Am 11.08.22 um 14:07 schrieb Max Fillinger:
Building OpenVPN on the latest OpenBSD snapshot failed because EVP_MD_CTX
is an opaque struct in LibreSSL now. Therefore, call md_ctx_new() instead
of declaring them on the stack. When they're not on the stack anymore, we
don't have to call EVP_MD_CTX_init() anymore, but we need to call
EVP_MD_CTX_free() instead of cleanup.
Urgh. The whole reason I left this code with the EVP_MD_CTX is that it
is OpenSSL 1.0.2 only and I expected to be able to remove it sooner or
later. So LibreSSL doeds not support the alternative API for that?
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
is what we use for OpenSSL 1.1.0+
I am not happy to soon have LibreSSL specific code in our code but it
seems like if want to continue that library, we have to.
The change looks good itself.
Acked-By: Arne Schwabe <a...@rfc2549.org>
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
