Re: [Openvpn-devel] [PATCH applied] Re: using OpenSSL3 API for EVP PKEY type name reporting

e not investigated how to actually trigger these code lines. Your patch has been applied to the master and release/2.6 branch. commit 6c111be9b109a6dbcd39cac7821ea3dd78ff6adf (master) commit a05ec70edd5178aac7b7432c57878c32aa838013 (release/2.6) Author: Michael Baentsch Date: Sun Mar 19 08:54:41 2

[Openvpn-devel] [PATCH] using OpenSSL3 API for EVP PKEY type name reporting

Signed-off-by: Michael Baentsch --- src/openvpn/ssl_openssl.c | 26 +++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 2b932af9..65b36d1c 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn

Re: [Openvpn-devel] [PATCH] Enable usage of TLS groups not identified by a NID in OpenSSL 3

Am 29.03.22 um 12:28 schrieb Gert Doering: Hi, On Tue, Mar 29, 2022 at 07:37:09AM +0200, Michael Baentsch wrote: From: Michael <57787676+baent...@users.noreply.github.com> OpenSSL3 prefers to specify groups (including EC groups) with names instead of NID to allow also groups pr

[Openvpn-devel] [PATCH] Enable usage of TLS groups not identified by a NID in OpenSSL 3

From: Michael <57787676+baent...@users.noreply.github.com> OpenSSL3 prefers to specify groups (including EC groups) with names instead of NID to allow also groups provided by providers. This commit also removes the mapping of secp256r1 to prime256v1 for the OpenSSL3 code path as OpenSSL 3.0

Re: [Openvpn-devel] [PATCH] Enablement of quantum-safe key establishment

Am 28.03.22 um 13:52 schrieb Arne Schwabe: Am 27.03.22 um 17:52 schrieb Michael Baentsch: Thanks again for your explanations: I finally figured out to correct my git send-email configuration `smtpencryption` to be set to "ssl" (instead of "tls": The latter caused a hang tha

[Openvpn-devel] [PATCH] correct tls-groups for OpenSSL3

From: Michael <57787676+baent...@users.noreply.github.com> --- src/openvpn/ssl_openssl.c | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index b8595174..af97dabc 100644 --- a/src/openvpn/ssl_openssl.c +++

Re: [Openvpn-devel] [PATCH] Enablement of quantum-safe key establishment

03/2022 16:04, Arne Schwabe wrote: Am 25.03.22 um 08:21 schrieb Michael Baentsch: Thanks very much for the quick and thorough feedback. Indeed your last question is pivotal making the patch _much_ simpler (attached): The problem manifests itself only in the presence of providers introduced in

Re: [Openvpn-devel] [PATCH] Enablement of quantum-safe key establishment

permitted as of OpenSSL3.0... So all other observations below are moot/should be resolved with the much simpler new patch attached. Feel free to delete/amend the comment changes as you see fit. --Michael Am 24.03.22 um 18:48 schrieb Arne Schwabe: Am 24.03.22 um 14:40 schrieb Michael Baents

[Openvpn-devel] [PATCH] Enablement of quantum-safe key establishment

Hello,    as per https://community.openvpn.net/openvpn/ticket/1460 the current openvpn master fails when activating a TLS1.3 group implemented in an external provider. The patch attached fixes this and enables successful OpenSSL key establishment using any of the quantum-safe and hybrid