We are trying to get OpenVPN to work with the OpenSSL FIP Object Module
v2.0, but each client connection causes our OpenVPN server to SIGSEGV. We
know the line of code that is causing the problem (which I'll show below) --
but we're not sure how to convince the OpenVPN server to correctly establish
ld
Do we need to run this by anyone, or do we just start patching?
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: Wednesday, November 22, 2017 11:42 AM
> To: Jim Carroll
> Cc: openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-d
Modified the autoconf, automake and code to support building OpenVPN with
OpenSSL FIPS Object Module v2.0 validated encryption.
* Adds: --enable-fips-mode switch to configure.ac
* Adds: --enable-fips-mode command line switch to openvpn
---
INSTALL | 72
+
Sigh...Outlook is always such a mess. Sorry, I'll resend.
Jim
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,( "`0$Q"S )!@4K#@,"&@4`,( &"2J&2(;W#0$'
M`0``H((.$3""!#8P@@,>H ,"`0("`0$P#08)*H9(AO<-`0$%!0`P;S$+, D&
M`U4$!A,"4T4Q%# 2!@-5! H3"T%D9%1R=7-T($%",28P) 8#500+$QU!9&14
M'1E%PTP,# U,S Q,#0X,SA:%PT
Just checking in to confirm our revised path made it though this time. And
wanted to see if there is any feedback?
Thanks
Jim C.
> -Original Message-
> From: Jim Carroll [mailto:j...@carroll.com]
> Sent: Friday, November 24, 2017 3:13 PM
> To: 'Gert Doering'
Thanks. I wanted to make sure it got through.
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: Monday, November 27, 2017 12:47 PM
> To: Jim Carroll
> Cc: openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH] Adde
Hi Antonio,
Thanks for reviewing. If you donât mind, I'm going to answer your
comments and questions a bit out of order.
First, you suggested a series of coding-style changes and the removal of
extra whitespace. I have no comment about these. I'll make all the changes
you described and resubmi
Hi Antonio,
I've resubmitted our patch(s) for FIPS support. While re-reading your message,
I see you asked a question I neglected to answer. In options.h, we declared
an integer option 'fips_mode', and you asked:
"why not bool?"
The reason is extendibility for planned changes in OpenS
> So I don't think the version is as strict as you say. But it might be
> other
> distributions have gone through the compliance certification on a
> different
> version.
This is true. Red Hat has gone through the compliance certification on 1.0.2k
and their security policy is public
https://cs
I'm curious about the openvpn-devel process related to patch acceptance. Does
the fact that the conversation has ended mean the patch is scheduled to be
added -- or does it instead mean there is no interest and the patch is being
denied?
Thanks
Jim
begin 666 smime.p7s
M,( &"2J&2(;W#0$'`J" ,(
> > +if test "${enable_fips_mode}" = "yes"; then
> > +AC_CHECK_FUNCS(
> > +[ \
> > +FIPS_mode \
> > +FIPS_mode_set \
> > +SSLeay_version
> > +],
> > +[],
> > +[AC_MSG_ERROR([Incorrect version
We submitted the patches for adding fips 140-2 support in December. We are
still waiting on someone to review and accept them. We have been
successfully using these patches in a environment with over 200 sessions
with no issues
https://sourceforge.net/p/openvpn/mailman/message/36146349/
>
12 matches
Mail list logo
