From 3e121542d8b7ab5201c47bbd3ba5611a23c54759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Parm=C3=A9nides=20GV?= Date: Wed, 11 Jun 2014 11:56:59 +0200 Subject: Correctly connects to millipede. Location keyword on android.cfg isn't supported, EIP corresponding code has been commented out. I think we should support it in ics-openvpn, so that we can show the location instead of the server name. I've updated all opensssl, openvpn, etc. subprojects from rev 813 of ics-openvpn, and jni too. --- app/openssl/patches/README | 61 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 18 deletions(-) (limited to 'app/openssl/patches/README') diff --git a/app/openssl/patches/README b/app/openssl/patches/README index 54b6e068..2ff69282 100644 --- a/app/openssl/patches/README +++ b/app/openssl/patches/README @@ -3,18 +3,6 @@ progs.patch: Fixup sources under the apps/ directory that are not built under the android environment. -small_records.patch: - -Reduce OpenSSL memory consumption. -SSL records may be as large as 16K, but are typically < 2K. In -addition, a historic bug in Windows allowed records to be as large -32K. OpenSSL statically allocates read and write buffers (34K and -18K respectively) used for processing records. -With this patch, OpenSSL statically allocates 4K + 4K buffers, with -the option of dynamically growing buffers to 34K + 4K, which is a -saving of 44K per connection for the typical case. - - handshake_cutthrough.patch Enables SSL3+ clients to send application data immediately following the @@ -26,14 +14,51 @@ jsse.patch Support for JSSE implementation based on OpenSSL. -npn.patch +channelid.patch + +Implements TLS Channel ID support as both a client and a server. +See http://tools.ietf.org/html/draft-balfanz-tls-channelid-00. + +eng_dyn_dirs.patch + +Fixes the case of having multiple DIR_ADD commands sent to eng_dyn + +fix_clang_build.patch + +Fixes the Clang based build. + +tls12_digests.patch + +Fixes a bug with handling TLS 1.2 and digest functions for DSA and ECDSA +keys. + +alpn.patch + +This change adds support for ALPN in OpenSSL. ALPN is the IETF +blessed version of NPN and we'll be supporting both ALPN and NPN for +some time yet. + +cbc_record_splitting.patch + +BEAST attack client-side mitigation. Removes 0/n record splitting, adds 1/n-1 +record splitting. Record splitting is disabled by default. + +dsa_nonce.patch + +Adds an option to mix in hash of message and private key into (EC)DSA nonces to +make (EC)DSA more resilient to weaknesses in RNGs used for nonces. The feature +is disabled by default. + +ecdhe_psk.patch -Transport Layer Security (TLS) Next Protocol Negotiation Extension +Adds support for ECDHE Pre-Shared Key (PSK) TLS cipher suites. -sslv3_uninit_padding.patch +tls_psk_hint.patch -This patch sets the padding for SSLv3 block ciphers to zero. +Fixes issues with TLS-PSK identity hint implementation where +per-connection/session and per-context hints were being mixed up. -sha1_armv4_large.patch +psk_client_callback_128_byte_id_bug.patch -This patch eliminates memory stores to addresses below SP. +Fixes the issue where it was impossible to return a 128 byte long PSK identity +(the maximum supported length) from psk_client_callback. -- cgit v1.2.3