On 05/27/2013 08:22 PM, Jan Just Keijser wrote:
> Hi Christian,
>
> Christian Stark wrote:
>> Hi opnvpn specialists!
>>
>> I have a security question regarding to openvpn used libraries like
>> libcrypto, libssl and so on.
>> In my scenarios I use (have to use) several openvpn versions.
>>
>> Is it right when using the windows installer, all sub libraries are
>> also included in this package and future fixes to e.g. libssl will be
>> delivered in a new version of the openvpn installer package?
> that's correct.
>
>> And on Linux systems openvpn benefits from lib updates form the
>> distribution?
> normally openvpn is compiled against the system openssl libraries, so
> if the distro updates openssl , openvpn benefits from it immediately.
>>
>> On one system (Synolgy Linux NAS) there is an outdated 2.1 version
>> installed but compiled and linked in 2013. So I'm not sure if I have
>> to make thoughts about security issues because e.g. libssl is
>> definitely more current?
>>
> run 'ldd openvpn' on the synology box to see how it was compiled.
>
> HTH,
>
>
> JJ
Thanks for answering!
On my Synology box is no ldd available so I've copied and checked the
binary on a ubuntu 13.04 system.
ldd says there:
~/bin$ ldd ./openvpn
linux-gate.so.1 => (0xf7752000)
libssl.so.1.0.0 => not found
libcrypto.so.1.0.0 => not found
liblzo2.so.2 => not found
libdl.so.2 => /lib/i386-linux-gnu/libdl.so.2 (0xf7728000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xf7575000)
/lib/ld-linux.so.2 (0xf7753000)
this means that libssl is linked dynamically and not found because thats
another machine?
Here the versions on my Synology box:
OpenSSL 1.0.1e-fips 11 Feb 2013
OpenVPN 2.1.4 i686-linux-gnu [SSL] [LZO2] [EPOLL] built on Mar 9 2013
And this means that I don't have to worry about openSSL?
I'm only affected by OpenVPN's own bugs and security issues?
All right?
I will ask Synology if it is possible to provide a current version. For
me it's a little bit strange why they provide an old version. Since a
couple of month openvpn is included in the official, maintained and
optional "vpn center" package.
Thanks
Christian
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Openvpn-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-users
