After some discussion on IRC today, it turns out that I was holding
my test rig wrong. As in: breakage occurs in the combination of
"mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually
matter whether this patch is applied or not - 2.5.1 breaks as well.
Arne's test found the commit in mbedTLS between 2.24 and 2.25 that
introduces the breakage (360e2c41d8211e43), but this does not really
explain anything - but it's fairly clear "not something broken in
our code", or at least "not recently".
As discussed on IRC, I have fixed what whitespace uncrustify complained
about ("if<blank>(", function return types on the preceding line, #endif
with comment)
This all said, I now do actually understand what the patch does (and it
looks good) and I think I have all versions of old/new mbedtls and
old/new openssl covered, client and server. All pass, except for
mbedtls 2.25.0 + tcp + tap.
Your patch has been applied to the master branch.
commit 06f6cf3ff850f2930bf4a864ae9898407e94ffb9
Author: Arne Schwabe
Date: Fri Mar 5 15:13:52 2021 +0100
Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Antonio Quartulli <anto...@openvpn.net>
Message-Id: <20210305141352.21847-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21612.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
