+++ /dev/null
-LOCAL_PATH := $(call my-dir)
-
-
-# These lists come from the same variables in Makefile.am:
-openconnect_SOURCES = xml.c main.c dtls.c cstp.c mainloop.c tun.c
-library_srcs = ssl.c http.c auth.c library.c compat.c
-lib_srcs_openssl = openssl.c
-noinst_HEADERS = openconnect-internal.h openconnect.h gnutls.h
-
-
-common_SRC_FILES := $(openconnect_SOURCES) $(library_srcs) $(lib_srcs_openssl) \
- $(noinst_HEADERS) version.c
-
-common_CFLAGS += -DANDROID -DANDROID_KEYSTORE -DIF_TUN_HDR="<linux/if_tun.h>" \
- -DDEFAULT_VPNCSCRIPT=NULL -DHAVE_ASPRINTF -DOPENCONNECT_OPENSSL
-
-common_C_INCLUDES += \
- $(JNI_H_INCLUDE) \
- $(LOCAL_PATH)/WebKit/android/icu \
- external/ \
- external/icu4c/common \
- external/icu4c/i18n \
- external/libxml2/include \
- bionic/libc/include/ \
- external/openssl \
- external/openssl/include \
- external/openssl/crypto \
- external/zlib \
- frameworks/base/cmds/keystore \
- system/core/include
-
-common_SHARED_LIBRARIES := libcutils \
- libz \
- libicuuc \
- libicui18n libgabi++ libc
-
-ifneq ($(TARGET_SIMULATOR),true)
- common_SHARED_LIBRARIES += libdl
-endif
-
-# static linked binary
-# =====================================================
-
-#include $(CLEAR_VARS)
-#LOCAL_SRC_FILES := $(common_SRC_FILES)
-#LOCAL_CFLAGS := $(common_CFLAGS)
-#LOCAL_C_INCLUDES := $(common_C_INCLUDES)
-#
-#LOCAL_SHARED_LIBRARIES += $(common_SHARED_LIBRARIES)
-#LOCAL_STATIC_LIBRARIES:= libopenssl-static liblzo-static
-#
-##LOCAL_LDLIBS += -ldl
-##LOCAL_PRELINK_MODULE:= false
-#
-#LOCAL_MODULE:= openconnect-static
-#LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-#include $(BUILD_EXECUTABLE)
-
-# dynamic linked binary
-# =====================================================
-
-include $(CLEAR_VARS)
-LOCAL_SRC_FILES := $(common_SRC_FILES)
-LOCAL_CFLAGS := $(common_CFLAGS)
-LOCAL_C_INCLUDES := $(common_C_INCLUDES)
-
-LOCAL_SHARED_LIBRARIES := $(common_SHARED_LIBRARIES) libssl libcrypto libz
-LOCAL_STATIC_LIBRARIES := libxml2 liblog
-
-#LOCAL_LDLIBS += -ldl
-#LOCAL_PRELINK_MODULE := false
-
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE := openconnect
-LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-include $(BUILD_EXECUTABLE)
--- /dev/null
+From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Tue, 12 Feb 2013 14:55:32 +0000
+Subject: [PATCH] Check DTLS_BAD_VER for version number.
+
+The version check for DTLS1_VERSION was redundant as
+DTLS1_VERSION > TLS1_1_VERSION, however we do need to
+check for DTLS1_BAD_VER for compatibility.
+
+PR:2984
+(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
+---
+ ssl/s3_cbc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
+index 02edf3f..443a31e 100644
+--- a/ssl/s3_cbc.c
++++ b/ssl/s3_cbc.c
+@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
+ unsigned padding_length, good, to_check, i;
+ const unsigned overhead = 1 /* padding length byte */ + mac_size;
+ /* Check if version requires explicit IV */
+- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
+ {
+ /* These lengths are all public so we can test them in
+ * non-constant time.
+--
+1.8.1.2
+
--- /dev/null
+#
+# This Makefile attempts to build OpenConnect and its dependencies for Android
+#
+# It doesn't do a stunning job of tracking changes in the dependencies and
+# automatically rebuilding them, but it's good enough for getting them built
+# and installed into its own local sysroot.
+#
+# As long as you have the Android NDK toolchain on your path, you should then
+# be able to edit fairly much anything in place and rebuild it locally.
+#
+# It should also be fairly simple to extend this to cross-compile for any target
+
+NDK := /opt/android-sdk-linux_x86/android-ndk-r8d/
+ARCH := arm
+APIVER := 14
+TRIPLET := arm-linux-androideabi
+GCCVER := 4.6
+
+NDK_SYSROOT := $(NDK)/platforms/android-$(APIVER)/arch-$(ARCH)
+OC_SYSROOT := $(shell pwd)/sysroot
+
+OPENSSL_VER := 1.0.1e
+
+PATH := $(NDK)/toolchains/$(TRIPLET)-$(GCCVER)/prebuilt/linux-x86/bin:$(PATH)
+PKG_CONFIG_LIBDIR=$(OC_SYSROOT)/lib/pkgconfig
+export PATH PKG_CONFIG_LIBDIR
+
+
+MAKEINSTALL=$(MAKE) INSTALL=$(shell pwd)/install_symlink.sh
+
+CONFIGURE_ARGS := --host=$(TRIPLET) --prefix=$(OC_SYSROOT) \
+ --disable-shared --enable-static \
+ CFLAGS="--sysroot=$(NDK_SYSROOT)"
+
+all: openconnect
+
+#####################################################################
+#
+# Build libxml2 with minimal configuration for OpenConnect
+#
+LIBXML2_VER := 2.9.0
+LIBXML2_DIR := libxml2-$(LIBXML2_VER)
+
+libxml2-$(LIBXML2_VER).tar.gz:
+ curl ftp://xmlsoft.org/libxml2/libxml2-$(LIBXML2_VER).tar.gz -o $@.tmp && mv $@.tmp $@
+
+$(LIBXML2_DIR)/configure: libxml2-$(LIBXML2_VER).tar.gz
+ tar xfz $<
+
+$(LIBXML2_DIR)/Makefile: $(LIBXML2_DIR)/configure
+ cd libxml2-$(LIBXML2_VER) && ./configure $(CONFIGURE_ARGS) \
+ --without-c14n -without-catalog --without-debug --without-docbook \
+ --without-fexceptions --without-ftp --without-history \
+ --without-html --without-http --without-iconv --without-iconv \
+ --without-iso8859x --without-legacy --without-pattern \
+ --without-push --without-regexps --without-run-debug \
+ --without-sax1 --without-schemas --without-schematron \
+ --without-threads --without-valid --without-xinclude \
+ --without-xpath --without-xptr --without-zlib --without-lzma \
+ --without-coverage --without-python
+
+$(LIBXML2_DIR)/libxml2.la: $(LIBXML2_DIR)/Makefile
+ $(MAKE) -C libxml2-$(LIBXML2_VER) libxml2.la
+
+$(LIBXML2_DIR)/libxml-2.0.pc: $(LIBXML2_DIR)/Makefile
+ $(MAKE) -C libxml2-$(LIBXML2_VER) libxml-2.0.pc
+
+$(OC_SYSROOT)/lib/libxml2.la: $(LIBXML2_DIR)/libxml2.la
+ $(MAKEINSTALL) -C libxml2-$(LIBXML2_VER) install-libLTLIBRARIES
+
+$(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc: $(LIBXML2_DIR)/libxml-2.0.pc
+ $(MAKEINSTALL) -C libxml2-$(LIBXML2_VER) install-data
+
+LIBXML_DEPS := $(OC_SYSROOT)/lib/libxml2.la $(OC_SYSROOT)/lib/pkgconfig/libxml-2.0.pc
+
+libxml: $(LIBXML_DEPS)
+
+
+#####################################################################
+#
+# Build OpenSSL for Android
+#
+OPENSSL_VER := 1.0.1e
+OPENSSL_DIR := openssl-$(OPENSSL_VER)
+
+openssl-$(OPENSSL_VER).tar.gz:
+ curl http://www.openssl.org/source/openssl-$(OPENSSL_VER).tar.gz -o $@.tmp && mv $@.tmp $@
+
+$(OPENSSL_DIR)/Configure: openssl-$(OPENSSL_VER).tar.gz
+ tar xfz $<
+ cd openssl-$(OPENSSL_VER) && patch -p1 < ../0001-Check-DTLS_BAD_VER-for-version-number.patch
+ touch $(OPENSSL_DIR)/Configure # Make sure it's newer than Makefile and tarball
+
+$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/Configure
+ cd $(OPENSSL_DIR) && perl Configure --prefix=$(OC_SYSROOT) \
+ --cross-compile-prefix=$(TRIPLET)- no-shared \
+ android-armv7:"gcc --sysroot=$(NDK_SYSROOT)"
+
+$(OPENSSL_DIR)/libssl.a: $(OPENSSL_DIR)/Makefile
+ $(MAKE) -C $(OPENSSL_DIR)
+
+$(OC_SYSROOT)/lib/libssl.a: $(OPENSSL_DIR)/libssl.a
+ # Do this manually instead of using 'make install' since we want symlinks
+ mkdir -p $(OC_SYSROOT)/include/openssl
+ ln -sf $(shell pwd)/$(OPENSSL_DIR)/include/openssl/*.h $(OC_SYSROOT)/include/openssl
+ mkdir -p $(OC_SYSROOT)/lib/pkgconfig
+ ln -sf $(shell pwd)/$(OPENSSL_DIR)/*.pc $(OC_SYSROOT)/lib/pkgconfig
+ ln -sf $(shell pwd)/$(OPENSSL_DIR)/*.a $(OC_SYSROOT)/lib
+
+OPENSSL_DEPS := $(OC_SYSROOT)/lib/libssl.a
+
+openssl: $(OPENSSL_DEPS)
+
+#####################################################################
+#
+# Build OpenConnect for Android
+#
+
+ocbuild/Makefile: $(OPENSSL_DEPS) $(LIBXML_DEPS)
+ mkdir -p ocbuild
+ cd ocbuild && ../../configure $(CONFIGURE_ARGS) \
+ CFLAGS="--sysroot=$(NDK_SYSROOT) -DNO_BROKEN_DTLS_CHECK -DANDROID"
+
+openconnect: ocbuild/Makefile
+ make -C ocbuild