[Openvpn-devel] [M] Change in openvpn[master]: Use mbedtls_ssl_export_keying_material()

Thu, 22 May 2025 06:09:28 -0700 

Attention is currently required from: MaxF, flichtenheld.

plaisthos has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/1041?usp=email )

Change subject: Use mbedtls_ssl_export_keying_material()
......................................................................


Patch Set 2: Code-Review-1

(2 comments)

Patchset:

PS2:
the cmake detection didn't work properly for me but we should also not use that 
(see other comment)

So I tested with replacing !HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL
defined(MBEDTLS_SSL_KEYING_MATERIAL_EXPORT) in the source code to test this.

I can confirm that the patch otherwise works.


File CMakeLists.txt:

http://gerrit.openvpn.net/c/openvpn/+/1041/comment/93bf1992_f65e7263 :
PS2, Line 305:     check_symbol_exists(mbedtls_ssl_export_keying_material 
mbedtls/ssl.h HAVE_MBEDTLS_SSL_EXPORT_KEYING_MATERIAL)
shouldn't we rather rely on the mbed TLS configuration define 
MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to detect this?

We have to do this cmake/configure.ac dance for the old apis since mbed TLS 
doesn't have a proper define but to detect if the API is available using 
MBEDTLS_SSL_KEYING_MATERIAL_EXPORT should work unless I am overlooking 
something.



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1041?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I1204bc2ff85952160a86f0b9d1caae90e5065bc4
Gerrit-Change-Number: 1041
Gerrit-PatchSet: 2
Gerrit-Owner: MaxF <m...@max-fillinger.net>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Attention: MaxF <m...@max-fillinger.net>
Gerrit-Comment-Date: Thu, 22 May 2025 13:08:05 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to