openwrt/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-04-15 19:02:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
packages/net/openvpn/patches/101-Revert-ssl_verify_openssl-use-official-ASN1_STRING_-.patch
Qingfang Deng 9faf26770b openvpn: update to 2.7.1 
The new DCO module depends on OpenVPN 2.7.1.
For details refer to https://github.com/OpenVPN/openvpn/blob/v2.7.1/Changes.rst

Removed upstreamed wolfSSL patches:
- 101-Fix-EVP_PKEY_CTX_-compilation-with-wolfSSL.patch
- 102-Disable-external-ec-key-support-when-building-with-wolfSSL.patch

Reworked 100-mbedtls-disable-runtime-version-check.patch to use
MBEDTLS_VERSION_STRING instead of a mutable buffer.

Signed-off-by: Qingfang Deng <dqfext@gmail.com>
2026-04-13 19:24:25 +03:00

47 lines
2.2 KiB
Diff
Raw Permalink Blame History

Subject: [PATCH] Revert "ssl_verify_openssl: use official ASN1_STRING_ API"
This reverts commit 388800782687793ea968b722e22319b8a13fddbd.
It breaks wolfSSL build on version <= 5.9.0.
---
src/openvpn/ssl_verify_openssl.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@@ -257,7 +257,7 @@ backend_x509_get_username(char *common_n
{
ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);
struct gc_arena gc = gc_new();
- char *serial = format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1 | FHE_CAPS, NULL, &gc);
+ char *serial = format_hex_ex(asn1_i->data, asn1_i->length, 0, 1 | FHE_CAPS, NULL, &gc);
if (!serial || cn_len <= strlen(serial) + 2)
{
@@ -311,7 +311,7 @@ backend_x509_get_serial_hex(openvpn_x509
{
const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert);
- return format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1, ":", gc);
+ return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc);
}
result_t
@@ -624,7 +624,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce
{
ASN1_BIT_STRING *ns;
ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE;
if (result == SUCCESS)
{
msg(M_WARN, "X509: Certificate is a client certificate yet it's purpose "
@@ -652,7 +652,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce
{
ASN1_BIT_STRING *ns;
ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL);
- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE;
if (result == SUCCESS)
{
msg(M_WARN, "X509: Certificate is a server certificate yet it's purpose "
Reference in New Issue View Git Blame Copy Permalink