From: Emmanuel Deloget <log...@free.fr>
OpenSSL 1.1 changed the SSLv3 API and removed many SSL_L_SSL3_*
constants. Moreover, new code might use different function
code for the same error.
Thus, we extract the error reason from the error code before
we compare it instead of trying to rebuild an error code
that might not be correct.
The new version is compatible with OpenSSL 1.0.x as well as
with older versions (starting at 0.9.8).
Signed-off-by: Emmanuel Deloget <log...@free.fr>
---
src/openvpn/crypto_openssl.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index
2f77a9853ac484770dcd808efdf13671ade7e758..23de17542bf0f4a311825373ecf8d8261fd21c73
100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -194,8 +194,7 @@ crypto_print_openssl_errors(const unsigned int flags)
while ((err = ERR_get_error()))
{
/* Be more clear about frequently occurring "no shared cipher" error */
- if (err == ERR_PACK(ERR_LIB_SSL,SSL_F_SSL3_GET_CLIENT_HELLO,
- SSL_R_NO_SHARED_CIPHER))
+ if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
{
msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites
"
"in common with the client. Your --tls-cipher setting might be
"
--
2.7.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
