On 07/03/2021 22:28, Gert Doering wrote:
Hi,
On Sun, Mar 07, 2021 at 02:20:32PM -0500, Selva Nair wrote:
That's another possible angle... just up soft+hard to "something"
(how much would that be? :-) ) and log the fact.
Rereading my comment on Trac #1059 I recall testing this and concluding
1
mbed TLS 2.25 has a nasty bug that the print function for Montgomery style
EC curves (Curve25519 and Curve448) does segfault. See also the issue
reported here: https://github.com/ARMmbed/mbedtls/issues/4208
We request always debug level 3 from mbed TLS but filter out any debug
output of level 3 un
On 08/03/2021 08:06, Arne Schwabe wrote:
Looking at this feature from today's perspective, it feels like one of
OpenVPN's boutique features. Was probably useful at some point but
doesn't really make much sense today anymore. Esepcially with what is
written in the manpage. Today you rather wo
Patch has been applied to the master branch.
commit 4cf01c8e4381403998341aa32f79f4bf24c7ccb1
Author: Gert Doering
Date: Mon Mar 8 12:44:05 2021 +0100
Fix EVP_PKEY_CTX_... compilation with LibreSSL
Signed-off-by: Gert Doering
Acked-by: Arne Schwabe
Message-Id: <20210308114
Am 08.03.21 um 12:44 schrieb Gert Doering:
> Commit 06f6cf3ff850f29 introduced use of newer OpenSSL functions
> for the TLS 1.0-1.1 PRF, to make OpenVPN work with FIPS-enabled OpenSSL.
>
> LibreSSL masquerades as "very new OpenSSL" but does not have these
> functions (or at least not on the OpenBS
Commit 06f6cf3ff850f29 introduced use of newer OpenSSL functions
for the TLS 1.0-1.1 PRF, to make OpenVPN work with FIPS-enabled OpenSSL.
LibreSSL masquerades as "very new OpenSSL" but does not have these
functions (or at least not on the OpenBSD system tested), so compilationg
breaks.
Add a "but
Hi,
On Mon, Mar 08, 2021 at 11:53:09AM +0100, Gert Doering wrote:
> After some discussion on IRC today, it turns out that I was holding
> my test rig wrong. As in: breakage occurs in the combination of
> "mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually
> matter whether this pa
After some discussion on IRC today, it turns out that I was holding
my test rig wrong. As in: breakage occurs in the combination of
"mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually
matter whether this patch is applied or not - 2.5.1 breaks as well.
Arne's test found the comm
Am 07.03.21 um 19:44 schrieb Gert Doering:
> Hi,
>
> On Sun, Mar 07, 2021 at 01:36:03PM -0500, Selva Nair wrote:
>>> "I'm not sure", TBH. rlimit handling in unix is a bit of an unknown
>>> territory for me.
>>>
>>> What I understand is that root can *increment* the rlimit at will, but
>>> I'd ass
