> I like the new approach a lot.
> It definitely helps keeping track of "what compat code do we need? and
> for which version?"
>
> Just one suggestion:
> I think it would still be useful to add a comment on the #endif line to
> explicitly say what if we are closing.
>
> i.e:
>
> #endif /*
Hi,
On 06/04/2021 18:25, Arne Schwabe wrote:
> While the check if all socket related functions are present sounds like
> a good idea in theory, in reality it just adds time to configure runs.
>
> Our poll check on windows is currently only depending on sys/poll.h
> non-existance. Make the check
Hi,
On 06/04/2021 18:25, Arne Schwabe wrote:
> For the unlink function we actually have code that just ignores
> the unlink call if the unlink function is not present. But all
> platforms should have an unlink function.
>
> This also removes all conditionals check for the headers that
> belong
Hi,
On 06/04/2021 18:25, Arne Schwabe wrote:
> Use the modern names instead of the old GCM specific ones. AEAD instead
> GCM makes especially sense when using Chacha20-Poly1305.
>
> Signed-off-by: Arne Schwabe
This looks good and does not trigger issues on my build rig.
The manpage also
Hi,
On 06/04/2021 18:25, Arne Schwabe wrote:
> These checks for the functions take a lot of time in configure call and
> also having these checks make it more blurry for which of the supported
> OpenSSL versions (and libraries claiming to be OpenSSL) are actually
> needed.
>
> Tested with
Hi,
On Tue, Apr 06, 2021 at 10:39:59PM +0200, Antonio Quartulli wrote:
> Gert should be able to test on *more ancient things* that we still support.
Hardly :-) - David maintains the software museum.
My oldest machine is FreeBSD 7.4, which has been EOLed since like
ages, and even that one has
Hi,
On 06/04/2021 18:25, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe
As expected this patch creates no issues on the platforms I could test
(mingw, gcc-10 and gcc-9).
Acked-by: Antonio Quartulli
Gert should be able to test on *more ancient things* that we still support.
Regards,
--
> > }
> >
> > void
> > +make_empty_crl(struct tls_root_ctx *ctx)
> > +{
> > +if (ctx->crl == NULL)
> > +{
> > +ALLOC_OBJ_CLEAR(ctx->crl, mbedtls_x509_crl);
> > +}
> > +else
> > +{
> > +mbedtls_x509_crl_free(ctx->crl);
> > +}
> > +}
> > +
>
> This function
Am 06.04.21 um 13:51 schrieb Antonio Quartulli:
> Hi,
>
> On 06/04/2021 13:14, Gert Doering wrote:
>> Now... what *is* the oldest mbedtls version we should reasonably support?
>>
>> For OpenSSL, we're stuck to 1.0.2 for the time being as that's still
>> the primary (and bugfix-backported) version
For the unlink function we actually have code that just ignores
the unlink call if the unlink function is not present. But all
platforms should have an unlink function.
This also removes all conditionals check for the headers that
belong to the C99 standard library header list
While the check if all socket related functions are present sounds like
a good idea in theory, in reality it just adds time to configure runs.
Our poll check on windows is currently only depending on sys/poll.h
non-existance. Make the check and comment more explicit.
Signed-off-by: Arne Schwabe
These checks for the functions take a lot of time in configure call and
also having these checks make it more blurry for which of the supported
OpenSSL versions (and libraries claiming to be OpenSSL) are actually
needed.
Tested with OpenSSL 1.1.1(Ubuntu 20, macOS), 1.0.2 (CentOS7),
1.1.0 (Debian
Signed-off-by: Arne Schwabe
---
compat.m4 | 18 --
configure.ac | 8
src/openvpn/syshead.h | 4 +---
3 files changed, 1 insertion(+), 29 deletions(-)
diff --git a/compat.m4 b/compat.m4
index 47650f6d3..8fa9abee1 100644
--- a/compat.m4
+++
Use the modern names instead of the old GCM specific ones. AEAD instead
GCM makes especially sense when using Chacha20-Poly1305.
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto_openssl.c | 4 ++--
src/openvpn/openssl_compat.h | 5 +
2 files changed, 7 insertions(+), 2 deletions(-)
diff
Hi,
On 06/04/2021 13:14, Gert Doering wrote:
> Now... what *is* the oldest mbedtls version we should reasonably support?
>
> For OpenSSL, we're stuck to 1.0.2 for the time being as that's still
> the primary (and bugfix-backported) version on FreeBSD 11 and on RHEL
> versions still supported.
Hi,
On Tue, Apr 06, 2021 at 10:55:52AM +, Maximilian Fillinger wrote:
> > This change will break compilation with anything that is < 2.16.0.
>
> This function is deprecated in 2.16. I don't mind keeping this change to
> OpenVPN-NL for now, but for future reference, what's the best solution
>
> Am 02.04.21 um 15:26 schrieb Max Fillinger:
> > From: Uipko Berghuis
> >
> > In mbedtls 2.16.0 mbedtls_ctr_drbg_update() changed to
> > mbedtls_ctr_drbg_update_ret(). Change the function name and handle the
> > new return value error code.
> > ---
> > src/openvpn/ssl_mbedtls.c | 5 -
> > 1
17 matches
Mail list logo