Re: [Openvpn-devel] [RFC PATCH v1 05/15] OpenSSL: don't use direct access to the internal of X509

Hi, On Thu, Mar 02, 2017 at 09:36:32PM +0100, Steffan Karger wrote: > So, what I propose instead is: > * remove all the nsCertType code (except the option in add_option()) > * update the help strings and man page to indicate that --ns-cert-type > is no longer supported and --remote-cert-tls

Re: [Openvpn-devel] [RFC PATCH v2 15/15] OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()

Hi, On 20-02-17 15:32, Emmanuel Deloget wrote: > The behavior of EVP_CipherInit() changed in OpenSSL 1.1 -- instead > of clearing the context when the cipher parameter was !NULL, it now > clears the context unconditionnaly. As a result, subsequent calls > to the function with additional

Re: [Openvpn-devel] [RFC PATCH v1 13/15] OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1

Hi, On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > The old symbols do not exist anymore but the library gained new > equivalent symbols (OSSL). Use them instead of the old ones > > Signed-off-by: Emmanuel Deloget > --- >

Re: [Openvpn-devel] [RFC PATCH v1 05/15] OpenSSL: don't use direct access to the internal of X509

Hi, On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including X509. We have to use the defined > functions to do so. > > In x509_verify_ns_cert_type() in particular, this

Re: [Openvpn-devel] [PATCH v3 04/15] OpenSSL: don't use direct access to the internal of RSA_METHOD

Hi, On 23-02-17 15:35, Emmanuel Deloget wrote: > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including RSA_METHOD. We have to use the defined > functions to do so. > > Compatibility with OpenSSL 1.0 is kept by defining the corresponding > functions when they