This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
The activation of SSLv3 support is needed for curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791
This patch introduces a new build error into coova-chilli, but
coova-chilli already fails to build even without it anyway. CyaSSL is
now called wolfSSL, and all the API's have been renamed, and
backward-compatibility headers added.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 46167
Un-reverts the previous update commit and forward-ports the patch
to improve legacy SSLv2 handshake handling.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38609
Reverts the CyaSSL version bump for now since the update completely broke
trunk building due to incompatible changes in the IO callback API which in
turn breaks the core ustream-ssl package.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 38576
If junk data is received during SSL_accept(), cyassl will treat it as legacy SSLv2
record without performing further plausibility checks. Change the legacy code path
to return UNKNOWN_HANDSHAKE_TYPE if the value of the third byte isn't 0x01 the
hello message type.
SVN-Revision: 33675
