git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Arne Schwabe <arne@rfc2549.org>
	Wed, 18 Aug 2021 21:33:53 +0000 (23:33 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Fri, 10 Sep 2021 09:51:33 +0000 (11:51 +0200)
commit	8f25cefea15481cc0338bca40a89d96fbe745b9f
tree	e7923262dccc549750d4f24650fbad18a297cde4	tree
parent	79367a3fde433d0660cc7122aa21c3c76ee6b2da	commit \| diff

Detect unusable ciphers on patched OpenSSL of RHEL/Centos

OpenSSL on RHEL 8 and CentOS 8 system when these system are put into
FIPS mode need extra code to figure out if a specific cipher algorithm
is usable on these system. This is particularly problem in data-ciphers
as the errors might occur much later when a client connects and as these
cipher are not caught during config initialisation.

This also prepares for adding Chacha20-Poly1305 when available to
data-ciphers by making the detection logic used to check if
cipher_kt_get returns non-NULL work on these systems.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20210818213354.687736-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22746.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/crypto.c		diff \| blob \| blame \| history
src/openvpn/crypto_openssl.c		diff \| blob \| blame \| history