Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates.
This breaks openvpn clients that try to connect to servers that
present a TLS certificate signed with SHA1, which is fairly common.
Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx.
Fixes: FS#942
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
PKG_NAME:=mbedtls
PKG_VERSION:=2.5.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
/* \} name SECTION: mbed TLS modules */
+@@ -2646,7 +2646,7 @@
+ * recommended because of it is possible to generte SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ */
+-// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
++#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+ /**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
projects / openwrt / openwrt.git / commitdiff