On Thu, Mar 1, 2018 at 6:14 AM, Simon Matter <simon.mat...@invoca.ch> wrote:
> Hi,
>
> I've just done some test builds with 2.4.5 tagged version.
>
> Attached patch makes it build with older systems. Do you see any issue
> with the change?
.. from the attachment
> --- openvpn-2.4.5/src/openvpn/openssl_compat.h.orig 2018-02-28
> 21:56:54.000000000 +0100
> +++ openvpn-2.4.5/src/openvpn/openssl_compat.h 2018-03-01 11:44:57.000000000
> +0100
> @@ -672,14 +672,18 @@
> {
> return TLS1_VERSION;
> }
> +#ifdef SSL_OP_NO_TLSv1_1
> if (!(sslopt & SSL_OP_NO_TLSv1_1))
> {
> return TLS1_1_VERSION;
> }
> +#endif
> +#ifdef SSL_OP_NO_TLSv1_2
> if (!(sslopt & SSL_OP_NO_TLSv1_2))
> {
> return TLS1_2_VERSION;
> }
> +#endif
> return 0;
> }
>
> #endif /* SSL_CTX_get_min_proto_version */
These ifdefs are needed for older openssl (e.g., 0.9.8), but how did we miss it?
Turns out commit 2d705accea3e538a555631ef7c39eb4bc4fd4acf cherry-picked
from f8a92a4393a was not fully ripe..
As we do not support Windows build using pre 1.0 openssl, this is the
only change needed. So ACK, assuming a commit message and Author: may
be slapped on during merge.
Acked-by: Selva Nair <selva.n...@gmail.com>
Selva
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
