mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-19 03:43:29 +00:00
05e99f51e4
"Alternate certification chains, as oppossed to requiring full chain validataion. Certificate validation behavior is relaxed, similar to openssl and browsers. Only the peer certificate must validate to a trusted certificate. Without this, all certificates sent by a peer must be used in the trust chain or the connection will be rejected." This fixes e.g. uclient-fetch and curl connecting to servers using a Let's Encrypt certificate which are cross-signed by the now expired DST Root CA X3, see [0]. This is the recommended solution from upstream [1]. The binary size increases by ~12.3kb: 1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f 1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f [0] https://github.com/openwrt/packages/issues/16674 [1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793 Signed-off-by: Andre Heider <a.heider@gmail.com> [bump PKG_RELEASE] Signed-off-by: David Bauer <mail@david-bauer.net> |
||
|---|---|---|
| .. | ||
| argp-standalone | ||
| elfutils | ||
| gettext | ||
| gettext-full | ||
| gmp | ||
| jansson | ||
| libaudit | ||
| libbsd | ||
| libcap | ||
| libdouble-conversion | ||
| libevent2 | ||
| libiconv | ||
| libiconv-full | ||
| libjson-c | ||
| libmnl | ||
| libnetfilter-conntrack | ||
| libnfnetlink | ||
| libnftnl | ||
| libnl | ||
| libnl-tiny | ||
| libpcap | ||
| libselinux | ||
| libsemanage | ||
| libsepol | ||
| libtool | ||
| libubox | ||
| libunwind | ||
| libusb | ||
| mbedtls | ||
| musl-fts | ||
| ncurses | ||
| nettle | ||
| openssl | ||
| pcre | ||
| popt | ||
| readline | ||
| sysfsutils | ||
| toolchain | ||
| uclibc++ | ||
| uclient | ||
| ustream-ssl | ||
| wolfssl | ||
| zlib | ||