> -----Original Message----- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Sent: donderdag 19 april 2012 15:56 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] openssl ouch > > ouch: > http://www.openssl.org/news/secadv_20120419.txt > > we need to investigate whether and how openvpn is affected. >
Good catch! OpenVPN does use a number of these functions when loading PKCS#12 files in ssl_openssl.c. I'm not entirely sure what the impact is yet, as these files should be generated by the same user that actually uses the connection (they contain the user's private key). If the user hasn't generated these files themselves (which I wouldn't recommend), they might be affected. Adriaan
