openvpn: update to 2.4.7

1 files changed, 29 insertions, 0 deletions

diff --git a/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c
new file mode 100644
index 000000000..efcbc2600
--- /dev/null
+++ b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c
@@ -0,0 +1,29 @@
+--- openvpn-2.4.7.orig/src/openvpn/ssl_openssl.c	2019-02-20 13:28:23.000000000 +0100
++++ openvpn-2.4.7/src/openvpn/ssl_openssl.c	2019-10-07 21:44:52.473323073 +0200
+@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tl
+         return;
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)
+         crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
+                        "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
+                         ciphers);
+@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const ch
+         crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
+     if (tls13)
+     {
+         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
+@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const ch
+         crypto_msg(M_FATAL, "Cannot create SSL object");
+     }
+ 
+-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
+     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ #else
+     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);