Hi Misc, Has anyone else come across any issues recently with Openvpn, Libressl and TLS on OpenBSD 6.1?
I am using an .ovpn file with TLS auth static key and cert inline within the file, to connect to VPN service. Running openvpn binary from command line without any special params, just .ovpn file. I have tested this is working fine on a Linux server with same config (using Openssl), so the server side, CA and cert are fine etc. I noticed on the Linux server the line; "Control Channel Authentication: tls-auth using INLINE static key file", but I do not see this debug on the OpenBSD version. Wondered if Libressl is not negotiating tls properly. I have since found CVE-2017-8301 which I believe is related. And confirmed that OpenBSD 6.1 seems to be running LibreSSL version 2.5.2 The CVE shows issue known between 2.5.1 and 2.5.3, and looking at the OpenBSD trees I can see 2.5.4 was cut around 1st of May.. I used MTier to grab all major patches etc, but LibreSSL not in patch list yet. openvpn did have a minor. So downloaded Libressl 2.5.4 source, compiled and installed as per INSTALL etc.. However notice that openvpn is still linking to 2.5.2. It would be great if someone would be kind enough to confirm if this CVE is indeed the same issue, and if 2.5.4 includes the relevant fixes for it? And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4 install? Thanks for your time. Kind regards, Andy Lemin Sent from a teeny tiny keyboard, so please excuse typos
