Hi,
On 17-02-17 23:00, log...@free.fr wrote:
> From: Emmanuel Deloget <log...@free.fr>
>
> OpenSSL 1.1 changed the SSLv3 API and removed many SSL_L_SSL3_*
> constants. Moreover, new code might use different function
> code for the same error.
>
> Thus, we extract the error reason from the error code before
> we compare it instead of trying to rebuild an error code
> that might not be correct.
>
> The new version is compatible with OpenSSL 1.0.x as well as
> with older versions (starting at 0.9.8).
>
> Signed-off-by: Emmanuel Deloget <log...@free.fr>
> ---
> src/openvpn/crypto_openssl.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index
> 2f77a9853ac484770dcd808efdf13671ade7e758..23de17542bf0f4a311825373ecf8d8261fd21c73
> 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -194,8 +194,7 @@ crypto_print_openssl_errors(const unsigned int flags)
> while ((err = ERR_get_error()))
> {
> /* Be more clear about frequently occurring "no shared cipher" error
> */
> - if (err == ERR_PACK(ERR_LIB_SSL,SSL_F_SSL3_GET_CLIENT_HELLO,
> - SSL_R_NO_SHARED_CIPHER))
> + if (ERR_GET_REASON(err) == SSL_R_NO_SHARED_CIPHER)
> {
> msg(D_CRYPT_ERRORS, "TLS error: The server has no TLS
> ciphersuites "
> "in common with the client. Your --tls-cipher setting might
> be "
>
This patch is correct even outside the context of the transition to 1.1,
and can be applied immediately. ACK.
-Steffan
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
