Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Hi, On Fri, Aug 16, 2019 at 12:42:46PM -0700, Rosen Penev wrote: > On Fri, Aug 16, 2019 at 12:31 PM Gert Doering wrote: > > > > Your patch has been applied to the master branch. > > > > Is this also suitable for release/2.4? "You folks tell me, I do the > > cherry-picking" (if it applies) :-) > 2.4 is what I did my testing on, so yes. So - took me a bit, but here we go. I backported this and the mbedtls explosive patch to release/2.4, for long-term compatibility reasons. commit 416532f8e4125adb7862b2dce5c2d47d85b260df (HEAD -> release/2.4, mattock/re lease/2.4) Author: Antonio Quartulli Date: Fri Aug 16 22:49:45 2019 +0200 mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free() commit 66b93b5e708b48778a5954fdcfe708b76b947a06 Author: Rosen Penev Date: Wed Jul 24 17:29:34 2019 +0200 openssl: Fix compilation without deprecated OpenSSL 1.1 APIs I've sent the combo to the buildslaves, and no explosions were seen - and besides them, I tested mbedtls 2.17.0, OpenSSL 1.1.1 and OpenSSL 1.0.2o locally (no explosions either). Good to go... :-) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Hi, On Fri, Aug 16, 2019 at 09:31:52PM +0200, Gert Doering wrote: > Your patch has been applied to the master branch. > > Is this also suitable for release/2.4? "You folks tell me, I do the > cherry-picking" (if it applies) :-) > > I have removed the extra spaces in "# if" constructs, as this is not > something we use elsewhere on nested CPP expressions (it came up in the > discussion, but was still part of this patch). > > Tested lightly with openssl 1.0.2o and 1.1.1. I should have tested with mbedtls :-/ - buildbot tells me that a good number of platforms have started core dumping on the mbedtls client tests with this commit. *** Error in `../src/openvpn/openvpn': free(): invalid next size (fast): +0x00c74850 *** ./t_client.sh: line 262: 8896 Aborted (core dumped) $RUN_SUDO +"${top_builddir}/src/openvpn/openvpn" $openvpn_conf >> $LOGDIR/$SUF:openvpn.log OpenVPN running with PID 8896 (I have seen this on fedora29 and one of the FreeBSDs, but there is "more red" - more details on mbedTLS versions in use can be provided) Steffan, if you could have a look, this would be most appreciated... gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH applied] Re: openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
On Fri, Aug 16, 2019 at 12:31 PM Gert Doering wrote: > > Your patch has been applied to the master branch. > > Is this also suitable for release/2.4? "You folks tell me, I do the > cherry-picking" (if it applies) :-) 2.4 is what I did my testing on, so yes. > > I have removed the extra spaces in "# if" constructs, as this is not > something we use elsewhere on nested CPP expressions (it came up in the > discussion, but was still part of this patch). > > Tested lightly with openssl 1.0.2o and 1.1.1. > > commit 8a01147ff77e4ae2e377744b89fbe4b6841b2bb0 (master) > Author: Rosen Penev > Date: Wed Jul 24 17:29:34 2019 +0200 > > openssl: Fix compilation without deprecated OpenSSL 1.1 APIs > > Signed-off-by: Rosen Penev > Signed-off-by: Arne Schwabe > Acked-by: Rosen Penev > Acked-by: Steffan Karger > Message-Id: <20190724152934.9884-1-a...@rfc2549.org> > URL: > https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg18700.html > Signed-off-by: Gert Doering > > > -- > kind regards, > > Gert Doering > ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel