Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-07-07 Thread Andy Lemin
Hi Stuart and Joel, Just to confirm for others reading, you are very correct. And patch 014_libcrypto has fixed this :) So just run syspatch (or openup) and you'll be working again. Thanks for the commits ;) PS; good to hear from you again Stuart! Long time.. I'm on this email now rather

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-07-03 Thread Joel Sing
On Tuesday 20 June 2017 23:26:10 Andrew Lemin wrote: > Hi, > > Sadly in my testing it seems that CVE-2017-8301 ( > http://seclists.org/oss-sec/2017/q2/145) is still broken with the > latest LibreSSL > (2.5.4) and OpenVPN 2.4.2. > > Here is someone else reporting the same issue; >

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-06-22 Thread Stuart Henderson
On 2017-06-22, Stuart Henderson wrote: > On 2017-06-20, Andrew Lemin wrote: >> Has anyone else come across any issues recently with Openvpn, Libressl and >> TLS on OpenBSD 6.1? > > Yes there have been problems reported like this: (This is from the >

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-06-22 Thread Stuart Henderson
On 2017-06-20, Andrew Lemin wrote: > Has anyone else come across any issues recently with Openvpn, Libressl and > TLS on OpenBSD 6.1? Yes there have been problems reported like this: (This is from the "Investigating self-signed cert behavior change" posts on the libressl

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-06-20 Thread Andrew Lemin
Hi, Sadly in my testing it seems that CVE-2017-8301 ( http://seclists.org/oss-sec/2017/q2/145) is still broken with the latest LibreSSL (2.5.4) and OpenVPN 2.4.2. Here is someone else reporting the same issue; https://discourse.trueos.org/t/libre-openssl-tls-error-when-using-openvpn/1358/4 Of

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-06-20 Thread Andy Lemin
I've just found this hint on GitHub for the Openvpn compile options for Libressl; https://gist.github.com/gsora/2b3e9eb31c15a356c7662b0f960e2995 So will try a build later tonight and share back here if that CVE is fixed. Would prefer to rebuild with the same options as the packaged binary, and

Libressl issue verifying self-signed certs with tls-auth and Openvpn

2017-06-20 Thread Andrew Lemin
Hi Misc, Has anyone else come across any issues recently with Openvpn, Libressl and TLS on OpenBSD 6.1? I am using an .ovpn file with TLS auth static key and cert inline within the file, to connect to VPN service. Running openvpn binary from command line without any special params, just .ovpn