Re: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

[Илья Шипицин]

it sounds strange (it does not make a lot of sense), but we can build
openssl without TLS1.3 support

чт, 17 окт. 2019 г. в 19:27, Selva Nair :

> On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov  wrote:
> >
> > Hi François,
> >
> > François Kooman kirjoitti 17.10.2019 klo 13.39:
> >
> > > "Version 1.1.0 will be supported until 2019-09-11" [1].
> > >
> > > Is there a plan to update to 1.1.1 for the Windows client?
> >
> > Indeed, there is probably no reason to not to switch to newer version.
> > We'll include 1.1.1 into the next release.
>
> Use of 1.1.1 on both client ans server side will default to PSS padding
> for RSA signature (for TLS 1.2 and 1.3) and break
> --management-external-key.
>
> So hold-off on building Windows release with 1.1.1 unless
> we can get https://patchwork.openvpn.net/patch/587/ finalized by then.
>
> Selva
>
>
> ___
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

[Selva Nair]

On Thu, Oct 17, 2019 at 8:11 AM Lev Stipakov  wrote:
>
> Hi François,
>
> François Kooman kirjoitti 17.10.2019 klo 13.39:
>
> > "Version 1.1.0 will be supported until 2019-09-11" [1].
> >
> > Is there a plan to update to 1.1.1 for the Windows client?
>
> Indeed, there is probably no reason to not to switch to newer version.
> We'll include 1.1.1 into the next release.

Use of 1.1.1 on both client ans server side will default to PSS padding
for RSA signature (for TLS 1.2 and 1.3) and break
--management-external-key.

So hold-off on building Windows release with 1.1.1 unless
we can get https://patchwork.openvpn.net/patch/587/ finalized by then.

Selva


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

[Lev Stipakov]

Hi François,

François Kooman kirjoitti 17.10.2019 klo 13.39:

> "Version 1.1.0 will be supported until 2019-09-11" [1].
> 
> Is there a plan to update to 1.1.1 for the Windows client?

Indeed, there is probably no reason to not to switch to newer version.
We'll include 1.1.1 into the next release.

This patch works just fine with 1.1.1, but I'll send v2 which states
that it supports 1.1.x instead of 1.1.0.

-Lev



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

[François Kooman]

On 17.10.19 11:28, Lev Stipakov wrote:
> Since we release Windows client with OpenSSL 1.1.0,
> it makes sense to switch to this version in VS build.
> 
> This patch adds msvc-specific defines which imply
> that underlying OpenSSL is 1.1.0.

"Version 1.1.0 will be supported until 2019-09-11" [1].

Is there a plan to update to 1.1.1 for the Windows client?

Regards,
François

[1] https://www.openssl.org/policies/releasestrat.html


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] msvc: OpenSSL 1.1.0 support

[Lev Stipakov]

From: Lev Stipakov 

Since we release Windows client with OpenSSL 1.1.0,
it makes sense to switch to this version in VS build.

This patch adds msvc-specific defines which imply
that underlying OpenSSL is 1.1.0.

Also OpenSSL library names in project file are updated.

Signed-off-by: Lev Stipakov 
---
 config-msvc.h   | 37 +
 src/openvpn/openvpn.vcxproj |  8 
 2 files changed, 41 insertions(+), 4 deletions(-)

diff --git a/config-msvc.h b/config-msvc.h
index 45fae8b..2f2d98f 100644
--- a/config-msvc.h
+++ b/config-msvc.h
@@ -76,6 +76,43 @@
 #define HAVE_POLL 1
 
 #define HAVE_OPENSSL_ENGINE 1
+/* hardcode OpenSSL 1.1.0 support */
+#define HAVE_EVP_MD_CTX_RESET 1
+#define HAVE_EVP_MD_CTX_FREE 1
+#define HAVE_EVP_MD_CTX_NEW 1
+#define HAVE_HMAC_CTX_RESET 1
+#define HAVE_HMAC_CTX_FREE 1
+#define HAVE_HMAC_CTX_NEW 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB_USERDATA 1
+#define HAVE_SSL_CTX_GET_DEFAULT_PASSWD_CB 1
+#define HAVE_X509_GET0_PUBKEY 1
+#define HAVE_X509_STORE_GET0_OBJECTS 1
+#define HAVE_X509_OBJECT_FREE 1
+#define HAVE_X509_OBJECT_GET_TYPE 1
+#define HAVE_EVP_PKEY_GET0_RSA 1
+#define HAVE_EVP_PKEY_GET0_EC_KEY 1
+#define HAVE_EVP_PKEY_ID 1
+#define HAVE_EVP_PKEY_GET0_DSA 1
+#define HAVE_RSA_SET_FLAGS 1
+#define HAVE_RSA_GET0_KEY 1
+#define HAVE_RSA_SET0_KEY 1
+#define HAVE_RSA_BITS 1
+#define HAVE_DSA_GET0_PQG 1
+#define HAVE_DSA_BITS 1
+#define HAVE_RSA_METH_NEW 1
+#define HAVE_RSA_METH_FREE 1
+#define HAVE_RSA_METH_SET_PUB_ENC 1
+#define HAVE_RSA_METH_SET_PUB_DEC 1
+#define HAVE_RSA_METH_SET_PRIV_ENC 1
+#define HAVE_RSA_METH_SET_PRIV_DEC 1
+#define HAVE_RSA_METH_SET_INIT 1
+#define HAVE_RSA_METH_SET_SIGN 1
+#define HAVE_RSA_METH_SET_FINISH 1
+#define HAVE_RSA_METH_SET0_APP_DATA 1
+#define HAVE_RSA_METH_GET0_APP_DATA 1
+#define HAVE_EC_GROUP_ORDER_BITS 1
+#define OPENSSL_NO_EC 1
+#define HAVE_EVP_CIPHER_CTX_RESET 1
 
 #define PATH_SEPARATOR '\\'
 #define PATH_SEPARATOR_STR "\\"
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 3b0ee60..42b 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -78,7 +78,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -91,7 +91,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -104,7 +104,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
@@ -117,7 +117,7 @@
 
 
 
-  
legacy_stdio_definitions.lib;Ncrypt.lib;libeay32.lib;ssleay32.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
+  
legacy_stdio_definitions.lib;Ncrypt.lib;libssl.lib;libcrypto.lib;lzo2.lib;pkcs11-helper.dll.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;%(AdditionalDependencies)
   
$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)
   Console
 
-- 
2.7.4



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel