openvpn: add support for tls-version-min

Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This commit is contained in:
Matteo Panella 2016-06-04 15:15:03 +02:00 committed by Jo-Philipp Wich
parent 33a4d22f4c
commit 20c608db0a
2 changed files with 2 additions and 2 deletions

View file

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn PKG_NAME:=openvpn
PKG_VERSION:=2.3.10 PKG_VERSION:=2.3.10
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz

View file

@ -121,7 +121,7 @@ start_instance() {
reneg_bytes reneg_pkts reneg_sec \ reneg_bytes reneg_pkts reneg_sec \
replay_persist replay_window resolv_retry route route_delay route_gateway \ replay_persist replay_window resolv_retry route route_delay route_gateway \
route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \ route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \
socks_proxy status status_version syslog tcp_queue_limit tls_auth \ socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \
tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \
tun_mtu tun_mtu_extra txqueuelen user verb down push up \ tun_mtu tun_mtu_extra txqueuelen user verb down push up \
verify_x509_name x509_username_field \ verify_x509_name x509_username_field \