git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Simon Matter <simon.matter@invoca.ch>
	Tue, 21 Feb 2017 19:34:15 +0000 (20:34 +0100)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 23 Feb 2017 08:27:21 +0000 (09:27 +0100)
commit	2fe5547c1df854d41611633ea533649fe88e3031
tree	8b15561304efca01b1b968c8901f0bcd30e99968	tree
parent	47191f49890ee5c53fa78a8ce9bf96b9c8d27a82	commit \| diff

Fix segfault when using crypto lib without AES-256-CTR or SHA256

Openvpn segfaults on RHEL5/CentOS5 when using --tls-crypt, because it
doesn't have AES-256-CTR support:

openvpn[15330]: OpenVPN 2.4.0 x86_64-redhat-linux-gnu [SSL (OpenSSL)]
[LZO] [LZ4] [EPOLL] [MH/PKTINFO] built on Jan 17 2017
openvpn[15330]: library versions: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008,
LZO 2.09, LZ4 1.7.5
openvpn[15331]: NOTE: the current --script-security setting may allow this
configuration to call user-defined scripts
kernel: openvpn[15331]: segfault at 0000000000000008 rip 000000000040ebe0
rsp 00007fffdcfc5738 error 4

This patch fixes it so it shows:

openvpn[424]: ERROR: --tls-crypt requires AES-256-CTR support.
openvpn[424]: Exiting due to fatal error

Trac: #825
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <345db0ac-f6e8-8490-a80a-ffbd81972c07@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14138.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>