diff mbox series

[Openvpn-devel,v1] Ensure wolfSSL uses old pre 1.1.0 OpenSSL path for getting ciphers

Message ID 20251217130743.28786-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v1] Ensure wolfSSL uses old pre 1.1.0 OpenSSL path for getting ciphers | expand

Commit Message

Gert Doering Dec. 17, 2025, 1:07 p.m. UTC 
From: Arne Schwabe <arne@rfc2549.org>

Normally when wolfSSL is compiled with --enable-openvpn it reports an
OpenSSL version before 1.1.0. When compiled normally it reports an
OpenSSL version higher than this.

So explicitly check for wolfSSL instead of relying on its OpenSSL version
trickery.

Change-Id: I47fc0dc93a7ed6b71feb611194cee02a81d91769
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Dec. 18, 2025, 10:30 a.m. UTC | #1 
While I could care less about tending for WolfSSL oddities, Arne does,
and the FreeBSD people do, and this is quite a reasonable way to approach
their... creative... handling of OPENSSL_VERSION_NUMBER.

I have not tested this, and we currently do not have GHA or BB tests
for WolfSSL.  I guess giving them more attention would warrant adding
at least some basic builds + "make check"...

Your patch has been applied to the master branch.

commit ab5887cfbd3654774cdabe03fb1f98195dcf8b6d
Author: Arne Schwabe
Date:   Wed Dec 17 14:07:38 2025 +0100

     Ensure wolfSSL uses old pre 1.1.0 OpenSSL path for getting ciphers

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
     Message-Id: <20251217130743.28786-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35127.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 48bbdfc..35b75eb 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2547,7 +2547,7 @@ 
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC) || defined(ENABLE_CRYPTO_WOLFSSL)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);