Update axtls
This commit is contained in:
parent
74c23161bf
commit
6d3d9c4434
|
|
@ -9,7 +9,7 @@ CONFIG_PLATFORM_LINUX=y
|
|||
#
|
||||
# General Configuration
|
||||
#
|
||||
PREFIX="/usr"
|
||||
PREFIX="/usr/local"
|
||||
# CONFIG_DEBUG is not set
|
||||
CONFIG_STRIP_UNWANTED_SECTIONS=y
|
||||
# CONFIG_VISUAL_STUDIO_7_0 is not set
|
||||
|
|
@ -26,8 +26,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS=""
|
|||
#
|
||||
# CONFIG_SSL_SERVER_ONLY is not set
|
||||
# CONFIG_SSL_CERT_VERIFICATION is not set
|
||||
CONFIG_SSL_ENABLE_CLIENT=y
|
||||
# CONFIG_SSL_FULL_MODE is not set
|
||||
# CONFIG_SSL_ENABLE_CLIENT is not set
|
||||
CONFIG_SSL_FULL_MODE=y
|
||||
# CONFIG_SSL_SKELETON_MODE is not set
|
||||
# CONFIG_SSL_PROT_LOW is not set
|
||||
CONFIG_SSL_PROT_MEDIUM=y
|
||||
|
|
@ -40,17 +40,15 @@ CONFIG_SSL_X509_CERT_LOCATION=""
|
|||
CONFIG_SSL_X509_COMMON_NAME=""
|
||||
CONFIG_SSL_X509_ORGANIZATION_NAME=""
|
||||
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
|
||||
CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
|
||||
# CONFIG_SSL_HAS_PEM is not set
|
||||
# CONFIG_SSL_USE_PKCS12 is not set
|
||||
CONFIG_SSL_HAS_PEM=y
|
||||
CONFIG_SSL_USE_PKCS12=y
|
||||
CONFIG_SSL_EXPIRY_TIME=24
|
||||
CONFIG_X509_MAX_CA_CERTS=150
|
||||
CONFIG_SSL_MAX_CERTS=3
|
||||
# CONFIG_SSL_CTX_MUTEXING is not set
|
||||
CONFIG_USE_DEV_URANDOM=y
|
||||
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
|
||||
CONFIG_OPENSSL_COMPATIBLE=y
|
||||
CONFIG_SSL_SNI=y
|
||||
# CONFIG_OPENSSL_COMPATIBLE is not set
|
||||
# CONFIG_PERFORMANCE_TESTING is not set
|
||||
# CONFIG_SSL_TEST is not set
|
||||
# CONFIG_AXTLSWRAP is not set
|
||||
|
|
@ -93,8 +91,8 @@ CONFIG_LUA_CORE=""
|
|||
#
|
||||
# Samples
|
||||
#
|
||||
CONFIG_SAMPLES=y
|
||||
CONFIG_C_SAMPLES=y
|
||||
# CONFIG_SAMPLES is not set
|
||||
# CONFIG_C_SAMPLES is not set
|
||||
# CONFIG_CSHARP_SAMPLES is not set
|
||||
# CONFIG_VBNET_SAMPLES is not set
|
||||
# CONFIG_JAVA_SAMPLES is not set
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Maintainer: Versus Void
|
||||
pkgname=axtls
|
||||
pkgver=1.5.4
|
||||
pkgver=2.1.4
|
||||
pkgrel=1
|
||||
pkgdesc="Highly configurable client/server TLSv1.2 library"
|
||||
arch=(x86_64 i686)
|
||||
|
|
@ -9,20 +9,17 @@ license=('BSD')
|
|||
groups=()
|
||||
makedepends=()
|
||||
source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/axTLS-${pkgver}.tar.gz"
|
||||
"axtls-sni.patch"
|
||||
"config.h"
|
||||
".config"
|
||||
)
|
||||
#noextract=()
|
||||
sha256sums=("24d50cc4f5908d06cfacb2a3916d91ed75c5b1441809e47bc45e1053d6ba5d91"
|
||||
"28906cc3e4684f61791371d6de635618652bbc56e1b445ffcd397ffcc513ca8f"
|
||||
"8e32ee043b3e704e58e938eb1b28a495f3d0d2fbb241dfa2b0654e2c2f40ddb2"
|
||||
"17fcc8fe52357724a59c4bb2973274697bde3573160ac007306e788e3859e88f"
|
||||
sha256sums=("e53dd20e2b619349bc48b631176a38742ea600333fd0349df83c6366b7be05bb"
|
||||
"b9f276b4b04daa3e36cb3fa71771796327904fa2c5e55d205d3148cae8bf17d5"
|
||||
"ae1d08b8b3bcc4ab9dccb62902f2c5e35d435eba3f9fe81da523fe3a2bc87b53"
|
||||
)
|
||||
|
||||
prepare() {
|
||||
cd "axtls-code"
|
||||
patch -p1 -i "$srcdir/axtls-sni.patch"
|
||||
cp "$srcdir/config.h" config/
|
||||
cp "$srcdir/.config" config/
|
||||
sed -i '/rm $(PREFIX)\/include\/axTLS\/os_port.h/d' Makefile
|
||||
|
|
|
|||
|
|
@ -1,69 +0,0 @@
|
|||
diff -rU 4 a/ssl/Config.in b/ssl/Config.in
|
||||
--- a/ssl/Config.in 2014-10-27 13:30:33.000000000 +0300
|
||||
+++ b/ssl/Config.in 2015-06-09 18:32:26.000000000 +0300
|
||||
@@ -314,8 +314,15 @@
|
||||
|
||||
Note: not all the API is implemented, so parts may still break. And
|
||||
it's definitely not 100% compatible.
|
||||
|
||||
+config CONFIG_SSL_SNI
|
||||
+ bool "Enable SNI"
|
||||
+ default y
|
||||
+ help
|
||||
+ An extension to the TLS.
|
||||
+ See 3.1 Server Name Indication at RFC 3546.
|
||||
+
|
||||
config CONFIG_PERFORMANCE_TESTING
|
||||
bool "Build the bigint performance test tool"
|
||||
default n
|
||||
depends on CONFIG_SSL_CERT_VERIFICATION
|
||||
diff -rU 4 a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
|
||||
--- a/ssl/tls1_clnt.c 2014-11-07 03:24:28.000000000 +0300
|
||||
+++ b/ssl/tls1_clnt.c 2015-06-09 18:32:26.000000000 +0300
|
||||
@@ -218,8 +218,30 @@
|
||||
}
|
||||
|
||||
buf[offset++] = 1; /* no compression */
|
||||
buf[offset++] = 0;
|
||||
+
|
||||
+#ifdef CONFIG_SSL_SNI
|
||||
+ if (ssl->host_name != NULL) {
|
||||
+ unsigned int host_len = strlen(ssl->host_name);
|
||||
+
|
||||
+ buf[offset++] = 0;
|
||||
+ buf[offset++] = host_len+9; /* extensions length */
|
||||
+
|
||||
+ buf[offset++] = 0;
|
||||
+ buf[offset++] = 0; /* server_name(0) (65535) */
|
||||
+ buf[offset++] = 0;
|
||||
+ buf[offset++] = host_len+5; /* server_name length */
|
||||
+ buf[offset++] = 0;
|
||||
+ buf[offset++] = host_len+3; /* server_list length */
|
||||
+ buf[offset++] = 0; /* host_name(0) (255) */
|
||||
+ buf[offset++] = 0;
|
||||
+ buf[offset++] = host_len; /* host_name length */
|
||||
+ strncpy((char*) &buf[offset], ssl->host_name, host_len);
|
||||
+ offset += host_len;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
buf[3] = offset - 4; /* handshake size */
|
||||
|
||||
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
|
||||
}
|
||||
diff -rU 4 a/ssl/tls1.h b/ssl/tls1.h
|
||||
--- a/ssl/tls1.h 2015-04-30 08:41:49.000000000 +0300
|
||||
+++ b/ssl/tls1.h 2015-06-09 18:32:26.000000000 +0300
|
||||
@@ -195,8 +195,12 @@
|
||||
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
|
||||
uint8_t read_sequence[8]; /* 64 bit sequence number */
|
||||
uint8_t write_sequence[8]; /* 64 bit sequence number */
|
||||
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
|
||||
+
|
||||
+#ifdef CONFIG_SSL_SNI
|
||||
+ const char* host_name;
|
||||
+#endif
|
||||
};
|
||||
|
||||
typedef struct _SSL SSL;
|
||||
|
||||
|
|
@ -10,7 +10,7 @@
|
|||
/*
|
||||
* General Configuration
|
||||
*/
|
||||
#define PREFIX "/usr"
|
||||
#define PREFIX "/usr/local"
|
||||
#undef CONFIG_DEBUG
|
||||
#define CONFIG_STRIP_UNWANTED_SECTIONS 1
|
||||
#undef CONFIG_VISUAL_STUDIO_7_0
|
||||
|
|
@ -27,8 +27,8 @@
|
|||
*/
|
||||
#undef CONFIG_SSL_SERVER_ONLY
|
||||
#undef CONFIG_SSL_CERT_VERIFICATION
|
||||
#define CONFIG_SSL_ENABLE_CLIENT 1
|
||||
#undef CONFIG_SSL_FULL_MODE
|
||||
#undef CONFIG_SSL_ENABLE_CLIENT
|
||||
#define CONFIG_SSL_FULL_MODE 1
|
||||
#undef CONFIG_SSL_SKELETON_MODE
|
||||
#undef CONFIG_SSL_PROT_LOW
|
||||
#define CONFIG_SSL_PROT_MEDIUM 1
|
||||
|
|
@ -41,17 +41,15 @@
|
|||
#define CONFIG_SSL_X509_COMMON_NAME ""
|
||||
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
|
||||
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
|
||||
#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
|
||||
#undef CONFIG_SSL_HAS_PEM
|
||||
#undef CONFIG_SSL_USE_PKCS12
|
||||
#define CONFIG_SSL_HAS_PEM 1
|
||||
#define CONFIG_SSL_USE_PKCS12 1
|
||||
#define CONFIG_SSL_EXPIRY_TIME 24
|
||||
#define CONFIG_X509_MAX_CA_CERTS 150
|
||||
#define CONFIG_SSL_MAX_CERTS 3
|
||||
#undef CONFIG_SSL_CTX_MUTEXING
|
||||
#define CONFIG_USE_DEV_URANDOM 1
|
||||
#undef CONFIG_WIN32_USE_CRYPTO_LIB
|
||||
#define CONFIG_OPENSSL_COMPATIBLE 1
|
||||
#define CONFIG_SSL_SNI 1
|
||||
#undef CONFIG_OPENSSL_COMPATIBLE
|
||||
#undef CONFIG_PERFORMANCE_TESTING
|
||||
#undef CONFIG_SSL_TEST
|
||||
#undef CONFIG_AXTLSWRAP
|
||||
|
|
@ -94,8 +92,8 @@
|
|||
/*
|
||||
* Samples
|
||||
*/
|
||||
#define CONFIG_SAMPLES 1
|
||||
#define CONFIG_C_SAMPLES 1
|
||||
#undef CONFIG_SAMPLES
|
||||
#undef CONFIG_C_SAMPLES
|
||||
#undef CONFIG_CSHARP_SAMPLES
|
||||
#undef CONFIG_VBNET_SAMPLES
|
||||
#undef CONFIG_JAVA_SAMPLES
|
||||
|
|
|
|||
Loading…
Reference in New Issue