Acked-by: Gert Doering <g...@greenie.muc.de>
The root cause is very obvious ("git grep HAVE_SSL_CTX_SET_SECURITY_LEVEL"),
and the fix seems logical. OpenSSL documentation confirms that this
was "added in OpenSSL 1.1.0", so checking for 0x10100000L sounds like
the right way to do (one could argue about >=, but 1.1.0a would already
match)
I have tested against 1.0.2 (builds, refuses the option) and 1.1.1k
(builds and now accepts the option again, and being really strict
with "preferred" or "suiteb", refuses my SHA1 test certs)
Your patch has been applied to the master branch.
commit b66701e5e2ef194f33e2a8865a4abf4567466d83
Author: Arne Schwabe
Date: Wed Jun 23 20:37:28 2021 +0200
Fix tls-cert-profile broken on OpenSSL 1.1+
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20210623183728.2565286-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22584.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
