[Openvpn-devel] OpenSSL build on Windows: OPENSSLDIR and MODULESDIR

Hi, By commit abd5ee9b7dc4ba85438da5d16bb7dfb31714dac7 we disabled loading of OpenSSL configuration file on Windows due to OPENSSLDIR pointing to a writable location in our builds. I think we have to fix this. Considering that we distribute Windows executable with our own OpenSSL build, this is t

[Openvpn-devel] Summary of the community meeting (27th October 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 27th October 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local meeti

[Openvpn-devel] [PATCH applied] Re: Add --with-openssl-engine autoconf option (auto|yes|no)

I have reformatted the indentation (your editor seems to have played tricks with you, since configure.ac actually uses tabs, which the rest doesn't...). Tested on 3.0.0 and 1.1.1 builds. 3.0.0 does not report anything about "engine support" in the configure output, which we might want to extend a

[Openvpn-devel] [PATCH applied] Re: Use new EVP_MAC API for HMAC implementation

I have lightly tested this ("make check" on 1.1.1 and 3.0.0 builds) and it seems to do nicely. Especially that we already merged the HMAC test (unit_tests/test_crypto.c) gives confidence :-) Your patch has been applied to the master branch. commit 7865ffdcbc603894f268d892d638b111e8b61c36 Author:

Re: [Openvpn-devel] [PATCH v3 19/21] Add insecure tls-cert-profile options

On 19/10/2021 20:31, Arne Schwabe wrote: The recent deprecation of SHA1 certificates in OpenSSL 3.0 makes it necessary to reallow them in certain deployments. Currently this works by using the hack of using tls-cipher "DEFAULT:@SECLEVEL=0". Add insecure as option to tls-cert-profile to allow sett