openvpn: add support for tls-version-min
authorMatteo Panella <morpheus@level28.org>
Sat, 4 Jun 2016 13:15:03 +0000 (15:15 +0200)
committerJo-Philipp Wich <jo@mein.io>
Tue, 7 Jun 2016 21:02:58 +0000 (23:02 +0200)
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).

This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.

Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
package/network/services/openvpn/Makefile
package/network/services/openvpn/files/openvpn.init

index 69f24c4761a6c1e7f646bfcdd5f87147cc89c7ab..e0e1b124c31f5c903b82464e46ec846ba7bd9e00 100644 (file)
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=openvpn
 
 PKG_VERSION:=2.3.10
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
index 5396d0bf47ad3a7fc51f246accce984fd2685857..6dac7b3fa12c1931083c348ca514d2c22788796b 100644 (file)
@@ -121,7 +121,7 @@ start_instance() {
                reneg_bytes reneg_pkts reneg_sec \
                replay_persist replay_window resolv_retry route route_delay route_gateway \
                route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \
-               socks_proxy status status_version syslog tcp_queue_limit tls_auth \
+               socks_proxy status status_version syslog tcp_queue_limit tls_auth tls_version_min \
                tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \
                tun_mtu tun_mtu_extra txqueuelen user verb down push up \
                verify_x509_name x509_username_field \