On Fri, 2020-06-05 at 00:37 +0200, Arne Schwabe wrote: > Am 29.05.20 um 01:46 schrieb James Bottomley: > > I'm getting this failure of test_ncp.c > > > > [ RUN ] test_check_ncp_ciphers_list > > [ ERROR ] --- 0x7d67e8 != 0 > > [ LINE ] --- test_ncp.c:65: error: Failure! > > [ FAILED ] test_check_ncp_ciphers_list > > > > I'm building under openssl-1.1.0i > > > > The problem seems to be openssl uses a mixed case name for the > > cipher and EVP_CIPHER_name() is case sensitive. Applying the patch > > below fixes this for openssl and gets make check to pass all tests, > > but I rather wonder why this isn't part of cipher_kt_name() to > > prevent this type of problem? > > Without double checking if I remember correctly OpenSSL 1.1.0 is a > corner case in this regard. OpenSSL 1.1.1 accepts mixed and non mixed > case.
It was fixed by:
commit fc196a5eb97dc3a5465c37a6761428ddd81b023d
Author: Pauli <paul.d...@oracle.com>
Date: Tue Sep 4 07:35:45 2018 +1000
Make OBJ_NAME case insensitive.
Reviewed-by: Richard Levitte <levi...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7089)
So yes, all of 1.1.1 has this fix.
James
> I want to fix this oddity in a proper way and write at least a small
> unit test to ensure that always end up with the same cipher on the
> wire protocol (in IV_CIPHERS and in the options string).
>
> Arne
>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
