mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-04 04:54:18 +00:00
b99d7aecc8
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 100-disable-hardening-check.patch | ||
| 110-build-with-libtool-2.4.patch | ||
| 200-ecc-rng.patch | ||
| 300-fix-SSL_get_verify_result-regression.patch | ||