Your patch has been applied to the master and release/2.4 branch.
I have tested on unix (where it obviously did not make a difference),
compile-tested on my old ubuntu 14.04 build environment (fails with
CERT_NCRYPT_KEY_SPEC not being defined, because mingw *there* needs
"_WIN32_WINNT >= 0x0601") and successfully built on a brand new ubuntu
16.04 build environment, which adds a new "wincrypt.h" file with new
#if WINAPI_FAMILY_PARTITION fun... :-)
[short summary: throw away your 14.04 build systems, we have decided to
break them, and that's what they are: broken!]
There is one thing I'm not sure I understand in the code, which might
warrant a typo-fix patch:
+ msg(M_WARN,"WARNING: cryptoapicert: private key is in a legacy store."
+ " Restricting TLS version to 1.1");
+ if (!SSL_CTX_set_max_proto_version(ssl_ctx, TLS1_1_VERSION))
+ {
+ msg(M_NONFATAL,"ERROR: cryptoapicert: unable to set max TLS
version"
+ " to 1.1. Try config option --tls-version-min 1.1");
+ goto err;
+ }
should that be "--tls-version-*max* 1.1"?
commit 51d57d7dad6c6380df7b76bbec1897ea4f98474d (master)
commit 6c54745b8d417a534a6081588b1ecc7ff01fa9f7 (release/2.4)
Author: Selva Nair
Date: Fri Jan 19 23:52:54 2018 -0500
TLS v1.2 support for cryptoapicert -- RSA only
Signed-off-by: Selva Nair <[email protected]>
Acked-by: Steffan Karger <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg16288.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
