git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Fri, 19 Jan 2018 21:27:21 +0000 (22:27 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Sat, 20 Jan 2018 11:08:11 +0000 (12:08 +0100)
commit	0e8a30c0b05c1e2b59a1dea0a6eab5daa1d9d9a1
tree	34efa8d606d2996168a2e60b1ff6752c5fa1f232	tree
parent	8fcc63b2e7d24d2fbf6d7ab10767c2347c723d31	commit \| diff

Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+

As described in <80e6b449-c536-dc87-7215-3693872bce5a@birkenwald.de> on
the openvpn-devel mailing list, --tls-version-min no longer works with
OpenSSL 1.1. Kurt Roeckx posted in a debian bug report:

"This is marked as important because if you switch to openssl 1.1.0
the defaults minimum version in Debian is currently TLS 1.2 and
you can't override it with the options that you're currently using
(and are deprecated)."

This patch is loosely based on the original patch by Kurt, but solves the
issue by adding functions to openssl-compat.h, like we also did for all
other openssl 1.1. breakage. This results in not having to add more ifdefs
in ssl_openssl.c and thus cleaner code.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20180119212721.25177-1-steffan@karger.me>
URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873302
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16284.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/openssl_compat.h		diff \| blob \| blame \| history
src/openvpn/ssl.c		diff \| blob \| blame \| history
src/openvpn/ssl_backend.h		diff \| blob \| blame \| history
src/openvpn/ssl_mbedtls.c		diff \| blob \| blame \| history
src/openvpn/ssl_openssl.c		diff \| blob \| blame \| history