package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch

   1 From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
   2 From: Steffan Karger <steffan@karger.me>
   3 Date: Fri, 13 May 2016 08:54:52 +0200
   4 Subject: [PATCH] Fix polarssl / mbedtls builds
   5
   6 Commit 8a399cd3 hardened the OpenSSL default cipher list,
   7 but also introduced a change in shared code that causes
   8 polarssl / mbedtls builds to break when no --tls-cipher is
   9 specified.
  10
  11 This fix is backported code from the master branch.
  12
  13 Signed-off-by: Steffan Karger <steffan@karger.me>
  14 Acked-by: Gert Doering <gert@greenie.muc.de>
  15 Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
  16 URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
  17 Signed-off-by: Gert Doering <gert@greenie.muc.de>
  18 ---
  19  src/openvpn/ssl_polarssl.c | 7 ++++++-
  20  1 file changed, 6 insertions(+), 1 deletion(-)
  21
  22 diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
  23 index 1f58369..9263698 100644
  24 --- a/src/openvpn/ssl_polarssl.c
  25 +++ b/src/openvpn/ssl_polarssl.c
  26 @@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
  27  {
  28    char *tmp_ciphers, *tmp_ciphers_orig, *token;
  29    int i, cipher_count;
  30 -  int ciphers_len = strlen (ciphers);
  31 +  int ciphers_len;
  32 +
  33 +  if (NULL == ciphers)
  34 +    return; /* Nothing to do */
  35 +
  36 +  ciphers_len = strlen (ciphers);
  37
  38    ASSERT (NULL != ctx);
  39    ASSERT (0 != ciphers_len);
  40 --
  41 2.8.1
  42