From de27a1adaea1bcf57e28fa33c705da51364ef92b Mon Sep 17 00:00:00 2001 From: Dirk Neukirchen Date: Sat, 21 May 2016 07:35:36 +0200 Subject: cyassl/wolfssl: update to 3.9.0 wolfssl has a fine grained feature and compatibility control for compiling stunnel, lighthttp or (partly) openssl dropin ustream-ssl uses features that require normally HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers ar71xx ipkg sizes of wolfssl 3.9.0: - with stunnel: 144022 - this patch (w.o. stunnel): 131712 - without openssl(extra): 111104 - w.o openssl/sni:108515 - w.o openssl/sni/ecc: 93954 so patch 300 saves around 12k compressed ipkg size v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl that broke with v1 Signed-off-by: Dirk Neukirchen --- .../cyassl/patches/300-SSL_set_tlsext_host_name.patch | 19 ------------------- ...ove_SSL_set_tlsext_host_name_outside_STUNNEL.patch | 19 +++++++++++++++++++ .../cyassl/patches/400-additional_compatibility.patch | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) delete mode 100644 package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch create mode 100644 package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch (limited to 'package/libs/cyassl/patches') diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch deleted file mode 100644 index a35cdadc8e..0000000000 --- a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/wolfssl/openssl/ssl.h -+++ b/wolfssl/openssl/ssl.h -@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR - /* yassl had set the default to be 500 */ - #define SSL_get_default_timeout(ctx) 500 - -+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) -+ - /* Lighthttp compatability */ - - #ifdef HAVE_LIGHTY -@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ - #define SSL_TLSEXT_ERR_NOACK alert_warning - #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME - --#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name - #define SSL_get_servername wolfSSL_get_servername - #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX - #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch new file mode 100644 index 0000000000..51d89f7ece --- /dev/null +++ b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch @@ -0,0 +1,19 @@ +--- a/wolfssl/openssl/ssl.h ++++ b/wolfssl/openssl/ssl.h +@@ -402,6 +402,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR + /* yassl had set the default to be 500 */ + #define SSL_get_default_timeout(ctx) 500 + ++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y)) ++ + /* Lighthttp compatibility */ + + #ifdef HAVE_LIGHTY +@@ -488,7 +490,6 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_ + #define SSL_TLSEXT_ERR_NOACK alert_warning + #define TLSEXT_NAMETYPE_host_name WOLFSSL_SNI_HOST_NAME + +-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name + #define SSL_get_servername wolfSSL_get_servername + #define SSL_set_SSL_CTX wolfSSL_set_SSL_CTX + #define SSL_CTX_get_verify_callback wolfSSL_CTX_get_verify_callback diff --git a/package/libs/cyassl/patches/400-additional_compatibility.patch b/package/libs/cyassl/patches/400-additional_compatibility.patch index 4d75d98906..1464e9d2a8 100644 --- a/package/libs/cyassl/patches/400-additional_compatibility.patch +++ b/package/libs/cyassl/patches/400-additional_compatibility.patch @@ -1,6 +1,6 @@ --- a/cyassl/openssl/ssl.h +++ b/cyassl/openssl/ssl.h -@@ -27,6 +27,9 @@ +@@ -28,6 +28,9 @@ #define CYASSL_OPENSSL_H_ #include -- cgit v1.2.3