Attention is currently required from: plaisthos, syzzer. MaxF has posted comments on this change by MaxF. ( http://gerrit.openvpn.net/c/openvpn/+/1441?usp=email )
Change subject: Add support for Mbed TLS 4 ...................................................................... Patch Set 7: (3 comments) Patchset: PS5: > There is something wrong with connecting to an OpenSSL based OpeNVPN, e.g. > against community VPN: […] After looking around a bit, I found that this error code isn't exactly an error, but it's meant to tell the application "there's a new session ticket, if you want to do anything with that" (see e.g. https://github.com/Mbed-TLS/mbedtls/issues/8749). In 3.6 it used to be the case that you had to opt in to that by calling mbedtls_ssl_conf_tls13_enable_signal_new_session_tickets but that function seems to be gone. Disabling session tickets altogether with mbedtls_ssl_conf_session_tickets doesn't seem to do anything in TLS 1.3 either. I did a git grep on the mbedtls source, it doesn't seem to be checked at all in ssl_tls13.c. So ultimately I decided to just treat this error code like WANT_READ or WANT_WRITE and keep running. With that change, I can connect an openvpn-mbedtls client to an openssl server, and ignoring the error doesn't seem to cause any problems. Patchset: PS6: Fixed connecting an mbedtls client to an openssl server. Also updated README.mbedtls. File src/openvpn/ssl_mbedtls.c: http://gerrit.openvpn.net/c/openvpn/+/1441/comment/9eb67876_ce448f68?usp=email : PS5, Line 610: { > /Users/arne/oss/openvpn-git/src/openvpn/ssl_mbedtls. […] Fixed. The unused function is ifdefd out now. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1441?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: Ib251d546d993b96ed3bd8cb9111bcc627cdb0fae Gerrit-Change-Number: 1441 Gerrit-PatchSet: 7 Gerrit-Owner: MaxF <[email protected]> Gerrit-Reviewer: flichtenheld <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]> Gerrit-CC: syzzer <[email protected]> Gerrit-Attention: plaisthos <[email protected]> Gerrit-Attention: syzzer <[email protected]> Gerrit-Comment-Date: Thu, 22 Jan 2026 17:47:18 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <[email protected]>
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
