Hi, On Fri, Apr 14, 2017 at 05:40:49PM +0200, Steffan Karger wrote: > v2: > - add documentation (manpage, Changes.rst and --help) > - no longer print a warning message on each startup for OpenSSL builds > v3: > - remove format changes in unrelated items (introduced in v2) > - Update Changes.rst text to reflect that the default in 2.4.2 is 'legacy' > and the default in 2.5 will be 'preferred' (as discussed on the ML). > - This patch is for the master branch only now (due to the default).
Tested-by: Gert Doering <g...@greenie.muc.de>
I've applied this to "master", added "--tls-cert-profile legacy" to my
openvpn command line, and my FreeBSD 10.3 + mbedTLS 2.6.0 t_client tests
came back to "all tests passed".
So from that point of view, this is a necessary addition.
OTOH, it adds a command line option that will lead to a fatal error on
an OpenSSL build, which I'm not happy about (read: it will break the
buildslave for openssl builds then...) - so even if we do not have the
functionality for OpenSSL yet, we should still understand the option
and then print out a warning.
(Also it - obviously - does not apply to master anymore, due to
surrounding code changes)
David: Steffan said you did not like this patch -> we should discuss
how to improve this / what is missing.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
