Hi, On Mon, Mar 18, 2013 at 05:37:28PM +0100, steffan.kar...@fox-it.com wrote: > From: Steffan Karger <steffan.kar...@fox-it.com> > > Add support for PolarSSL-1.2, which has changed the API in several places. > This is a minimal port, new features have not been enabled. Only PolarSSL > 1.2.5 and newer are accepted, as earlier versions contain unresolved > (security) issues.
NAK, actually, for two reasons:
- there is "something wrong" with the blowfish support - patching
release/2.3 in git with these 5 patches and compiling with polar 1.2.5
creates a binary that is not interoperating with openssl-compiled
openvpn (cipher blowfish-cbc on the polar side, bf-cbc on openssl) - it
negotiates just fine, but data packets cannot be decrypted
14:23 <@dazo> Tue Mar 19 14:16:08 2013 Authenticate/Decrypt packet error:
cipher final failed
- when configuring with --enable-pkcs11, compilation fails
14:17 <@dazo> ssl_polarssl.h:69:5: error: expected specifier-qualifier-list
before \u2018pkcs11_context\u2019
(I'm just relaying, David did the actual testing... my buildbot box is still
busy trying to compile polar 1.2.6...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpaSup3b5SbX.pgp
Description: PGP signature
