Hi, On Sun, Nov 19, 2017 at 09:37:56PM +0100, Gert Doering wrote: > .. of course this conflicts with o->renegotiate_seconds_min... > > Nevertheless, thanks for the patch :-) - it makes my FreeBSD 10.3 > (mbedTLS 2.6) buildslave now happy again (on the default settings - with > --tls-cert-profile preferred, it refuses the old-hash cert, as it should). > > Also tested with openssl 1.0.1, where it warns and does nothing, as > expected. Good :-)
I *should* have tested with LibreSSL as well... ssl_openssl.o: In function `tls_ctx_set_cert_profile': /home/buildbot/build-openvpn/build-cron2-openbsd-60-amd64-stable-master--disable -lzo--disable-management/build/src/openvpn/ssl_openssl.c:404: undefined reference to `SSL_CTX_set_security_level' /home/buildbot/build-openvpn/build-cron2-openbsd-60-amd64-stable-master--disable-lzo--disable-management/build/src/openvpn/ssl_openssl.c:400: undefined reference to `SSL_CTX_set_security_level' ... *roll eyes* (Not sure, though, why it only complains about two out of three, but still annoyance... if LibreSSL claims OPENSSL_VERSION_NUMBER >= 0x10100000 it better should provide everything needed) This is on OpenBSD 6.0, which happens to be something Samuli's vagrant setup can provide nicely if anyone wants to have a look :-) gert -- now what should I write here... Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
