Am 12.03.21 um 16:12 schrieb Juliusz Sosinowicz:
> Hi Arne,
>
> I found that the connecting issue is that
> wolfSSL_CTX_set_min_proto_version will fail when the user (in this case
> OpenVPN) tries to set a protocol version that was not compiled in. I
> modified our configure.ac script when building for OpenVPN along with
> some additional fixes in this pull request:
> https://github.com/wolfSSL/wolfssl/pull/3871
>
> I also found an error in one of OpenVPN's unit tests. I submitted a
> patch for that test in a separate email.
Using an Ed25519 certificate results in
2021-03-17 14:57:23 us=212254 OpenSSL: unknown error number
2021-03-17 14:57:23 us=212262 Cannot load certificate file
/Users/arne/tmp/alice.pem
2021-03-17 14:57:23 us=212265 Exiting due to fatal error
The configure.ac of WolfSSL should be updated to signal EKM support:
AC_CHECK_HEADER([wolfssl/options.h],,[AC_MSG_ERROR([wolfSSL header
wolfssl/options.h not found!])])
fi
+ # Wolfssl emulate OpenSSL and has EKM
+ have_export_keying_material="yes"
+
AC_DEFINE([HAVE_HMAC_CTX_NEW], [1], [Emulate AC_CHECK_FUNCS
since these are defined as macros])
AC_DEFINE([HAVE_HMAC_CTX_FREE], [1], [Emulate AC_CHECK_FUNCS
since these are defined as macros])
AC_DEFINE([HAVE_HMAC_CTX_RESET], [1], [Emulate AC_CHECK_FUNCS
since these are defined as macros])
Other than it seem to work in the tests that I threw at it.
I would consider this an ACK. @Gert do you want a new version with the
configure.ac fixed?
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
