Hi,

On Mon, Mar 08, 2021 at 11:53:09AM +0100, Gert Doering wrote:
> After some discussion on IRC today, it turns out that I was holding
> my test rig wrong.  As in: breakage occurs in the combination of
> "mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually 
> matter whether this patch is applied or not - 2.5.1 breaks as well.  

Arne found the trigger.

It is neither related to TCP nor to "--dev tap", but it needs a server
side with "OpenSSL 1.1.1" *and* a client side with "mbedTLS 2.25" to
trigger this - both ends need to negotiate curve25591, and then mbedTLS
will crash in the debug print function.

  https://github.com/ARMmbed/mbedtls/issues/4208

My current test rigs do not test this combination, except for this
particular test case (tcp+tap towards --inetd server), so we were chasing
red herrings for a while...

I need to think long and hard now how to add meaningful tests with
the new test matrix 

   openssl 1.0.2u <-> openssl 1.1.1
   mbedTLS "oldish" <-> mbedTLS "very new

to the test sets, without making the already-long server side test 
(40 minutes) go totally out of bounds...

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to