Am 23.08.22 um 20:55 schrieb Gert Doering:
Hi,
On Tue, Aug 23, 2022 at 10:21:30AM +0000, Maximilian Fillinger wrote:
I'm a bit unsure if we need this for 2.5 - it's "long term compat"
and not very intrusive, but on the other hand, not too many people
seem to care about LibreSSL.
OpenBSD has packaged 2.5.7 for snapshots, so they must already have a
workaround.
Might be worth looking at their ports tree and see what patches they
apply... (putting that on my heap of things to do "really soon")
So here is a git mirror of their CVS (sic!) tree:
https://github.com/openbsd/ports/tree/master/net/openvpn
- They patch sample config to use user _nobody and enable that.
- Something in route, removing RTA_IFP
- some stuff in tun.c
but they think the revamped OpenSSL 3.0 way of calculating the TLS1 PRF
might actually not be in 2.5 yet, so they do not need a patch for that.
Arne
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
