Re: [Openvpn-devel] [PATCH 1/2] manpage: improve description of --status and --status-version

2017-11-26 Thread Steffan Karger
Hi, A very welcome improvement of the man page, but one consideration: On 11-11-17 17:11, Gert van Dijk wrote: > Signed-off-by: Gert van Dijk > --- > doc/openvpn.8 | 31 --- > 1 file changed, 28 insertions(+), 3 deletions(-) > > diff --git a/doc/openvpn.8 b/doc/open

[Openvpn-devel] [PATCH 3/3] tls_ctx_set_tls_versions: move verify_flags to where it is used

2017-11-26 Thread Steffan Karger
Minor cleanup of this function now that we are allowed to write C99: move (and rename) flags to the code where it's actually used to improve readability. (I originally did this as part of the tls-version-{min,max} patch for openssl 1.1, but that made the diff hard to read.) Signed-off-by: Steffan

[Openvpn-devel] [PATCH 2/3] Add support for TLS 1.3 in --tls-version-{min, max}

2017-11-26 Thread Steffan Karger
Tested with the current openssl master branch for TLS 1.3 support. mbed TLS has no public builds with TLS 1.3 support yet, so nothing to do there right now. Signed-off-by: Steffan Karger --- src/openvpn/ssl.c | 4 src/openvpn/ssl_backend.h | 1 + src/openvpn/ssl_openssl.c | 10 ++

[Openvpn-devel] [PATCH 1/3] Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

2017-11-26 Thread Steffan Karger
As described in <80e6b449-c536-dc87-7215-3693872bc...@birkenwald.de> on the openvpn-devel mailing list, --tls-version-min no longer works with OpenSSL 1.1. Kurt Roeckx posted in a debian bug report: "This is marked as important because if you switch to openssl 1.1.0 the defaults minimum version i

[Openvpn-devel] [PATCH 1/2] openssl: don't use deprecated SSLEAY/SSLeay symbols

2017-11-26 Thread Steffan Karger
Compiling our current master against OpenSSL 1.1 with -DOPENSSL_API_COMPAT=0x1010L screams bloody murder. This patch fixes the errors about the deprecated SSLEAY/SSLeay symbols and defines. Signed-off-by: Steffan Karger --- configure.ac | 1 + src/openvpn/openssl_compat.h |

[Openvpn-devel] [PATCH 2/2] openssl: add missing #include statements

2017-11-26 Thread Steffan Karger
Compiling our current master against OpenSSL 1.1 with -DOPENSSL_API_COMPAT=0x1010L screams bloody murder. This patch fixes the errors caused by missing includes. Previous openssl versions would usually include 'the rest of the world', but they're fixing that. So we should no longer rely on i

[Openvpn-devel] [PATCH 2/2 v2] openssl: add missing #include statements

2017-11-26 Thread Steffan Karger
Compiling our current master against OpenSSL 1.1 with -DOPENSSL_API_COMPAT=0x1010L screams bloody murder. This patch fixes the errors caused by missing includes. Previous openssl versions would usually include 'the rest of the world', but they're fixing that. So we should no longer rely on i