Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Hi, On Fri, Aug 16, 2019 at 12:42:46PM -0700, Rosen Penev wrote: > On Fri, Aug 16, 2019 at 12:31 PM Gert Doering wrote: > > > > Your patch has been applied to the master branch. > > > > Is this also suitable for release/2.4? "You folks tell me, I do the > > cherry-picking" (if it applies) :-) > 2.4 is what I did my testing on, so yes. So - took me a bit, but here we go. I backported this and the mbedtls explosive patch to release/2.4, for long-term compatibility reasons. commit 416532f8e4125adb7862b2dce5c2d47d85b260df (HEAD -> release/2.4, mattock/re lease/2.4) Author: Antonio Quartulli Date: Fri Aug 16 22:49:45 2019 +0200 mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() commit 66b93b5e708b48778a5954fdcfe708b76b947a06 Author: Rosen Penev Date: Wed Jul 24 17:29:34 2019 +0200 openssl: Fix compilation without deprecated OpenSSL 1.1 APIs I've sent the combo to the buildslaves, and no explosions were seen - and besides them, I tested mbedtls 2.17.0, OpenSSL 1.1.1 and OpenSSL 1.0.2o locally (no explosions either). Good to go... :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Hi,
On Fri, Aug 16, 2019 at 09:31:52PM +0200, Gert Doering wrote:
> Your patch has been applied to the master branch.
>
> Is this also suitable for release/2.4? "You folks tell me, I do the
> cherry-picking" (if it applies) :-)
>
> I have removed the extra spaces in "# if" constructs, as this is not
> something we use elsewhere on nested CPP expressions (it came up in the
> discussion, but was still part of this patch).
>
> Tested lightly with openssl 1.0.2o and 1.1.1.
I should have tested with mbedtls :-/ - buildbot tells me that a good
number of platforms have started core dumping on the mbedtls client tests
with this commit.
*** Error in `../src/openvpn/openvpn': free(): invalid next size (fast):
+0x00c74850 ***
./t_client.sh: line 262: 8896 Aborted (core dumped) $RUN_SUDO
+"${top_builddir}/src/openvpn/openvpn" $openvpn_conf >> $LOGDIR/$SUF:openvpn.log
OpenVPN running with PID 8896
(I have seen this on fedora29 and one of the FreeBSDs, but there is
"more red" - more details on mbedTLS versions in use can be provided)
Steffan, if you could have a look, this would be most appreciated...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
On Fri, Aug 16, 2019 at 12:31 PM Gert Doering wrote: > > Your patch has been applied to the master branch. > > Is this also suitable for release/2.4? "You folks tell me, I do the > cherry-picking" (if it applies) :-) 2.4 is what I did my testing on, so yes. > > I have removed the extra spaces in "# if" constructs, as this is not > something we use elsewhere on nested CPP expressions (it came up in the > discussion, but was still part of this patch). > > Tested lightly with openssl 1.0.2o and 1.1.1. > > commit 8a01147ff77e4ae2e377744b89fbe4b6841b2bb0 (master) > Author: Rosen Penev > Date: Wed Jul 24 17:29:34 2019 +0200 > > openssl: Fix compilation without deprecated OpenSSL 1.1 APIs > > Signed-off-by: Rosen Penev > Signed-off-by: Arne Schwabe > Acked-by: Rosen Penev > Acked-by: Steffan Karger > Message-Id: <20190724152934.9884-1-a...@rfc2549.org> > URL: > https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18700.html > Signed-off-by: Gert Doering > > > -- > kind regards, > > Gert Doering > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Your patch has been applied to the master branch. Is this also suitable for release/2.4? "You folks tell me, I do the cherry-picking" (if it applies) :-) I have removed the extra spaces in "# if" constructs, as this is not something we use elsewhere on nested CPP expressions (it came up in the discussion, but was still part of this patch). Tested lightly with openssl 1.0.2o and 1.1.1. commit 8a01147ff77e4ae2e377744b89fbe4b6841b2bb0 (master) Author: Rosen Penev Date: Wed Jul 24 17:29:34 2019 +0200 openssl: Fix compilation without deprecated OpenSSL 1.1 APIs Signed-off-by: Rosen Penev Signed-off-by: Arne Schwabe Acked-by: Rosen Penev Acked-by: Steffan Karger Message-Id: <20190724152934.9884-1-a...@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18700.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
