subject:"\[Openvpn\-devel\] \[PATCH\] Add a warning that we do not officially support LibreSSL"

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

2019-01-23 Thread Arne Schwabe



>> I considered that (modulo the sleep 60) and wrote the code to do the
>> configure check, but then thought that a not-suppressible warning in the
>> logs would be sufficient.  I still think it is, but don't mind re-adding
>> it to configure.ac if you prefer that.
> 
> As an OpenBSD developer and the maintainer of our OpenVPN port,
> I certainly care about building and using OpenVPN with LibreSSL.
> I have already provided patches in the past, and yesterday I pushed
> compat glue in LibreSSL so that openvpn-2.4.5 can build on OpenBSD
> (-current).
> 
> So I'm wondering what would be needed to consider LibreSSL "supported".
> 
> I hear that there are concerns over LibreSSL not being API-compatible
> with OpenSSL.  As you may have noticed, LibreSSL recently introduced
> lots of OpenSSL-1.1+ interfaces.  While there is no plan to support the
> full OpenSSL-1.1 API (tons of functions were added, not all of them seem
> useful...), the intent is to provide what the ecosystem actually needs.
> I can probably serve as a bridge between the two projects here.
> 
> If you see other points where I - or anyone else - can help, please
> share. :)
>

With my recent commits that use more OpenSSL 1.1.1 features building
with LibreSSL breaks again since it claims to be OpenSSL 2.0 or
something ridiculous like that. In my book claiming to support APIs you
don't even know is a bad move.

With the current situation I would also ACK this patch. I see no good
way at the moment for supporting LibreSSL.

Arne


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

2018-03-04 Thread Jeremie Courreges-Anglas

On Sun, Mar 04 2018, Steffan Karger  wrote:
> Hi,
>
> On 04-03-18 10:08, Gert Doering wrote:
>> On Thu, Mar 01, 2018 at 12:11:23AM +0100, Steffan Karger wrote:
>>> As discussed in the community meeting of 13-12-2017, we should warn our
>>> users that LibreSSL is not officially supported.  We expect that it
>>> currently works, but it might suddenly break or we might decide to no
>>> longer build against LibreSSL in the future.
>> 
>> Generally speaking, I agree.
>> 
>> Should we also add a warning (+ sleep 60 to be extra-annoying?) to
>> configure if LibreSSL is detected?
>
> I considered that (modulo the sleep 60) and wrote the code to do the
> configure check, but then thought that a not-suppressible warning in the
> logs would be sufficient.  I still think it is, but don't mind re-adding
> it to configure.ac if you prefer that.

As an OpenBSD developer and the maintainer of our OpenVPN port,
I certainly care about building and using OpenVPN with LibreSSL.
I have already provided patches in the past, and yesterday I pushed
compat glue in LibreSSL so that openvpn-2.4.5 can build on OpenBSD
(-current).

So I'm wondering what would be needed to consider LibreSSL "supported".

I hear that there are concerns over LibreSSL not being API-compatible
with OpenSSL.  As you may have noticed, LibreSSL recently introduced
lots of OpenSSL-1.1+ interfaces.  While there is no plan to support the
full OpenSSL-1.1 API (tons of functions were added, not all of them seem
useful...), the intent is to provide what the ecosystem actually needs.
I can probably serve as a bridge between the two projects here.

If you see other points where I - or anyone else - can help, please
share. :)

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

signature.asc
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

2018-03-04 Thread Steffan Karger

Hi,

On 04-03-18 10:08, Gert Doering wrote:
> On Thu, Mar 01, 2018 at 12:11:23AM +0100, Steffan Karger wrote:
>> As discussed in the community meeting of 13-12-2017, we should warn our
>> users that LibreSSL is not officially supported.  We expect that it
>> currently works, but it might suddenly break or we might decide to no
>> longer build against LibreSSL in the future.
> 
> Generally speaking, I agree.
> 
> Should we also add a warning (+ sleep 60 to be extra-annoying?) to
> configure if LibreSSL is detected?

I considered that (modulo the sleep 60) and wrote the code to do the
configure check, but then thought that a not-suppressible warning in the
logs would be sufficient.  I still think it is, but don't mind re-adding
it to configure.ac if you prefer that.

-Steffan



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

2018-03-04 Thread Gert Doering

Hi,

On Thu, Mar 01, 2018 at 12:11:23AM +0100, Steffan Karger wrote:
> As discussed in the community meeting of 13-12-2017, we should warn our
> users that LibreSSL is not officially supported.  We expect that it
> currently works, but it might suddenly break or we might decide to no
> longer build against LibreSSL in the future.

Generally speaking, I agree.

Should we also add a warning (+ sleep 60 to be extra-annoying?) to
configure if LibreSSL is detected?

gert
-- 
now what should I write here...

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

2018-03-01 Thread Steffan Karger

[resending because the list rejected my mail from yesterday...]

On 1 March 2018 at 00:11, Steffan Karger  wrote:
> +msg(M_WARN, "WARNING: This OpenVPN was built against LibreSSL. "
> +"This might work, but is *not* supported and can break at any time.")

Gah, this of course needs a ; at the end of the line - forgot to amend
the commit before git send-email...

-Steffan

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

Re: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL

5 matches

Site Navigation

Mail list logo

Footer information