Hi, On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote: > Will the sec issue with OpenSSL force a new release of OpenVPN ? > > https://www.openssl.org/news/secadv/20200421.txt
This is a question better asked on the openvpn-devel list.
But anyway: normally we do not statically link OpenSSL, so whenever your
Linux / BSD distribution updates OpenSSL, it will make sure OpenVPN
has the latest patch -> all good.
Now, on *Windows* we ship OpenSSL as part of our package, so if this
is an issue that is relevant for OpenVPN (haven't checked yet - some of
the security issues in OpenSSL in the past have not affected us because
we didn't use that functionality) we'll re-roll the windows installers,
bumping from "2.4.9-I601" to "2.4.9-I602". So, no new OpenVPN release,
but new Windows installers.
On MacOS, I think Tunnelblick has to bundle OpenSSL, so you'll see
an update there as well...
Long story short: we'll look into the advisory, and then see what to do.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
