Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-26 Thread Steffan Karger
On 22-04-2020 10:27, Jan Just Keijser wrote: > On 22/04/20 10:13, Arne Schwabe wrote: SSL_check_chain() function". Which we don't, I just grepped through our source tree. So, unless I misunderstand something about OpenSSL intricacies, I think we're safe - no new

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-22 Thread Jan Just Keijser
Hi Arne, On 22/04/20 10:13, Arne Schwabe wrote: SSL_check_chain() function". Which we don't, I just grepped through our source tree. So, unless I misunderstand something about OpenSSL intricacies, I think we're safe - no new installers needed, and OpenVPN is not in risk. the advisory

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-22 Thread Gert Doering
Hi, On Wed, Apr 22, 2020 at 10:21:52AM +0200, Christian Hesse wrote: > > So, speaking to myself again :-) - I've looked at the advisory, and > > it talks about "Server or client applications that call the > > SSL_check_chain() function". > > Are you sure that openvpn code does not call any

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-22 Thread Christian Hesse
Gert Doering on Tue, 2020/04/21 20:59: > Hi, > > On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote: > > On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote: > > >     Will the sec issue with OpenSSL force a new release of OpenVPN ? > > > > > >

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-22 Thread Arne Schwabe
>> SSL_check_chain() function". >> >> Which we don't, I just grepped through our source tree. >> >> So, unless I misunderstand something about OpenSSL intricacies, I think >> we're safe - no new installers needed, and OpenVPN is not in risk. >> >> > the advisory applies only to application that

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-22 Thread Jan Just Keijser
Hi Gert, On 21/04/20 20:59, Gert Doering wrote: Hi, On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote: On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote:     Will the sec issue with OpenSSL force a new release of OpenVPN ?

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-21 Thread Gert Doering
Hi, On Tue, Apr 21, 2020 at 08:37:35PM +0200, Gert Doering wrote: > On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote: > >     Will the sec issue with OpenSSL force a new release of OpenVPN ? > > > > https://www.openssl.org/news/secadv/20200421.txt So, speaking to myself again :-) -

Re: [Openvpn-devel] [Openvpn-users] new openssl = new OpenVPN release ?

2020-04-21 Thread Gert Doering
Hi, On Tue, Apr 21, 2020 at 02:15:43PM -0400, mike tancsa wrote: >     Will the sec issue with OpenSSL force a new release of OpenVPN ? > > https://www.openssl.org/news/secadv/20200421.txt This is a question better asked on the openvpn-devel list. But anyway: normally we do not statically link