Hi, On Wed, Apr 22, 2020 at 10:21:52AM +0200, Christian Hesse wrote: > > So, speaking to myself again :-) - I've looked at the advisory, and > > it talks about "Server or client applications that call the > > SSL_check_chain() function". > > Are you sure that openvpn code does not call any openssl function that calls > SSL_check_chain() then? Did not check, but I guess that's possible.
This is one of the OpenSSL intricacies I wouldn't know. OTOH, I would expect the advisory then to be worded as "a TLS 1.3 handshake might crash" not "... applications that call ... SSL_check_chain()", which sounds very specific to me. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpnemail@example.com https://lists.sourceforge.net/lists/listinfo/openvpn-devel