Re: [Openvpn-devel] [PATCH 1/9] Implement optional cipher in --data-ciphers prefixed with ?

Fri, 11 Nov 2022 05:46:39 -0800 

Hi,

following up on this one:

On Mon, Dec 06, 2021 at 04:41:17PM +0100, Gert Doering wrote:
> commit 766044507497c41f0319159c37992788ecb681e6
> Author: Arne Schwabe <a...@rfc2549.org>
> Date:   Wed Dec 1 19:07:19 2021 +0100
> 
>     Implement optional cipher in --data-ciphers prefixed with ?
> 
>     Signed-off-by: Arne Schwabe <a...@rfc2549.org>
>     Acked-by: Gert Doering <g...@greenie.muc.de>
>     Message-Id: <20211201180727.2496903-1-a...@rfc2549.org>
>     URL: 
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23279.html

After some discussion on IRC, Arne and I decided that this is useful
for OpenSSL 3.0 compat in 2.5.9+ as well ("...:?BF-CBC") - when the patch
was originally done, all the "optional BF-CBC" stuff was targeted at 2.6,
and OpenSSL 3.0 support was also targeted at 2.6 only.  With the Linux
distributions shipping OpenSSL 3.0 with OpenVPN 2.5 left and right, this
causes compat issues, so "?BF-CBC" is a nice-to-have compat hack 
(for those that *REALLY REALLY* want to enable this in their configs).

The change is small, well-contained, and has unit tests, so "okay for 2.5".

Thus:

commit abe0bb1a7f727a24e2d7cb7215cb309aea5fcffc
Author: Arne Schwabe <a...@rfc2549.org>
Date:   Wed Dec 1 19:07:19 2021 +0100

    Implement optional cipher in --data-ciphers prefixed with ?
    (cherry picked from commit 766044507497c41f0319159c37992788ecb681e6)


It needs a second patch, though, which I also pulled up:

t b43a9b9f3324ccd7dffde3048c616aa5becc2b13 (HEAD -> release/2.5)
Author: Arne Schwabe <a...@rfc2549.org>
Date:   Mon Dec 6 16:08:52 2021 +0100

    Fix handling an optional invalid cipher at the end of data-ciphers
    (cherry picked from commit 868433857fbf8d71515ac0ffecb98eae893515dc)

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             g...@greenie.muc.de

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel























					Reply via email to