]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e72b2f2) | patch
Refuse mbed TLS external key with non RSA certificates
authorArne Schwabe <arne@rfc2549.org>
Mon, 8 Oct 2018 21:41:23 +0000 (23:41 +0200)
committerDavid Sommerseth <davids@openvpn.net>
Tue, 16 Oct 2018 20:07:19 +0000 (22:07 +0200)
commitb3c24842a807014c1663eed6f79e888d73182205
tree895b03e3542903e4d992066a278a4af487fcbb9dtree
parente72b2f2ce062c76c6ab658b7ae961f8b81cba307commit | diff
Refuse mbed TLS external key with non RSA certificates

The current API that we use (mbedtls_pk_setup_rsa_alt) only allows
using RSA keys with the external API. Using an EC, mbed TLS and external
key in OpenVPN will fail very late with a rather obscure error message.

Instead fail early and provide a clear message that only RSA keys are
supported.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20181008214123.10819-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17671.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
src/openvpn/ssl_mbedtls.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git