Correctly connects to millipede.

Location keyword on android.cfg isn't supported, EIP corresponding code
has been commented out. I think we should support it in ics-openvpn, so
that we can show the location instead of the server name.

I've updated all opensssl, openvpn, etc. subprojects from rev 813 of
ics-openvpn, and jni too.

1 files changed, 43 insertions, 18 deletions

diff --git a/app/openssl/patches/README b/app/openssl/patches/README
index 54b6e068..2ff69282 100644
--- a/app/openssl/patches/README
+++ b/app/openssl/patches/README
@@ -3,18 +3,6 @@ progs.patch:
 Fixup sources under the apps/ directory that are not built under the android environment.
 
 
-small_records.patch:
-
-Reduce OpenSSL memory consumption.
-SSL records may be as large as 16K, but are typically < 2K.  In
-addition, a historic bug in Windows allowed records to be as large
-32K.  OpenSSL statically allocates read and write buffers (34K and
-18K respectively) used for processing records.
-With this patch, OpenSSL statically allocates 4K + 4K buffers, with
-the option of dynamically growing buffers to 34K + 4K, which is a
-saving of 44K per connection for the typical case.
-
-
 handshake_cutthrough.patch
 
 Enables SSL3+ clients to send application data immediately following the
@@ -26,14 +14,51 @@ jsse.patch
 
 Support for JSSE implementation based on OpenSSL.
 
-npn.patch
+channelid.patch
+
+Implements TLS Channel ID support as both a client and a server.
+See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00.
+
+eng_dyn_dirs.patch
+
+Fixes the case of having multiple DIR_ADD commands sent to eng_dyn
+
+fix_clang_build.patch
+
+Fixes the Clang based build.
+
+tls12_digests.patch
+
+Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA
+keys.
+
+alpn.patch
+
+This change adds support for ALPN in OpenSSL. ALPN is the IETF
+blessed version of NPN and we'll be supporting both ALPN and NPN for
+some time yet.
+
+cbc_record_splitting.patch
+
+BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1
+record splitting. Record splitting is disabled by default.
+
+dsa_nonce.patch
+
+Adds an option to mix in hash of message and private key into (EC)DSA nonces to
+make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature
+is disabled by default.
+
+ecdhe_psk.patch
 
-Transport Layer Security (TLS) Next Protocol Negotiation Extension
+Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites.
 
-sslv3_uninit_padding.patch
+tls_psk_hint.patch
 
-This patch sets the padding for SSLv3 block ciphers to zero.
+Fixes issues with TLS-PSK identity hint implementation where
+per-connection/session and per-context hints were being mixed up.
 
-sha1_armv4_large.patch
+psk_client_callback_128_byte_id_bug.patch
 
-This patch eliminates memory stores to addresses below SP.
+Fixes the issue where it was impossible to return a 128 byte long PSK identity
+(the maximum supported length) from psk_client_callback.