[Openvpn-devel] [XS] Change in openvpn[master]: Add warning for the --show-groups command that some groups are missing

Fri, 13 Oct 2023 13:20:07 -0700 

cron2 has submitted this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/366?usp=email )

Change subject: Add warning for the --show-groups command that some groups are 
missing
......................................................................

Add warning for the --show-groups command that some groups are missing

OpenSSL has a weird way of only reporting EC curves that are implemented
in a certain way in the list of all EC curves. Note this fact and point
out that also the very important curves X448 and X25519 are affected.

Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097
Acked-by: Frank Lichtenheld <fr...@lichtenheld.com>
Message-Id: <20231009105714.34598-1-fr...@lichtenheld.com>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27193.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
M src/openvpn/ssl_openssl.c
1 file changed, 4 insertions(+), 2 deletions(-)




diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index b5cc9a7..b561e9d 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2249,8 +2249,10 @@
 void
 show_available_curves(void)
 {
-    printf("Consider using openssl 'ecparam -list_curves' as\n"
-           "alternative to running this command.\n");
+    printf("Consider using 'openssl ecparam -list_curves' as alternative to 
running\n"
+           "this command.\n"
+           "Note this output does only list curves/groups that OpenSSL 
considers as\n"
+           "builtin EC curves. It does not list additional curves nor X448 or 
X25519\n");
 #ifndef OPENSSL_NO_EC
     EC_builtin_curve *curves = NULL;
     size_t crv_len = 0;

--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/366?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097
Gerrit-Change-Number: 366
Gerrit-PatchSet: 8
Gerrit-Owner: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-MessageType: merged

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to