f98f4601de
Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
|
|
From: Steffan Karger <steffan@karger.me>
|
|
Date: Fri, 13 May 2016 08:54:52 +0200
|
|
Subject: [PATCH] Fix polarssl / mbedtls builds
|
|
|
|
Commit 8a399cd3 hardened the OpenSSL default cipher list,
|
|
but also introduced a change in shared code that causes
|
|
polarssl / mbedtls builds to break when no --tls-cipher is
|
|
specified.
|
|
|
|
This fix is backported code from the master branch.
|
|
|
|
Signed-off-by: Steffan Karger <steffan@karger.me>
|
|
Acked-by: Gert Doering <gert@greenie.muc.de>
|
|
Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
|
|
URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
|
|
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
|
---
|
|
src/openvpn/ssl_polarssl.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
|
|
index 1f58369..9263698 100644
|
|
--- a/src/openvpn/ssl_polarssl.c
|
|
+++ b/src/openvpn/ssl_polarssl.c
|
|
@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
|
|
{
|
|
char *tmp_ciphers, *tmp_ciphers_orig, *token;
|
|
int i, cipher_count;
|
|
- int ciphers_len = strlen (ciphers);
|
|
+ int ciphers_len;
|
|
+
|
|
+ if (NULL == ciphers)
|
|
+ return; /* Nothing to do */
|
|
+
|
|
+ ciphers_len = strlen (ciphers);
|
|
|
|
ASSERT (NULL != ctx);
|
|
ASSERT (0 != ciphers_len);
|
|
--
|
|
2.8.1
|
|
|