diff options
-rw-r--r-- | package/network/services/openvpn/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch | 16 |
2 files changed, 17 insertions, 1 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 2b0b038a29..3e9be0dae3 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.3.6 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch new file mode 100644 index 0000000000..9e1511b6b6 --- /dev/null +++ b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch @@ -0,0 +1,16 @@ +Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c +=================================================================== +--- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c ++++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c +@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state + if (ssl_ctx->allowed_ciphers) + ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); + ++ /* Disable record splitting (breaks current ssl handling) */ ++#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) ++ ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED); ++#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */ ++ + /* Initialise authentication information */ + if (is_server) + ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx ); |