commit Graph

17 Commits

Author SHA1 Message Date
Karl Palsson
9b118cde89 wolfssl: enable openssl 1.0.1 compatibility
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days.  Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself.  User
applications must include that directly.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2016-06-07 09:22:16 +02:00
Dirk Neukirchen
de27a1adae cyassl/wolfssl: update to 3.9.0
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers

ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954

so patch 300 saves around 12k compressed ipkg size

v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
2016-05-21 09:57:12 +02:00
Hauke Mehrtens
6329349cd0 cyassl: update to wolfssl version 3.8.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 48616
2016-02-01 22:38:28 +00:00
Hauke Mehrtens
52df3181c1 cyassl: update to wolfSSL version 3.7.0
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925

The activation of SSLv3 support is needed for curl.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47791
2015-12-05 15:45:31 +00:00
Hauke Mehrtens
69a2459c66 cyassl: update to wolfssl 3.6.0
Upstream wolfssl already has better checks to detect broken ssl v2
ClientHellos, we can remove our hack.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46168
2015-07-03 23:20:36 +00:00
Hauke Mehrtens
9177e16098 cyassl: version bump to 3.4.6
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 46167
2015-07-03 23:20:01 +00:00
John Crispin
b233fdcfa2 cyassl: add support for SSL_set_tlsext_host_name
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45215
2015-04-01 10:42:28 +00:00
Hauke Mehrtens
c8bc803189 cyassl: update to version 3.2.0
This fixes a security problem:
Security fix for RSA Padding check vulnerability

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 42526
2014-09-13 20:56:55 +00:00
Steven Barth
415284ca1c cyassl: update to 3.1.0
SVN-Revision: 42063
2014-08-08 05:25:52 +00:00
Hauke Mehrtens
9be00fc256 cyassl: update to version 3.0.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 40621
2014-05-01 14:04:15 +00:00
Imre Kaloz
72f00c8de4 change fixup method and fix CFLAGS handling
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 39151
2013-12-20 20:25:44 +00:00
Jo-Philipp Wich
8effe85ada cyassl: drop obsolete patches
SVN-Revision: 38610
2013-10-30 15:16:59 +00:00
Jo-Philipp Wich
5e8abac86f cyassl: upgrade to v2.8.0
Un-reverts the previous update commit and forward-ports the patch
to improve legacy SSLv2 handshake handling.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 38609
2013-10-30 13:19:48 +00:00
Jo-Philipp Wich
8e2106488a Revert "[cyassl]: upgrade to 2.8.0"
Reverts the CyaSSL version bump for now since the update completely broke
trunk building due to incompatible changes in the IO callback API which in
turn breaks the core ustream-ssl package.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 38576
2013-10-29 09:53:48 +00:00
Imre Kaloz
688ac024ac upgrade to 2.8.0
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>

SVN-Revision: 38558
2013-10-28 14:34:59 +00:00
Jo-Philipp Wich
6945d722e6 cyassl: add a patch to better check legacy SSLv2 client hello records
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.

SVN-Revision: 33675
2012-10-09 16:41:36 +00:00
Felix Fietkau
48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00