Re: [Openvpn-devel] RFD: ssl library version numbers

Sun, 13 Apr 2014 16:05:31 +0000 

Love it. Report always 

> On Apr 13, 2014, at 10:26 AM, Gert Doering <g...@greenie.muc.de> wrote:
> 
> Hi,
> 
> OpenVPN does not currently report the version of the SSL library it is
> using - which I'm not sure whether it's by design or just because nobody
> ever added it.  Anyway, right now I think we need it, to help future
> cases.
> 
> There are a few questions that go along with that, which I want to discuss
> here :-)
> 
> - shall we report compile-time versions as well, or only run-time version?
> 
>  Like:
> 
>    OpenSSL compile version='OpenSSL 1.0.1f 6 Jan 2014'
>        library version='OpenSSL 1.0.1g 7 Apr 2014'
> 
>  (this is on one of my test systems where I discovered an old OpenSSL
>  installation, and upgraded *after* I built the OpenVPN binary)
> 
>  While I always like seeing numbers, I think the compile-time version is
>  not actually that useful - if the ABI is not compatible, it will break,
>  and if it is, the library version is what is relevant.
> 
> - how do I get the library version for PolarSSL?
> 
> - shall we report the library version to the server, e.g. in the form of
> 
>   IV_SSL=OpenSSL 1.0.1f
>   IV_SSL=PolarSSL 1.2.8
> 
>  as a sysadmin on the server side, I'd welcome this ("show me what my
>  users are running").  From a security geek side, I'm not sure whether
>  there is potential for abuse, so "please give me your input"
> 
> - if we report it, do we want to report it always (as IV_VER) or only
>  if --push-peer-info is set?
> 
> feedback, please! :-)
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                           //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             g...@greenie.muc.de
> fax: +49-89-35655025                        g...@net.informatik.tu-muenchen.de
> ------------------------------------------------------------------------------
> Put Bad Developers to Shame
> Dominate Development with Jenkins Continuous Integration
> Continuously Automate Build, Test & Deployment 
> Start a new project now. Try Jenkins in the cloud.
> http://p.sf.net/sfu/13600_Cloudbees
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to