Update axtls
This commit is contained in:
parent
74c23161bf
commit
6d3d9c4434
|
|
@ -9,7 +9,7 @@ CONFIG_PLATFORM_LINUX=y
|
||||||
#
|
#
|
||||||
# General Configuration
|
# General Configuration
|
||||||
#
|
#
|
||||||
PREFIX="/usr"
|
PREFIX="/usr/local"
|
||||||
# CONFIG_DEBUG is not set
|
# CONFIG_DEBUG is not set
|
||||||
CONFIG_STRIP_UNWANTED_SECTIONS=y
|
CONFIG_STRIP_UNWANTED_SECTIONS=y
|
||||||
# CONFIG_VISUAL_STUDIO_7_0 is not set
|
# CONFIG_VISUAL_STUDIO_7_0 is not set
|
||||||
|
|
@ -26,8 +26,8 @@ CONFIG_EXTRA_LDFLAGS_OPTIONS=""
|
||||||
#
|
#
|
||||||
# CONFIG_SSL_SERVER_ONLY is not set
|
# CONFIG_SSL_SERVER_ONLY is not set
|
||||||
# CONFIG_SSL_CERT_VERIFICATION is not set
|
# CONFIG_SSL_CERT_VERIFICATION is not set
|
||||||
CONFIG_SSL_ENABLE_CLIENT=y
|
# CONFIG_SSL_ENABLE_CLIENT is not set
|
||||||
# CONFIG_SSL_FULL_MODE is not set
|
CONFIG_SSL_FULL_MODE=y
|
||||||
# CONFIG_SSL_SKELETON_MODE is not set
|
# CONFIG_SSL_SKELETON_MODE is not set
|
||||||
# CONFIG_SSL_PROT_LOW is not set
|
# CONFIG_SSL_PROT_LOW is not set
|
||||||
CONFIG_SSL_PROT_MEDIUM=y
|
CONFIG_SSL_PROT_MEDIUM=y
|
||||||
|
|
@ -40,17 +40,15 @@ CONFIG_SSL_X509_CERT_LOCATION=""
|
||||||
CONFIG_SSL_X509_COMMON_NAME=""
|
CONFIG_SSL_X509_COMMON_NAME=""
|
||||||
CONFIG_SSL_X509_ORGANIZATION_NAME=""
|
CONFIG_SSL_X509_ORGANIZATION_NAME=""
|
||||||
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
|
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
|
||||||
CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
|
CONFIG_SSL_HAS_PEM=y
|
||||||
# CONFIG_SSL_HAS_PEM is not set
|
CONFIG_SSL_USE_PKCS12=y
|
||||||
# CONFIG_SSL_USE_PKCS12 is not set
|
|
||||||
CONFIG_SSL_EXPIRY_TIME=24
|
CONFIG_SSL_EXPIRY_TIME=24
|
||||||
CONFIG_X509_MAX_CA_CERTS=150
|
CONFIG_X509_MAX_CA_CERTS=150
|
||||||
CONFIG_SSL_MAX_CERTS=3
|
CONFIG_SSL_MAX_CERTS=3
|
||||||
# CONFIG_SSL_CTX_MUTEXING is not set
|
# CONFIG_SSL_CTX_MUTEXING is not set
|
||||||
CONFIG_USE_DEV_URANDOM=y
|
CONFIG_USE_DEV_URANDOM=y
|
||||||
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
|
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
|
||||||
CONFIG_OPENSSL_COMPATIBLE=y
|
# CONFIG_OPENSSL_COMPATIBLE is not set
|
||||||
CONFIG_SSL_SNI=y
|
|
||||||
# CONFIG_PERFORMANCE_TESTING is not set
|
# CONFIG_PERFORMANCE_TESTING is not set
|
||||||
# CONFIG_SSL_TEST is not set
|
# CONFIG_SSL_TEST is not set
|
||||||
# CONFIG_AXTLSWRAP is not set
|
# CONFIG_AXTLSWRAP is not set
|
||||||
|
|
@ -93,8 +91,8 @@ CONFIG_LUA_CORE=""
|
||||||
#
|
#
|
||||||
# Samples
|
# Samples
|
||||||
#
|
#
|
||||||
CONFIG_SAMPLES=y
|
# CONFIG_SAMPLES is not set
|
||||||
CONFIG_C_SAMPLES=y
|
# CONFIG_C_SAMPLES is not set
|
||||||
# CONFIG_CSHARP_SAMPLES is not set
|
# CONFIG_CSHARP_SAMPLES is not set
|
||||||
# CONFIG_VBNET_SAMPLES is not set
|
# CONFIG_VBNET_SAMPLES is not set
|
||||||
# CONFIG_JAVA_SAMPLES is not set
|
# CONFIG_JAVA_SAMPLES is not set
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
# Maintainer: Versus Void
|
# Maintainer: Versus Void
|
||||||
pkgname=axtls
|
pkgname=axtls
|
||||||
pkgver=1.5.4
|
pkgver=2.1.4
|
||||||
pkgrel=1
|
pkgrel=1
|
||||||
pkgdesc="Highly configurable client/server TLSv1.2 library"
|
pkgdesc="Highly configurable client/server TLSv1.2 library"
|
||||||
arch=(x86_64 i686)
|
arch=(x86_64 i686)
|
||||||
|
|
@ -9,20 +9,17 @@ license=('BSD')
|
||||||
groups=()
|
groups=()
|
||||||
makedepends=()
|
makedepends=()
|
||||||
source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/axTLS-${pkgver}.tar.gz"
|
source=("http://downloads.sourceforge.net/sourceforge/${pkgname}/axTLS-${pkgver}.tar.gz"
|
||||||
"axtls-sni.patch"
|
|
||||||
"config.h"
|
"config.h"
|
||||||
".config"
|
".config"
|
||||||
)
|
)
|
||||||
#noextract=()
|
#noextract=()
|
||||||
sha256sums=("24d50cc4f5908d06cfacb2a3916d91ed75c5b1441809e47bc45e1053d6ba5d91"
|
sha256sums=("e53dd20e2b619349bc48b631176a38742ea600333fd0349df83c6366b7be05bb"
|
||||||
"28906cc3e4684f61791371d6de635618652bbc56e1b445ffcd397ffcc513ca8f"
|
"b9f276b4b04daa3e36cb3fa71771796327904fa2c5e55d205d3148cae8bf17d5"
|
||||||
"8e32ee043b3e704e58e938eb1b28a495f3d0d2fbb241dfa2b0654e2c2f40ddb2"
|
"ae1d08b8b3bcc4ab9dccb62902f2c5e35d435eba3f9fe81da523fe3a2bc87b53"
|
||||||
"17fcc8fe52357724a59c4bb2973274697bde3573160ac007306e788e3859e88f"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
prepare() {
|
prepare() {
|
||||||
cd "axtls-code"
|
cd "axtls-code"
|
||||||
patch -p1 -i "$srcdir/axtls-sni.patch"
|
|
||||||
cp "$srcdir/config.h" config/
|
cp "$srcdir/config.h" config/
|
||||||
cp "$srcdir/.config" config/
|
cp "$srcdir/.config" config/
|
||||||
sed -i '/rm $(PREFIX)\/include\/axTLS\/os_port.h/d' Makefile
|
sed -i '/rm $(PREFIX)\/include\/axTLS\/os_port.h/d' Makefile
|
||||||
|
|
|
||||||
|
|
@ -1,69 +0,0 @@
|
||||||
diff -rU 4 a/ssl/Config.in b/ssl/Config.in
|
|
||||||
--- a/ssl/Config.in 2014-10-27 13:30:33.000000000 +0300
|
|
||||||
+++ b/ssl/Config.in 2015-06-09 18:32:26.000000000 +0300
|
|
||||||
@@ -314,8 +314,15 @@
|
|
||||||
|
|
||||||
Note: not all the API is implemented, so parts may still break. And
|
|
||||||
it's definitely not 100% compatible.
|
|
||||||
|
|
||||||
+config CONFIG_SSL_SNI
|
|
||||||
+ bool "Enable SNI"
|
|
||||||
+ default y
|
|
||||||
+ help
|
|
||||||
+ An extension to the TLS.
|
|
||||||
+ See 3.1 Server Name Indication at RFC 3546.
|
|
||||||
+
|
|
||||||
config CONFIG_PERFORMANCE_TESTING
|
|
||||||
bool "Build the bigint performance test tool"
|
|
||||||
default n
|
|
||||||
depends on CONFIG_SSL_CERT_VERIFICATION
|
|
||||||
diff -rU 4 a/ssl/tls1_clnt.c b/ssl/tls1_clnt.c
|
|
||||||
--- a/ssl/tls1_clnt.c 2014-11-07 03:24:28.000000000 +0300
|
|
||||||
+++ b/ssl/tls1_clnt.c 2015-06-09 18:32:26.000000000 +0300
|
|
||||||
@@ -218,8 +218,30 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
buf[offset++] = 1; /* no compression */
|
|
||||||
buf[offset++] = 0;
|
|
||||||
+
|
|
||||||
+#ifdef CONFIG_SSL_SNI
|
|
||||||
+ if (ssl->host_name != NULL) {
|
|
||||||
+ unsigned int host_len = strlen(ssl->host_name);
|
|
||||||
+
|
|
||||||
+ buf[offset++] = 0;
|
|
||||||
+ buf[offset++] = host_len+9; /* extensions length */
|
|
||||||
+
|
|
||||||
+ buf[offset++] = 0;
|
|
||||||
+ buf[offset++] = 0; /* server_name(0) (65535) */
|
|
||||||
+ buf[offset++] = 0;
|
|
||||||
+ buf[offset++] = host_len+5; /* server_name length */
|
|
||||||
+ buf[offset++] = 0;
|
|
||||||
+ buf[offset++] = host_len+3; /* server_list length */
|
|
||||||
+ buf[offset++] = 0; /* host_name(0) (255) */
|
|
||||||
+ buf[offset++] = 0;
|
|
||||||
+ buf[offset++] = host_len; /* host_name length */
|
|
||||||
+ strncpy((char*) &buf[offset], ssl->host_name, host_len);
|
|
||||||
+ offset += host_len;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
buf[3] = offset - 4; /* handshake size */
|
|
||||||
|
|
||||||
return send_packet(ssl, PT_HANDSHAKE_PROTOCOL, NULL, offset);
|
|
||||||
}
|
|
||||||
diff -rU 4 a/ssl/tls1.h b/ssl/tls1.h
|
|
||||||
--- a/ssl/tls1.h 2015-04-30 08:41:49.000000000 +0300
|
|
||||||
+++ b/ssl/tls1.h 2015-06-09 18:32:26.000000000 +0300
|
|
||||||
@@ -195,8 +195,12 @@
|
|
||||||
uint8_t server_mac[SHA1_SIZE]; /* for HMAC verification */
|
|
||||||
uint8_t read_sequence[8]; /* 64 bit sequence number */
|
|
||||||
uint8_t write_sequence[8]; /* 64 bit sequence number */
|
|
||||||
uint8_t hmac_header[SSL_RECORD_SIZE]; /* rx hmac */
|
|
||||||
+
|
|
||||||
+#ifdef CONFIG_SSL_SNI
|
|
||||||
+ const char* host_name;
|
|
||||||
+#endif
|
|
||||||
};
|
|
||||||
|
|
||||||
typedef struct _SSL SSL;
|
|
||||||
|
|
||||||
|
|
@ -10,7 +10,7 @@
|
||||||
/*
|
/*
|
||||||
* General Configuration
|
* General Configuration
|
||||||
*/
|
*/
|
||||||
#define PREFIX "/usr"
|
#define PREFIX "/usr/local"
|
||||||
#undef CONFIG_DEBUG
|
#undef CONFIG_DEBUG
|
||||||
#define CONFIG_STRIP_UNWANTED_SECTIONS 1
|
#define CONFIG_STRIP_UNWANTED_SECTIONS 1
|
||||||
#undef CONFIG_VISUAL_STUDIO_7_0
|
#undef CONFIG_VISUAL_STUDIO_7_0
|
||||||
|
|
@ -27,8 +27,8 @@
|
||||||
*/
|
*/
|
||||||
#undef CONFIG_SSL_SERVER_ONLY
|
#undef CONFIG_SSL_SERVER_ONLY
|
||||||
#undef CONFIG_SSL_CERT_VERIFICATION
|
#undef CONFIG_SSL_CERT_VERIFICATION
|
||||||
#define CONFIG_SSL_ENABLE_CLIENT 1
|
#undef CONFIG_SSL_ENABLE_CLIENT
|
||||||
#undef CONFIG_SSL_FULL_MODE
|
#define CONFIG_SSL_FULL_MODE 1
|
||||||
#undef CONFIG_SSL_SKELETON_MODE
|
#undef CONFIG_SSL_SKELETON_MODE
|
||||||
#undef CONFIG_SSL_PROT_LOW
|
#undef CONFIG_SSL_PROT_LOW
|
||||||
#define CONFIG_SSL_PROT_MEDIUM 1
|
#define CONFIG_SSL_PROT_MEDIUM 1
|
||||||
|
|
@ -41,17 +41,15 @@
|
||||||
#define CONFIG_SSL_X509_COMMON_NAME ""
|
#define CONFIG_SSL_X509_COMMON_NAME ""
|
||||||
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
|
#define CONFIG_SSL_X509_ORGANIZATION_NAME ""
|
||||||
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
|
#define CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME ""
|
||||||
#define CONFIG_SSL_ENABLE_V23_HANDSHAKE 1
|
#define CONFIG_SSL_HAS_PEM 1
|
||||||
#undef CONFIG_SSL_HAS_PEM
|
#define CONFIG_SSL_USE_PKCS12 1
|
||||||
#undef CONFIG_SSL_USE_PKCS12
|
|
||||||
#define CONFIG_SSL_EXPIRY_TIME 24
|
#define CONFIG_SSL_EXPIRY_TIME 24
|
||||||
#define CONFIG_X509_MAX_CA_CERTS 150
|
#define CONFIG_X509_MAX_CA_CERTS 150
|
||||||
#define CONFIG_SSL_MAX_CERTS 3
|
#define CONFIG_SSL_MAX_CERTS 3
|
||||||
#undef CONFIG_SSL_CTX_MUTEXING
|
#undef CONFIG_SSL_CTX_MUTEXING
|
||||||
#define CONFIG_USE_DEV_URANDOM 1
|
#define CONFIG_USE_DEV_URANDOM 1
|
||||||
#undef CONFIG_WIN32_USE_CRYPTO_LIB
|
#undef CONFIG_WIN32_USE_CRYPTO_LIB
|
||||||
#define CONFIG_OPENSSL_COMPATIBLE 1
|
#undef CONFIG_OPENSSL_COMPATIBLE
|
||||||
#define CONFIG_SSL_SNI 1
|
|
||||||
#undef CONFIG_PERFORMANCE_TESTING
|
#undef CONFIG_PERFORMANCE_TESTING
|
||||||
#undef CONFIG_SSL_TEST
|
#undef CONFIG_SSL_TEST
|
||||||
#undef CONFIG_AXTLSWRAP
|
#undef CONFIG_AXTLSWRAP
|
||||||
|
|
@ -94,8 +92,8 @@
|
||||||
/*
|
/*
|
||||||
* Samples
|
* Samples
|
||||||
*/
|
*/
|
||||||
#define CONFIG_SAMPLES 1
|
#undef CONFIG_SAMPLES
|
||||||
#define CONFIG_C_SAMPLES 1
|
#undef CONFIG_C_SAMPLES
|
||||||
#undef CONFIG_CSHARP_SAMPLES
|
#undef CONFIG_CSHARP_SAMPLES
|
||||||
#undef CONFIG_VBNET_SAMPLES
|
#undef CONFIG_VBNET_SAMPLES
|
||||||
#undef CONFIG_JAVA_SAMPLES
|
#undef CONFIG_JAVA_SAMPLES
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue