On 22-04-2020 10:27, Jan Just Keijser wrote:
> On 22/04/20 10:13, Arne Schwabe wrote:
SSL_check_chain() function".
Which we don't, I just grepped through our source tree.
So, unless I misunderstand something about OpenSSL intricacies, I think
we're safe - no new
Hi Arne,
On 22/04/20 10:13, Arne Schwabe wrote:
SSL_check_chain() function".
Which we don't, I just grepped through our source tree.
So, unless I misunderstand something about OpenSSL intricacies, I think
we're safe - no new installers needed, and OpenVPN is not in risk.
the advisory
Hi,
On Wed, Apr 22, 2020 at 10:21:52AM +0200, Christian Hesse wrote:
> > So, speaking to myself again :-) - I've looked at the advisory, and
> > it talks about "Server or client applications that call the
> > SSL_check_chain() function".
>
> Are you sure that openvpn code does not call any
Gert Doering on Tue, 2020/04/21 20:59:
> Hi,
>
> On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote:
> > On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote:
> > > Will the sec issue with OpenSSL force a new release of OpenVPN ?
> > >
> > >
>> SSL_check_chain() function".
>>
>> Which we don't, I just grepped through our source tree.
>>
>> So, unless I misunderstand something about OpenSSL intricacies, I think
>> we're safe - no new installers needed, and OpenVPN is not in risk.
>>
>>
> the advisory applies only to application that
Hi Gert,
On 21/04/20 20:59, Gert Doering wrote:
Hi,
On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote:
On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote:
Will the sec issue with OpenSSL force a new release of OpenVPN ?
Hi,
On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote:
> On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote:
> > Will the sec issue with OpenSSL force a new release of OpenVPN ?
> >
> > https://www.openssl.org/news/secadv/20200421.txt
So, speaking to myself again :-) -
Hi,
On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote:
> Will the sec issue with OpenSSL force a new release of OpenVPN ?
>
> https://www.openssl.org/news/secadv/20200421.txt
This is a question better asked on the openvpn-devel list.
But anyway: normally we do not statically link