Hi, On Mon, Mar 08, 2021 at 11:53:09AM +0100, Gert Doering wrote: > After some discussion on IRC today, it turns out that I was holding > my test rig wrong. As in: breakage occurs in the combination of > "mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually > matter whether this patch is applied or not - 2.5.1 breaks as well.
Arne found the trigger. It is neither related to TCP nor to "--dev tap", but it needs a server side with "OpenSSL 1.1.1" *and* a client side with "mbedTLS 2.25" to trigger this - both ends need to negotiate curve25591, and then mbedTLS will crash in the debug print function. https://github.com/ARMmbed/mbedtls/issues/4208 My current test rigs do not test this combination, except for this particular test case (tcp+tap towards --inetd server), so we were chasing red herrings for a while... I need to think long and hard now how to add meaningful tests with the new test matrix openssl 1.0.2u <-> openssl 1.1.1 mbedTLS "oldish" <-> mbedTLS "very new to the test sets, without making the already-long server side test (40 minutes) go totally out of bounds... gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel