From patchwork Wed Dec 17 13:07:38 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gert Doering <gert@greenie.muc.de>
X-Patchwork-Id: 4690
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7001:2045:b0:7b1:439f:bdf with SMTP id pr5csp94747mab;
        Wed, 17 Dec 2025 05:08:02 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCU90jgGZXUC9aIwtemV5W4HPA3D6JMM1nTNyAoKVAf/ksdEAw4MM0cDJ0pkTuiF//pBMBeMZKlqBpk=@openvpn.net
X-Google-Smtp-Source: 
 AGHT+IFKkqkIwJJKeOO8lLg3R0xkY1ptFRZHn479UgqfpIaIHtQDpxPSspJ3K1Iw91TUFo3Zfr+s
X-Received: by 2002:a05:6870:1704:b0:3ea:d0d1:bb06 with SMTP id
 586e51a60fabf-3f5f88f6210mr8054319fac.34.1765976882772;
        Wed, 17 Dec 2025 05:08:02 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1765976882; cv=none;
        d=google.com; s=arc-20240605;
        b=eIonXf1YrtScYJillMs6phJ9XICJC+gcGxwh6IEmSaNGRB5w1PhrBQtr5LOMBT8fld
         l8OJTvhKcAILuPoZ+Z64yn5xIf19K7tc5aaat0YeEUJfUzkp5kXOY7w17Gma+jkitoZ1
         VzTqCDtw6TtJx51uTi0EEdtYGI8b68AvpmHf6RTCrg3hjclZYi6CqyRsi2TB5BM96R6p
         yh3b316XF22rZ4sRxIleEWlxQiWDZ2xM6OSGO7i7Np7qMmnQ29Gv11YTtR+jGYjvon9s
         pUZkEzvVS8phPbJhcnEoixxO3EBTfvkbS3xT7oI4mjezg1zuqTUjGMNgLeVRB0peuBWj
         9VhQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=errors-to:content-transfer-encoding:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
         :mime-version:references:in-reply-to:message-id:date:to:from
         :dkim-signature:dkim-signature:dkim-signature;
        bh=aux3bJO9fmgpz894qbzSfWIlIXnF650H2sHIGm/9vAo=;
        fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
        b=RtDjNRCdFL2CoYTKUNc/yihGZGn+E2JPSCI6iPyxywbE/Os8CQ3q7fENb/ZGtil5dU
         rmI5JSan+RLZUIdGu15azXonZpq4Wx8rCbpW/MzGTPhhmYRCqaK3LScEwMnCpLrcBaE3
         m/AmCAYi4/BAGgIo8J7SKLanB9aOZCr45vH5O8devnwivR8PRjk3YEagMZx3eQlSpVCD
         zIRMsZ1/qRD6twyDxQ3a1NODhqr37orb2DM0ienmmaHtFGSBft27lB+rP6RaaTtlk2Nb
         PUPWvObNg8ThDDC/NUdf2HaaSxb6vrKmHo++d7h7lqz0qRR+8b/FMHOgazCqVSkGjqXC
         dNXQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=bei4y04n;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=JpAmFLIT;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=ZnsEkbsQ;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
        by mx.google.com with ESMTPS id
 586e51a60fabf-3f9dc1036a8si4163394fac.141.2025.12.17.05.08.02
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Wed, 17 Dec 2025 05:08:02 -0800 (PST)
Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@lists.sourceforge.net header.s=beta
 header.b=bei4y04n;
       dkim=neutral (body hash did not verify) header.i=@sourceforge.net
 header.s=x header.b=JpAmFLIT;
       dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
 header.b=ZnsEkbsQ;
       spf=pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
	List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
	Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
	Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	bh=aux3bJO9fmgpz894qbzSfWIlIXnF650H2sHIGm/9vAo=; b=bei4y04nzrwIKidikr8wC1rn4C
	qVlk1RODf+xjP/rXtCsq+zuEqlUfK9GoaPM/7Ldn1urSkmJPZaeRUHadpetOS/tEd7/xvV5C1aDcK
	lJaCMzqofYlPWzmu2Gxqa8EtoZcNJMkQGfJqjetUnSYyQRQFNIupZ+90Px+m9bOayQEo=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
	by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
	(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
	id 1vVrG3-0000zs-Im;
	Wed, 17 Dec 2025 13:07:59 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
 by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
 (envelope-from <gert@blue4.greenie.muc.de>) id 1vVrG1-0000zm-1x
 for openvpn-devel@lists.sourceforge.net;
 Wed, 17 Dec 2025 13:07:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
 In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
 Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
 Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
 List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=SvfGYGvI/2EYG6AVsew3lU6tFz6tBYBVHebm+Pbjk4g=; b=JpAmFLITCZPvgVPh992qikCNGt
 +mCxE4T5sCAo9IUU+BdSWyl1MFeIs4EdmcFOk4A+fis9AeghpW486Zhi1SO6/CRXgsIckMeJV4jC+
 S+mAjp2UpxRJ4dvVTkmAwYN02nv0z3u8RRVyh5oK2BUS+FIr2H5x3lDTXKXeVJMXzOAU=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
 ;
 h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
 Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=SvfGYGvI/2EYG6AVsew3lU6tFz6tBYBVHebm+Pbjk4g=; b=ZnsEkbsQDC8kJVD8cbFUrUAliq
 7NtoNqdszRCBbauTojQv9t0rcoJvMvdW/KjzsVFL4Ty1ZO+Yt9wTHKIr9vbqC2D98YI0WFRb95Dmz
 1WL9pktx1bw3xrr7rtuugdGLiXCo7cHcwAz+t4/9OIwVy6+3GjK+CAw8A7ba6kLoElTA=;
Received: from [193.149.48.134] (helo=blue.greenie.muc.de)
 by sfi-mx-2.v28.lw.sourceforge.com with esmtps
 (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
 id 1vVrFz-00040a-TE for openvpn-devel@lists.sourceforge.net;
 Wed, 17 Dec 2025 13:07:56 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
 by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5BHD7h0v028802
 for <openvpn-devel@lists.sourceforge.net>; Wed, 17 Dec 2025 14:07:43 +0100
Received: (from gert@localhost)
 by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5BHD7hmN028801
 for openvpn-devel@lists.sourceforge.net; Wed, 17 Dec 2025 14:07:43 +0100
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Wed, 17 Dec 2025 14:07:38 +0100
Message-ID: <20251217130743.28786-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.51.2
In-Reply-To: 
 <gerrit.1765973388000.I47fc0dc93a7ed6b71feb611194cee02a81d91769@gerrit.openvpn.net>
References: 
 <gerrit.1765973388000.I47fc0dc93a7ed6b71feb611194cee02a81d91769@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
 running on the system "sfi-spamd-1.hosts.colo.sdot.me",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: From: Arne Schwabe <arne@rfc2549.org> Normally when wolfSSL
 is compiled with --enable-openvpn it reports an OpenSSL version before 1.1.0.
 When compiled normally it reports an OpenSSL version higher than this.
 Content analysis details:   (1.3 points, 5.0 required)
 pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1vVrFz-00040a-TE
Subject: [Openvpn-devel] [PATCH v1] Ensure wolfSSL uses old pre 1.1.0
 OpenSSL path for getting ciphers
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive: 
 <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
 <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1851760976196521004?=
X-GMAIL-MSGID: =?utf-8?q?1851760976196521004?=

From: Arne Schwabe <arne@rfc2549.org>

Normally when wolfSSL is compiled with --enable-openvpn it reports an
OpenSSL version before 1.1.0. When compiled normally it reports an
OpenSSL version higher than this.

So explicitly check for wolfSSL instead of relying on its OpenSSL version
trickery.

Change-Id: I47fc0dc93a7ed6b71feb611194cee02a81d91769
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1448
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 48bbdfc..35b75eb 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2547,7 +2547,7 @@
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC)
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL || defined(OPENSSL_IS_AWSLC) || defined(ENABLE_CRYPTO_WOLFSSL)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);