cyassl/wolfssl: update to 3.9.0
authorDirk Neukirchen <dirkneukirchen@web.de>
Sat, 21 May 2016 05:35:36 +0000 (07:35 +0200)
committerFelix Fietkau <nbd@nbd.name>
Sat, 21 May 2016 07:57:12 +0000 (09:57 +0200)
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers

ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954

so patch 300 saves around 12k compressed ipkg size

v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
package/libs/cyassl/Makefile
package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch [deleted file]
package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch [new file with mode: 0644]
package/libs/cyassl/patches/400-additional_compatibility.patch

index 7384a3d..b6440f3 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=3.8.0
-PKG_RELEASE:=2
+PKG_VERSION:=3.9.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).zip
 PKG_SOURCE_URL:=https://www.wolfssl.com/
-PKG_MD5SUM:=a73d90c5439adea97a5002a73b46ddeb
+PKG_MD5SUM:=f3396726a9befd61443c2cce216e39ba
 
 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
@@ -38,12 +38,10 @@ endef
 TARGET_CFLAGS += $(FPIC)
 
 CONFIGURE_ARGS += \
-       --without-zlib \
        --enable-singlethreaded \
        --enable-opensslextra \
        --enable-sni \
        --enable-ecc \
-       --enable-sslv3 \
        --disable-examples
 
 #ifneq ($(CONFIG_TARGET_x86),)
diff --git a/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch b/package/libs/cyassl/patches/300-SSL_set_tlsext_host_name.patch
deleted file mode 100644 (file)
index a35cdad..0000000
+++ /dev/null
@@ -1,19 +0,0 @@
---- a/wolfssl/openssl/ssl.h
-+++ b/wolfssl/openssl/ssl.h
-@@ -401,6 +401,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
- /* yassl had set the default to be 500 */
- #define SSL_get_default_timeout(ctx) 500
-+#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
-+ 
- /* Lighthttp compatability */
- #ifdef HAVE_LIGHTY                       
-@@ -487,7 +489,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
- #define SSL_TLSEXT_ERR_NOACK                 alert_warning
- #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
--#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
- #define SSL_get_servername wolfSSL_get_servername
- #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
- #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
diff --git a/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch b/package/libs/cyassl/patches/300-debloat_move_SSL_set_tlsext_host_name_outside_STUNNEL.patch
new file mode 100644 (file)
index 0000000..51d89f7
--- /dev/null
@@ -0,0 +1,19 @@
+--- a/wolfssl/openssl/ssl.h
++++ b/wolfssl/openssl/ssl.h
+@@ -402,6 +402,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STOR
+ /* yassl had set the default to be 500 */
+ #define SSL_get_default_timeout(ctx) 500
++#define SSL_set_tlsext_host_name(x, y) wolfSSL_UseSNI(x, WOLFSSL_SNI_HOST_NAME, y, strlen(y))
++
+ /* Lighthttp compatibility */
+ #ifdef HAVE_LIGHTY                       
+@@ -488,7 +490,6 @@ typedef WOLFSSL_ASN1_BIT_STRING    ASN1_
+ #define SSL_TLSEXT_ERR_NOACK                 alert_warning
+ #define TLSEXT_NAMETYPE_host_name            WOLFSSL_SNI_HOST_NAME
+-#define SSL_set_tlsext_host_name wolfSSL_set_tlsext_host_name
+ #define SSL_get_servername wolfSSL_get_servername
+ #define SSL_set_SSL_CTX                  wolfSSL_set_SSL_CTX
+ #define SSL_CTX_get_verify_callback      wolfSSL_CTX_get_verify_callback
index 4d75d98..1464e9d 100644 (file)
@@ -1,6 +1,6 @@
 --- a/cyassl/openssl/ssl.h
 +++ b/cyassl/openssl/ssl.h
-@@ -27,6 +27,9 @@
+@@ -28,6 +28,9 @@
  #define CYASSL_OPENSSL_H_
  
  #include <cyassl/ssl.h>