Thanks for the debdiff, Jorge!
I understand your patch is fixing up the previous d/p/OpenSSL3.patch,
but usually it's preferred to keep them ordered chronologically in the
series file. In your case that didn't cause any conflicts as the
remaining patches touched on separate files, but please keep this in
mind for future changes. Also, your changelog header still has the
UNRELEASED string, note that this should be 'jammy'.
The DEP-3 headers for your patch look good, but I have a question on the
contents themselves: I noticed that other providers are tested with an
ASSERT call after they're loaded. Is this not needed for the FIPS
provider? You mentioned that on non-FIPS systems the provider would be
NULL, so I wonder if we should have other tests for that? (i.e. an
ASSERT there would most likely fail, according to what you report,
right?)
Essentially, I'd like to see a bit more in the "Where problems could
occur" section. If there's a way to only load the FIPS provider when
it's needed or test that it's valid before proceeding, that'd be great.
It'd be an unfortunate regression to have a NULL provider de-referenced
later on in some of the openvpn code, causing it to crash with a
SIGSEGV.
** Changed in: openvpn (Ubuntu Jammy)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077769
Title:
fips-preview break openvpn ciphers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2077769/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
