After some discussion on IRC today, it turns out that I was holding
my test rig wrong. As in: breakage occurs in the combination of
"mbed TLS 2.25.0, TLS, TCP and --dev tap", but it does not actually
matter whether this patch is applied or not - 2.5.1 breaks as well.
Arne's test found the commit in mbedTLS between 2.24 and 2.25 that
introduces the breakage (360e2c41d8211e43), but this does not really
explain anything - but it's fairly clear "not something broken in
our code", or at least "not recently".
As discussed on IRC, I have fixed what whitespace uncrustify complained
about ("if<blank>(", function return types on the preceding line, #endif
with comment)
This all said, I now do actually understand what the patch does (and it
looks good) and I think I have all versions of old/new mbedtls and
old/new openssl covered, client and server. All pass, except for
mbedtls 2.25.0 + tcp + tap.
Your patch has been applied to the master branch.
commit 06f6cf3ff850f2930bf4a864ae9898407e94ffb9
Author: Arne Schwabe
Date: Fri Mar 5 15:13:52 2021 +0100
Prefer TLS libraries TLS PRF function, fix OpenVPN in FIPS mode
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Antonio Quartulli <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg21612.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
