Hi, On Fri, Nov 05, 2021 at 05:03:21PM +0100, Gert Doering wrote: > (Client-side) tested with 1.1.1 and 3.0.0. > > Without options, my sha1 certificates still fail for the 3.0.0 build, > and *with* "tls-cert-profile insecure" it works. > > Your patch has been applied to the master branch. > > commit 23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67 > Author: Arne Schwabe > Date: Fri Oct 29 13:24:07 2021 +0200 > > Add insecure tls-cert-profile options
Based on the discussion on IRC (just now) I have applied this to 2.5 as well - Ubuntu 22.04 builds with OpenSSL 3.0.x, and without that patch, existing user setups with sha1 certs will break and no option to work around that. commit 7b1b100557608db8a311d06f7578ceb7c4d33aa6 (HEAD -> release/2.5) Author: Arne Schwabe <[email protected]> Date: Fri Oct 29 13:24:07 2021 +0200 Add insecure tls-cert-profile options (cherry picked from commit 23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67) gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
