From patchwork Wed Feb 28 12:11:23 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffan Karger X-Patchwork-Id: 254 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.27.255.51]) by backend30.mail.ord1d.rsapps.net (Dovecot) with LMTP id 01dKKdQ8l1oENwAAIUCqbw for ; Wed, 28 Feb 2018 18:35:48 -0500 Received: from proxy20.mail.iad3a.rsapps.net ([172.27.255.51]) by director8.mail.ord1d.rsapps.net (Dovecot) with LMTP id Y7YHI9Q8l1ojGgAAfY0hYg ; Wed, 28 Feb 2018 18:35:48 -0500 Received: from smtp38.gate.iad3a ([172.27.255.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy20.mail.iad3a.rsapps.net with LMTP id UPLEINQ8l1pePAAAtfLT2w ; Wed, 28 Feb 2018 18:35:48 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp38.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil; dis=none) header.from=karger.me X-Classification-ID: 1a36e330-1ce0-11e8-b7b4-525400000c92-1-1 Received: from [216.105.38.7] ([216.105.38.7:40942] helo=lists.sourceforge.net) by smtp38.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 99/7D-06411-3DC379A5; Wed, 28 Feb 2018 18:35:48 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1erBEJ-001tNJ-TW; Wed, 28 Feb 2018 23:33:47 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1erBEH-001tND-QY for openvpn-devel@lists.sourceforge.net; Wed, 28 Feb 2018 23:33:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=mJnykE6f1mlIac83lVvkY7lV8gAKrCoTG5Yer8yxjKk=; b=e/p5A8EVziRyedQT/gXoeQPrD9 GATPU5XCCMawNweVzhV8cWWMwgpGzmYXyEkT1FRlvla01oaxW/eeblduuoixXcKIEKKkM9KqzY1tW ard2TGyJ5wNpZPuegUPlB+sOJxWozYcgJ0V5izmqAB833Vzjc+XHxUwnnHBA5Iv5/FgI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=mJnykE6f1mlIac83lVvkY7lV8gAKrCoTG5Yer8yxjKk=; b=FOlWcJFuI/YPwyvDlnaVWQU/NA N/LkzOFR/t1Ybvz5J7bA4eJpsDzxfFr8TTDIMmkHV1oRd4ejcVmTMqxECarFZQBx28l5Z6CG6lDk6 e2X+RaeOahSmn5hgl7c/fk3L/YKdi4P+nqKns+nEfxLB57Bg1m7mJ2Q3yUijtHei58Jo=; Received: from sfi-lb-mx.v20.lw.sourceforge.com ([172.30.20.201] helo=mail-wm0-f66.google.com) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) id 1erBED-00Alng-F4 for openvpn-devel@lists.sourceforge.net; Wed, 28 Feb 2018 23:33:45 +0000 Received: by mail-wm0-f66.google.com with SMTP id 139so8259034wmn.2 for ; Wed, 28 Feb 2018 15:33:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=karger-me.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id; bh=mJnykE6f1mlIac83lVvkY7lV8gAKrCoTG5Yer8yxjKk=; b=BRxidUIYBvBvy8+eOwX//ndzww8Bvrt/HgFDdH9JA0Q6aHVf25TFP+6G2vpUuGyGZU EexjZqW35JzhaHdDadk4MGL+4oDAtzp5qAQJ08S0UdLwfqMhUbIUQFfnMI09Zgll9MRl 8RIXR4x9j21LFbAZ5iwUUxEzMLALHC2Xj6NBCIr0tVo6XSVFTxYUkcun23lEZ7QQCQf5 nk/3cfkLq/OTK85f6EUraIpeXj7GuX60EFikKQ6ziXtdslHdsUsfeqN3t93Yu64quRb+ wUAbo2uGUWP3YJHfNupXwbiPsDYmkbmXCCj2YwJ6I6bA2LWIocCNEBMp+sKckajtX2Hx Z1uQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=mJnykE6f1mlIac83lVvkY7lV8gAKrCoTG5Yer8yxjKk=; b=hROgoDhi/97VP5MsBBsAr1kIVba6eGVC40ve/gKrYel/0z/kzgpVh5AXrPJJwkGt8U TPGQbralc8sFiMFVHV02kw1WRy/HcMTLYFtirZLes3mtojeTYwMv8KZBGAKBs/km5bKt Be3zFtLKJ0ynaifRkZPVehx5TtfjB6iUa4TQ6O77UelRzgjwq7VsQ2Z0HTi+crspR0DX ARs8byfbsO9W8BijJJFSCaOTmza+SHcQb0d9juYmiI59/KPkzhNLEp46tz1/JsHdjY/7 MRWdzsywK/c5PXO8fMoaD0Ih87415H2X1aQJ90yfHCuvx9CLas2/kQT2r1AuEX1GUsBC 3t9Q== X-Gm-Message-State: APf1xPAidDtiPFvDTH98uuHHcACe6TqeU9gxbt6/bRkRnfbaEC3A2pwj U+ZZa73isZM4gAYmyAzZ/yMSwNlNb/c= X-Google-Smtp-Source: AG47ELuZNfQLozEL8AkloyJER8VYaqZudXMjzQIbgjQChvW2iXsafuX+InZ85pUYNJW0tpk2GM7GcA== X-Received: by 10.80.208.195 with SMTP id g3mr218679edf.63.1519859489590; Wed, 28 Feb 2018 15:11:29 -0800 (PST) Received: from vesta.fritz.box ([2001:985:e54:1:e430:53:d2c1:4030]) by smtp.gmail.com with ESMTPSA id v34sm2827637edm.91.2018.02.28.15.11.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 28 Feb 2018 15:11:28 -0800 (PST) From: Steffan Karger To: openvpn-devel@lists.sourceforge.net Date: Thu, 1 Mar 2018 00:11:23 +0100 Message-Id: <20180228231123.27782-1-steffan@karger.me> X-Mailer: git-send-email 2.14.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1erBED-00Alng-F4 Subject: [Openvpn-devel] [PATCH] Add a warning that we do not officially support LibreSSL X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox As discussed in the community meeting of 13-12-2017, we should warn our users that LibreSSL is not officially supported. We expect that it currently works, but it might suddenly break or we might decide to no longer build against LibreSSL in the future. There seem to be ongoing efforts to make LibreSSL compatible with the OpenSSL 1.1 API. If they truly do that, it might also keep working. For now, make sure people understand we do not really support LibreSSL. Signed-off-by: Steffan Karger --- src/openvpn/options.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 41a42cf2..36d67b0f 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -2949,6 +2949,11 @@ options_postprocess_mutate_invariant(struct options *options) static void options_postprocess_verify(const struct options *o) { +#ifdef LIBRESSL_VERSION_NUMBER + msg(M_WARN, "WARNING: This OpenVPN was built against LibreSSL. " + "This might work, but is *not* supported and can break at any time.") +#endif + if (o->connection_list) { int i;