aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--package/network/services/openvpn/Makefile2
-rw-r--r--package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch16
2 files changed, 17 insertions, 1 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 2b0b038a29..3e9be0dae3 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
PKG_VERSION:=2.3.6
-PKG_RELEASE:=3
+PKG_RELEASE:=4
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
new file mode 100644
index 0000000000..9e1511b6b6
--- /dev/null
+++ b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
@@ -0,0 +1,16 @@
+Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c
+===================================================================
+--- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c
++++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c
+@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state
+ if (ssl_ctx->allowed_ciphers)
+ ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
+
++ /* Disable record splitting (breaks current ssl handling) */
++#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING)
++ ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED);
++#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */
++
+ /* Initialise authentication information */
+ if (is_server)
+ ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx );