Hi, On Wed, Apr 22, 2020 at 10:21:52AM +0200, Christian Hesse wrote: > > So, speaking to myself again :-) - I've looked at the advisory, and > > it talks about "Server or client applications that call the > > SSL_check_chain() function". > > Are you sure that openvpn code does not call any openssl function that calls > SSL_check_chain() then? Did not check, but I guess that's possible.
This is one of the OpenSSL intricacies I wouldn't know.
OTOH, I would expect the advisory then to be worded as "a TLS 1.3
handshake might crash" not "... applications that call ...
SSL_check_chain()", which sounds very specific to me.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
