Hi Arne,
thank you for your extensive review of OpenVPN with wolfSSL.
On 17/09/2020 00:05, Arne Schwabe wrote:
...
I am still seeing this warning:
2020-09-16 23:20:14 WARNING: 'auth' is used inconsistently, local='auth
SHA', remote='auth SHA1'
Are you internally calling SHA1 just SHA and are also returned that as
name when querying for the name? And do the other SHA variant also just
return SHA?
Could you describe how you generated this warning? Looking into our
sources, we do call SHA1 just SHA in wolfSSL. Other variants have names
in the format of SHA<hash size>.
This snippet in the configure.ac looks strange:
if test -n "${WOLFSSL_DIR}"; then
wolfssldir="${WOLFSSL_DIR}"
else
wolfssldir="/usr/local/include/wolfssl"
fi
I am not sure hardcoding a /usr/local path is something we want/allow.
The people better at autoconf might have a better idea on this.
Our default installation path is /usr/local/include which is why we set
it as the default path in projects that use wolfSSL. Additionally,
adding /usr/local/include/wolfssl to the include path allows including
wolfSSL without changing *.c and *.h files. I'll look into David
Sommerseth's suggestion of using pkg-config to get the path and see if
it would be possible to append wolfssl to the path.
...
I am surprised you are targeting OpenSSL < 1.1.0 API. We will probably
drop OpenSSL 1.0.2 support from our code base as soon as we drop RHEL7
support. The 1.1.0+ code path in that patch uses the
EVP_PKEY_derive_*/EVP_PKEY_CTX_set_tls1_prf functions and those will be
needed then.
I think that for now we will target OpenSSL < 1.1.0 API. Once other
issues have been resolved we will start moving to OpenSSL >= 1.1.0 APIs.
I am still in the process of going through your report but I can
reproduce most of the other issues and have found some additional ones
as well. I have closed the PR for now until your comments are resolved
and will re-open to include all fixes in one PR.
Sincerely
Juliusz
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
