>Am 30.08.17 um 10:39 schrieb casper....@oracle.com: >> >> >>>> After I figured out where we went wrong, I filed: >>>> 26336744 Solaris specific cleanup code breaks gcm_aes for, e.g., openvpn >>>> which has now been fixed in oracle solaris-userland on git hub >>>> https://github.com/oracle/solaris-userland/tree/master/components/openssl >>> >>> Cool, thanks a lot! >>> >>>> It cannot say exactly when it will be in Solaris 11.3 SRU (patch) release. >>>> Current workaround is disabling AES-GCM for openvpn but that should not be >>>> needed in the future. >>> >>> Is there a way to reliably detect this issue from a test program (or by >>> looking at system versions, like "uname")? It might be worth adding a >>> configure test so users won't run into it ("AES-GCM disabled due to >>> bug 26336744 in Solaris OpenSSL"). >> >> Well, t_lpback would fail but that is late as then you would have >> configured and compiled openvpn. >> > >Does it fail reliable? If yes we could just run a quick version of >failing and if this fails disable AES support, especially disabling >cipher negoiation.
Yes, very reliable (NULL pointer dereference) Casper ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
