Commit 8a01147ff attempted to avoid calling the deprecated/noop
operation SSL_CTX_set_ecdh_auto by surrounding it with #ifdef.
Unfortunately, that change also made the return; that would exit
the function no longer being compiled when using OpenSSL 1.1.0+.
As consequence OpenVPN with OpenSSL 1.1.0+
Am Thu, 26 Mar 2020 09:38:49 +0100
schrieb Arne Schwabe :
> > RPI? You mean Raspberry PI?
> > Maybe on this machine the problem is not a problem. We also use
> > OpenVPN 2.4.7 on a ARMv7, and there is no obvious problem, just on
> > the old ARMv4.
> >
> > Finding all problematic places in the cod
Your patch has been applied to the master branch.
(v5 and v6 indeed differ only in the cmocka tests and should fix the
crash in v5 with mbedtls)
commit be4531564e2be7c8a0222e6923e3f7580b358cab
Author: Arne Schwabe
Date: Thu Mar 12 12:36:54 2020 +0100
Normalise ncp-ciphers option and restr
On 12/03/2020 12:36, Arne Schwabe wrote:
> In scenarios of mbed TLS vs OpenSSL we already normalise the ciphers
> that are send via the wire protocol via OCC to not have a mismatch
> warning between server and client. This is done by
> translate_cipher_name_from_openvpn. The same applies also to th
Is it possible to get an estimate on a timeline for this fix being released?
Duo has a few customers that have been impacted by this and, while we have
provided them with workarounds in the meantime, they are asking for updates on
when this will be fixed. I also expect more customers will be imp
