Ticket #715: xrelayd-using-polarssl.patch

make/xrelayd/patches/010-use-polarssl.patch

@@ +1 @@
+--- Makefile
++++ Makefile
+@@ -1,7 +1,7 @@
+ # $Id: Makefile 2 2007-09-01 10:00:28Z lo $
+ # 
+-# if you want to compile against a compiled but not installed xyssl sourcetree
+-# XYSSL_SOURCE=/path/to/xyssl-src
++# if you want to compile against a compiled but not installed polarssl sourcetree
++# POLARSSL_SOURCE=/path/to/polarssl-src
+ 
+ DSTROOT=/usr/local
+ BINDIR=$(DSTROOT)/bin
+@@ -10,11 +10,11 @@
+ LD=gcc
+ 
+ CFLAGS=-g -Wall
+-LIBS=-lxyssl
++LIBS=-lpolarssl
+ 
+-ifneq ($(XYSSL_SOURCE),)
+-       CPPFLAGS+=-I$(XYSSL_SOURCE)/include
+-       LDFLAGS+=-L$(XYSSL_SOURCE)/library
++ifneq ($(POLARSSL_SOURCE),)
++       CPPFLAGS+=-I$(POLARSSL_SOURCE)/include
++       LDFLAGS+=-L$(POLARSSL_SOURCE)/library
+ endif
+ 
+ # source files
+--- xrelayd.c
++++ xrelayd.c
+@@ -55,13 +55,13 @@
+ #define SYSLOG_NAMES
+ #include <syslog.h>
+ 
+-/* xassl includes */
+-#include <xyssl/config.h>
+-#include <xyssl/havege.h>
+-#include <xyssl/certs.h>
+-#include <xyssl/x509.h>
+-#include <xyssl/ssl.h>
+-#include <xyssl/net.h>
++/* polarssl includes */
++#include <polarssl/config.h>
++#include <polarssl/havege.h>
++#include <polarssl/certs.h>
++#include <polarssl/x509.h>
++#include <polarssl/ssl.h>
++#include <polarssl/net.h>
+ 
+ // FIXME. implement some sort of DDOS prevention
+ #define MAXCONNCOUNT 16
+@@ -91,14 +91,14 @@
+  */
+ int xrly_ciphers[] =
+ {
+-#if defined(XYSSL_AES_C)
++#if defined(POLARSSL_AES_C)
+     SSL_RSA_AES_128_SHA,
+     SSL_RSA_AES_256_SHA,
+ #endif
+-#if defined(XYSSL_DES_C)
++#if defined(POLARSSL_DES_C)
+     SSL_RSA_DES_168_SHA,
+ #endif
+-#if defined(XYSSL_ARC4_C)
++#if defined(POLARSSL_ARC4_C)
+     SSL_RSA_RC4_128_SHA,
+     SSL_RSA_RC4_128_MD5,
+ #endif
+@@ -240,16 +240,16 @@
+     if(res>0) return 0;
+     
+     switch( res ) {
+-        case XYSSL_ERR_NET_TRY_AGAIN:
++        case POLARSSL_ERR_NET_TRY_AGAIN:
+             DLOG( "%s operation on %s connection would block",op,conn);
+         case 0:
+             return 0;
+             
+-        case XYSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
++        case POLARSSL_ERR_SSL_PEER_CLOSE_NOTIFY:
+             ILOG( "%s connection closed by peer during %s operation",conn,op);
+             break;
+ 
+-        case XYSSL_ERR_NET_CONN_RESET:
++        case POLARSSL_ERR_NET_CONN_RESET:
+             ILOG( "%s connection was reset by peer during %s operation",conn,op);
+             break;
+             
+@@ -340,13 +340,13 @@
+     int     ret=0;
+     while(len) {
+         if ((ret = f_send(ctx,buf,len)) <= 0) {
+-            if( ret == XYSSL_ERR_NET_TRY_AGAIN ) continue;
++            if( ret == POLARSSL_ERR_NET_TRY_AGAIN ) continue;
+             break;
+         }
+         len-=ret;
+         buf+=ret;
+     }
+-    *eof |= (ret == XYSSL_ERR_NET_CONN_RESET);
++    *eof |= (ret == POLARSSL_ERR_NET_CONN_RESET);
+     return ret;
+ }
+ 
+@@ -355,7 +355,7 @@
+ {
+     int     ret=0;
+     ret = f_recv(ctx,buf,len);
+-    *eof |= (ret == XYSSL_ERR_NET_CONN_RESET);
++    *eof |= (ret == POLARSSL_ERR_NET_CONN_RESET);
+     return ret;
+ }
+ 
+@@ -406,7 +406,7 @@
+     ssl_set_ciphers( &ssl, xrly_ciphers );
+     
+     if(cert && key) {
+-        ssl_set_ca_chain( &ssl, cert->next, NULL );
++        ssl_set_ca_chain( &ssl, cert->next, NULL, NULL );
+         ssl_set_own_cert( &ssl, cert, key );
+     }
+     
+@@ -432,7 +432,7 @@
+     if(sslserver) {
+         ILOG("Performing ssl handshake");
+         while( ( ret = ssl_handshake( &ssl ) ) != 0 ) {
+-            if( ret != XYSSL_ERR_NET_TRY_AGAIN ) {
++            if( ret != POLARSSL_ERR_NET_TRY_AGAIN ) {
+                 ELOG("SSL handshake failed: %08x", ret);
+                 return;
+             }

make/xrelayd/Config.in

@@ -1 +1 @@
 config FREETZ_PACKAGE_XRELAYD
         bool "Xrelayd 0.2.1pre2"
-        select FREETZ_LIB_libxyssl
+        select FREETZ_LIB_libpolarssl
         default n
         help
-                SSL tunnel based on XySSL. Xrelayd is a stripped down version of
-                stunnel based on XySSL library. Essentially, this package makes your
+                SSL tunnel based on PolarSSL. Xrelayd is a stripped down version of
+                stunnel based on PolarSSL library. Essentially, this package makes your
                 router's websrv or httpd SSL-enabled, offering you the option of remote
                 configuration via WWW or secure remote use of features like Rudi-Shell.
 
                 This package will eventually replace Matrixtunnel, even though the
-                XySSL library is somewhat bigger than MatrixSSL. Its command line
+                PolarSSL library is somewhat bigger than MatrixSSL. Its command line
                 interface is identical to Matrixtunnel's, so switching should be easy
                 for all users.

make/xrelayd/xrelayd.mk

@@ -1 +1 @@
 $(call PKG_INIT_BIN, 0.2.1pre2)
 $(PKG)_SOURCE:=$(pkg)-$($(PKG)_VERSION).tar.gz
+$(PKG)_SOURCE_MD5:=05f242295fa864bb3b0b7f0712b4dfa3
+
 $(PKG)_SITE:=http://znerol.ch/files
 $(PKG)_BINARY:=$($(PKG)_DIR)/xrelayd
 $(PKG)_TARGET_BINARY:=$($(PKG)_DEST_DIR)/usr/sbin/xrelayd
-$(PKG)_SOURCE_MD5:=05f242295fa864bb3b0b7f0712b4dfa3
 
-$(PKG)_DEPENDS_ON := xyssl
+$(PKG)_DEPENDS_ON := polarssl
 
 $(PKG_SOURCE_DOWNLOAD)
 $(PKG_UNPACKED)
@@ -15 +16 @@
         $(SUBMAKE) -C $(XRELAYD_DIR) \
                 CC="$(TARGET_CC)" \
                 CFLAGS="$(TARGET_CFLAGS)" \
-                LD="$(TARGET_CC)" \
+                LD="$(TARGET_CC)"
 
 $($(PKG)_TARGET_BINARY): $($(PKG)_BINARY)
         $(INSTALL_BINARY_STRIP)