>> >> One option is to continue using get_cipherbyname() but add a helper call >> for OpenSSL 3.0 to check algorithm availability. Say, >> EVP_CIPHER_available() that fetches, checks the result and frees --- >> to be used on top of the existing code. > > That is an option but will break as soon as we have the first cipher > that is no longer defined with EVP_ORIG_GLOBAL compatibility definition. > I need to check how much work it is to teach OpenVPN to free the cipher > and md.
I looked at this and I think the best option is to change API to use strings rather than EVP_CIPHER in the "public" API of the ssl library implementation. That will simplify the code rather than to complicate it. Arne _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
