Hi, On Sun, Mar 4, 2018 at 6:22 PM, Steffan Karger <stef...@karger.me> wrote: > > On 05-03-18 00:13, Jeremie Courreges-Anglas wrote: >> On Sun, Mar 04 2018, Selva Nair <selva.n...@gmail.com> wrote: >> --8<-- >> [...]. OpenSSL itself only provided said setters (since 2015)[2]. The >> getters were added to OpenSSL later (Sep 2017)[3]. >> >> [2] >> https://github.com/openssl/openssl/commit/7946ab33cecce60afcc00afc8fc18f31f9e66bff >> [3] >> https://github.com/openssl/openssl/commit/3edabd3ccb7aac89af5a63cfb2378e33a8be05d7 >> -->8-- >> >> IIUC there are OpenSSL 1.1.0 releases out there that provide only the >> setters, and that would also be affected by the requirement you propose. >> >> Github suggests that besides the master branch, the following tags have >> the setters[2]: >> >> OpenSSL_1_1_1-pre2 OpenSSL_1_1_1-pre1 OpenSSL_1_1_0 OpenSSL_1_1_0g >> OpenSSL_1_1_0f OpenSSL_1_1_0e OpenSSL_1_1_0d OpenSSL_1_1_0c >> OpenSSL_1_1_0b OpenSSL_1_1_0a OpenSSL_1_1_0-pre6 OpenSSL_1_1_0-pre5 >> OpenSSL_1_1_0-pre4 OpenSSL_1_1_0-pre3 OpenSSL_1_1_0-pre2 >> >> while support for getters[3] is only in: >> >> OpenSSL_1_1_1-pre2 OpenSSL_1_1_1-pre1 > > That commit was cherry-picked to the OpenSSL_1_1_0-stable branch, and is > available int 1.1.0g+: > https://github.com/openssl/openssl/commit/af51a74ade8bbab5ed49a3560dcb70d89896dc29 > > But yeah, that's still something we might need to think about.
Yes this is troubling. I had tested Windows build using 1.1.0g, but our release is built with 1.1.0f. So, for example, --tls-version-min 1.2 will not get read back as 1.2. Most likely it'll only lead to less than ideal UX in some corner cases (e.g. the error check min <= max in cryptoapi.c will not work as expected). Selva ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
