Hi, On Tue, Apr 22, 2014 at 02:31:44PM +0100, George Ross wrote: > > No, the other parts are unrelated. Could you please give git master a > > try? > > Will do, though it may be next week now, as I have meetings scheduled for > the rest of this week. > > I see we're still on -users. I'm happy to move to -devel if you prefer.
In general, -devel might be a better choice for, uh, development issues :-)
but since this started here, let's keep the thread in one piece...
> > Which bits do not apply? If it's only the PolarSSL bits, you can leave
> > them off for the test.
>
> Unfortunately not. Here's the .rej file:
>
> --- src/openvpn/ssl_openssl.c
> +++ src/openvpn/ssl_openssl.c
> @@ -94,22 +94,32 @@
> }
>
> void
> -tls_ctx_server_new(struct tls_root_ctx *ctx)
> +tls_ctx_server_new(struct tls_root_ctx *ctx, unsigned int ssl_flags)
> {
> + const int tls_version_min = (ssl_flags >> SSLF_TLS_VERSION_SHIFT) &
> SSLF_TLS_VERSION_MASK;
> +
> ASSERT(NULL != ctx);
>
> - ctx->ctx = SSL_CTX_new (SSLv23_server_method ());
> + if (tls_version_min > TLS_VER_UNSPEC)
> + ctx->ctx = SSL_CTX_new (SSLv23_server_method ());
> + else
> + ctx->ctx = SSL_CTX_new (TLSv1_server_method ());
Meh. That's about the core of the patch, so yes, you need it.
Let's see if "master+patch" fixes that for you.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany [email protected]
fax: +49-89-35655025 [email protected]
pgpPQFXNcroK8.pgp
Description: PGP signature
------------------------------------------------------------------------------ Start Your Social Network Today - Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - Social, Extensible, Cloud Ready Get Started Now And Turn Your Intranet Into A Collaboration Platform http://p.sf.net/sfu/ExoPlatform
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
