This is quite a huge last-minute patch before a 2.7.0 release - but there
are some special considerations. mbedTLS 3 will run out of support while
we're very likely still in the 2.7.x maintenance phase, so having mbedTLS 4
support in 2.7.x is important for long-term supportability. Further, the
patch only very lightly touches on "non mbedTLS" areas of the code - so
most users will not be affected.
"git show --color-moved=zebra" shows that all the old code is still there,
just goes to "mbedtls_legacy" - to avoid #ifdef orgys, and at some point
dropping mbedTLS 3 will be easy.
Arne has tested this, and verified interoperability with OpenSSL-OpenVPN,
and the buildbots + GHA have tested that mbedTLS 3 support still works.
Your patch has been applied to the master branch.
commit d0589909b9b6f4400429e010e9c4874b7f496e59
Author: Max Fillinger
Date: Fri Jan 23 17:47:39 2026 +0100
Add support for Mbed TLS 4
Signed-off-by: Max Fillinger <[email protected]>
Acked-by: Arne Schwabe <[email protected]>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1441
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg35401.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
