aboutsummaryrefslogtreecommitdiffstats
path: root/package/utils/px5g-wolfssl
Commit message (Collapse)AuthorAgeFilesLines
* treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-041-1/+1
| | | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)
* utils/px5g-wolfssl: make selfsigned certicates compatible with chromiumSergey V. Lobanov2021-12-292-1/+21
| | | | | | | | | | | | | | Chromium based web-browsers (version >58) checks x509v3 extended attributes. If this check fails then chromium does not allow to click "Proceed to ... (unsafe)" link. This patch add three x509v3 extended attributes to self-signed certificate: 1. SAN (Subject Alternative Name) (DNS Name) = CN (common name) 2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment 3. Extended Key Usage = TLS Web Server Authentication SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* px5g-wolfssl: Fix certificate signatureJeffrey Elms2021-01-262-3/+3
| | | | | | | | | | Certificate signature algorithm was being set after call to `wc_MakeCert`, resulting in a mismatch between specified signature in certificate and the actual signature type. Signed-off-by: Jeffrey Elms <jeff@wolfssl.com> [fix commit subject, use COMMITCOUNT] Signed-off-by: Paul Spooren <mail@aparcar.org>
* px5g-wolfssl: cleanup Makefile and SPDX licensePaul Spooren2020-08-312-10/+8
| | | | | | | Minor cosmetic cleanups of the Makefile and add a SPDX compatible license headers. Signed-off-by: Paul Spooren <mail@aparcar.org>
* px5g-wolfssl: add packagePaul Spooren2020-08-312-0/+404
This package creates certificates and private keys, just like `px5g` does. Hower it uses WolfSSL rather than MbedTLS. Signed-off-by: Paul Spooren <mail@aparcar.org>