Hi, On Mon, Nov 20, 2023 at 03:35:05PM +0000, MaxF (Code Review) wrote: > Change subject: Backport mbed TLS 3 support to OpenVPN 2.6 > ...................................................................... > > Backport mbed TLS 3 support to OpenVPN 2.6 > > Based on commits > - ace7a4f1c271550bb8ad276663e045ab97a46f16 > - f53f06316dbb804128fc5cbee1d8edb274ce81df > - efad93d049c318a3bd9ea5956c6ac8237b8d6d70 > - b5faf1b2e90fd44c5137a2b8f3da98c7ae482fc1
So, after discussion with Arne how to proceed, we decided to not
apply this patch from gerrit "as is", but to do explicit cherry-picking
of these 4 commits - so git history directly tracks which bits came
from where.
This brings now 4 new commits in release/2.6:
commit 001950d14eefe60fd71b6a7091161b0546ff5a9e (HEAD -> release/2.6)
Author: Max Fillinger <maximilian.fillin...@foxcrypto.com>
Date: Fri Nov 17 10:14:01 2023 +0100
Enable key export with mbed TLS 3.x.y
(cherry picked from commit b5faf1b2e90fd44c5137a2b8f3da98c7ae482fc1)
commit 7fa534dbb81c7e3d526a2e9110f35d11de26105c
Author: Max Fillinger <maximilian.fillin...@foxcrypto.com>
Date: Wed Nov 15 16:17:40 2023 +0100
Disable TLS 1.3 support with mbed TLS
(cherry picked from commit efad93d049c318a3bd9ea5956c6ac8237b8d6d70)
commit 1aa2995ebc06a2b8d6df48eb63eb15482fd07865
Author: Max Fillinger <m...@max-fillinger.net>
Date: Wed Oct 25 14:19:28 2023 +0200
Update README.mbedtls
(cherry picked from commit f53f06316dbb804128fc5cbee1d8edb274ce81df)
commit 2942ef5d405413d990d1fc2fa06976bcdd24742e
Author: Max Fillinger <m...@max-fillinger.net>
Date: Wed Oct 25 14:18:30 2023 +0200
Add support for mbedtls 3.X.Y
(cherry picked from commit ace7a4f1c271550bb8ad276663e045ab97a46f16)
I have tested the resulting source tree with mbedTLS 2.28.6 (FreeBSD
package default) and 3.5.1 (latest 3.x, build from source) - t_client
only, but that should be sufficient - and the result is satisfactory
OpenVPN 2.6.8 [git:release/2.6/001950d14eefe60f] amd64-unknown-freebsd13.2 [SSL
(mbed TLS)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jan 17 2024
library versions: mbed TLS 3.5.1, LZO 2.10
Test sets succeeded: 1 1a 1b 1c 1d 1e 2 2a 2b 2c 2d 2e 2f 3 4 4a 4b 5 6 8 8a 9
9a 9b 9x.
./t_lpback.sh: tests passed: 21 failed: 0
(that is the test result with 2.28.6 - with 3.5.1, all tests involving
BF-CBC fail, as that is no longer a supported cipher, but everything else
passes just fine)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
