From bf43e5bbf91ca1a90df8dae3e2cce6bbb61d5cd9 Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Sat, 2 Nov 2019 00:30:02 +0100 Subject: openvpn: update to 2.4.8 Backport two upstream commits that allow building openvpn-openssl without OpenSSLs deprecated APIs. Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8 Signed-off-by: Magnus Kroken --- ...penssl-dont-use-deprecated-ssleay-symbols.patch | 58 ++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch (limited to 'package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch') diff --git a/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch b/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch new file mode 100644 index 0000000000..7e9931f0f3 --- /dev/null +++ b/package/network/services/openvpn/patches/110-openssl-dont-use-deprecated-ssleay-symbols.patch @@ -0,0 +1,58 @@ +From 17a476fd5c8cc49f1d103a50199e87ede76b1b67 Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Sun, 26 Nov 2017 16:04:00 +0100 +Subject: [PATCH] openssl: don't use deprecated SSLEAY/SSLeay symbols + +Compiling our current master against OpenSSL 1.1 with +-DOPENSSL_API_COMPAT=0x10100000L screams bloody murder. This patch fixes +the errors about the deprecated SSLEAY/SSLeay symbols and defines. + +Signed-off-by: Steffan Karger +Acked-by: Gert Doering +Message-Id: <20171126150401.28565-1-steffan@karger.me> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15934.html +Signed-off-by: Gert Doering +--- + configure.ac | 1 + + src/openvpn/openssl_compat.h | 8 ++++++++ + src/openvpn/ssl_openssl.c | 2 +- + 3 files changed, 10 insertions(+), 1 deletion(-) + +--- a/configure.ac ++++ b/configure.ac +@@ -904,6 +904,7 @@ if test "${enable_crypto}" = "yes" -a "$ + EVP_MD_CTX_free \ + EVP_MD_CTX_reset \ + EVP_CIPHER_CTX_reset \ ++ OpenSSL_version \ + SSL_CTX_get_default_passwd_cb \ + SSL_CTX_get_default_passwd_cb_userdata \ + SSL_CTX_set_security_level \ +--- a/src/openvpn/openssl_compat.h ++++ b/src/openvpn/openssl_compat.h +@@ -689,6 +689,14 @@ EC_GROUP_order_bits(const EC_GROUP *grou + #endif + + /* SSLeay symbols have been renamed in OpenSSL 1.1 */ ++#ifndef OPENSSL_VERSION ++#define OPENSSL_VERSION SSLEAY_VERSION ++#endif ++ ++#ifndef HAVE_OPENSSL_VERSION ++#define OpenSSL_version SSLeay_version ++#endif ++ + #if !defined(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT) + #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT RSA_F_RSA_EAY_PRIVATE_ENCRYPT + #endif +--- a/src/openvpn/ssl_openssl.c ++++ b/src/openvpn/ssl_openssl.c +@@ -1977,7 +1977,7 @@ get_highest_preference_tls_cipher(char * + const char * + get_ssl_library_version(void) + { +- return SSLeay_version(SSLEAY_VERSION); ++ return OpenSSL_version(OPENSSL_VERSION); + } + + #endif /* defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL) */ -- cgit v1.2.3