From 6ddc43d1bf9b3ea3ee5db8c50d56a98fe4db4c97 Mon Sep 17 00:00:00 2001 From: Emmanuel Deloget Date: Fri, 17 Feb 2017 23:00:53 +0100 Subject: [PATCH] OpenSSL: check for the SSL reason, not the full error OpenSSL 1.1 changed the SSLv3 API and removed many SSL_L_SSL3_* constants. Moreover, new code might use different function code for the same error. Thus, we extract the error reason from the error code before we compare it instead of trying to rebuild an error code that might not be correct. The new version is compatible with OpenSSL 1.0.x as well as with older versions (starting at 0.9.8). Signed-off-by: Emmanuel Deloget Acked-by: Steffan Karger Message-Id: <0e0d4a67192b563cd07d3f06685f85e34c304142.1487368114.git.logout@free.fr> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14087.html Signed-off-by: Gert Doering --- src/openvpn/crypto_openssl.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index e45571561..a66ee71e5 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -193,8 +193,7 @@ crypto_print_openssl_errors(const unsigned int flags) while ((err = ERR_get_error())) { /* Be more clear about frequently occurring "no shared cipher" error */ - if (err == ERR_PACK(ERR_LIB_SSL,SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_NO_SHARED_CIPHER)) + if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER) { msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS ciphersuites " "in common with the client. Your --tls-cipher setting might be " -- 2.47.2