Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-21 Thread Matthias Andree
Am 21.01.2013 14:23, schrieb Gert Doering: > Hi, > > just for the sake of those not following the discussion on IRC... > > On Mon, Jan 21, 2013 at 11:23:17AM +0100, Gert Doering wrote: >> I'm more concernced about maintainability of the OpenVPN code base, and >> having more #ifdef in there is

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-21 Thread Adriaan de Jong
> -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: donderdag 17 januari 2013 9:23 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > From: Steffan Karger <s

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-21 Thread Gert Doering
Hi, On Mon, Jan 21, 2013 at 10:54:26AM +0100, Adriaan de Jong wrote: > > Barring that, I'd suggest to add stuff to fail the build with older > > PolarSSL versions and kill the PolarSSL < 1.2.3 code. It would seem > > from the changelogs that PolarSSL 1.2.N (with N highest available) does > >

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-21 Thread Adriaan de Jong
> -Original Message- > From: Matthias Andree [mailto:matthias.and...@gmx.de] > Sent: zondag 20 januari 2013 14:09 > To: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > Is there any important system where requir

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-20 Thread Matthias Andree
Is there any important system where requiring PolarSSL >= 1.2.3 is not an option, besides "admin is too lazy or can't convince his manager that he needs to upgrade"? This #ifdef stuff makes the whole story a bit inconcise. It might be suitable for 2.3.X, but not to base 2.4 or newer releases on.

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-18 Thread Gert Doering
Hi, On Thu, Jan 17, 2013 at 09:23:29AM +0100, steffan.kar...@fox-it.com wrote: > /** Cipher is in CFB mode */ > +#if POLARSSL_VERSION_NUMBER < 0x0102 > #define OPENVPN_MODE_CFB POLARSSL_MODE_CFB128 > +#else > +#define OPENVPN_MODE_CFB POLARSSL_MODE_CFB > +#endif I don't like this

[Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

2013-01-17 Thread steffan.karger
From: Steffan Karger Add support for PolarSSL-1.2, which has changed the API in several places. This is a minimal port: PolarSSL-1.2 works as well as PolarSSL-1.1, but the new features have not been enabled. Blacklist PolarSSL-1.[0-2] for bugs when verifying