| Message ID | 20260421055357.21708-1-gert@greenie.muc.de |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:66c6:b0:84a:48f:a1fd with SMTP id x6csp2105770mal;
Mon, 20 Apr 2026 22:54:22 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AFNElJ/NzGqyCk1uz94Z0G9nZiBfL5z/vc9G/2v4lfA72JqDsZewTO5/NxpqMyM8m16gzOHK3u9711HGCP4=@openvpn.net
X-Received: by 2002:a05:6820:810a:b0:682:ecb8:c3c with SMTP id
006d021491bc7-69462f09ee2mr9034807eaf.49.1776750862640;
Mon, 20 Apr 2026 22:54:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776750862; cv=none;
d=google.com; s=arc-20240605;
b=g9t0gddhueuTYtMFJ6PyMAhnwxUOtLxh/lIcfmuLdWugGvNgqj93sQMeb2igTKglFi
olG5oM/4rBmkkpQl3W1o01qQ/nyQvjCzol52W8SMB/SotX3bsUUksW/3WnNKywSR3CpC
zyt0bOxt5l4LCIrDbYtrLicf3NJngJk7uYQAV7zMJ1sbavTZ1I1qRaQy7EtoH7nEWlj8
+D/YOdS/UpGL1tUEOXe8ECJn92w2aWwGG4BTafHK3JRH/E/LXDcHKtmcJ2BWonaCQOwf
XoKzR9k1UcNCvxV+SmMc9Geb2JHWIk6TcyYc54Dhk9sVCch4Gwd5mAR3xGcoikk2Wvqz
ptPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=CwDuF+tUoK3mdQBYCo/eF6B2019QI2MbknbUWHXCZmo=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=SvQd1YtMXpwLS0ealC1g2c6nORMQJhSIz5pI5DrvSrDe3DjESKk9NbwRboXQUoSL3X
9sxQ6KfT1C73FYJ05JWnHNfsNySWZzV3T4lCCFmuBTtJxMc4wmhYMvh8vuVOxfsjBJyC
yEuHFYzyFKm64MXpXIokTNERl56j8LiELQqcjYi825mUzL9BELon2lENK/nFRafAp/+3
hUNAw5pK86YnIEgs2ZKf2KgiBNMaUuM+WgcMIzS9I1K6q0w5Mu4dSRgc2CMDK7lNOsSh
FONjIEHPyRPyVQh+YBMK1J3a3jM7KlyYQnYi5n4cBoy9ZfX8oDNzJ0rtqbmzL7bmhJAT
+iIg==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=FTjff1MK;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=BonpM2Pt;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=ivPh+oTw;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
006d021491bc7-69464fa70aesi7197109eaf.53.2026.04.20.22.54.22
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Mon, 20 Apr 2026 22:54:22 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=pass header.i=@lists.sourceforge.net header.s=beta
header.b=FTjff1MK;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=BonpM2Pt;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=ivPh+oTw;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type:
List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:
Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender:
Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
bh=CwDuF+tUoK3mdQBYCo/eF6B2019QI2MbknbUWHXCZmo=; b=FTjff1MK69Yk/oQNqds/TubCVh
OLSadJMajDE0dPMsgtsGK74lhLo5UaMyIQfWVfMUPidzaWz5m9PqPK2ae46AavUJtABcFaTnNOarp
onoukthk7q5QiDhTAL+BjANd4NagSgd1dLtFQfHKV5ndxRnoYiYt0v/jp049C2Mr9Oio=;
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1wF43p-0008Dx-8i;
Tue, 21 Apr 2026 05:54:13 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gert@blue4.greenie.muc.de>) id 1wF43n-0008Dp-GJ
for openvpn-devel@lists.sourceforge.net;
Tue, 21 Apr 2026 05:54:11 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=el/27+bL08SkMv3weXCkvRBoDOotZhvGL9oa9AMkm9U=; b=BonpM2PtZUnW6EAe7tSRcwtNqE
TKFLdn4AHSThu8+egzrLfM1D0W75CYOnhBT15Hk74/tfsVDmadZsOhfuu//cFrp3xdJGDk263pXmV
7oEtH6KydUAQXw5HRyPxMbnm/xsKA4qGAje4phfGMK1GNtXX3p9LWEmojOpLW73z9RdI=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID:
Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=el/27+bL08SkMv3weXCkvRBoDOotZhvGL9oa9AMkm9U=; b=ivPh+oTw0ph6uQvC77HicltbJd
xfXx1bRz/rZJa6jxNclcK3L/QCcVkSUYZWhSUVlPmqGbIPOO/r9pZ8Lb9F4FB4VpLL0WbLPkmab+n
NtPMaBWt3Y1MUpxdG8aP2S8QyurE4fIF3rKeVzBmW6xd6ykv5of/uErW6AdCuF6+qhHk=;
Received: from [193.149.48.129] (helo=blue.greenie.muc.de)
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1wF43m-00060u-DE for openvpn-devel@lists.sourceforge.net;
Tue, 21 Apr 2026 05:54:11 +0000
Received: from blue.greenie.muc.de (localhost [127.0.0.1])
by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 63L5rwW6021727
for <openvpn-devel@lists.sourceforge.net>; Tue, 21 Apr 2026 07:53:58 +0200
Received: (from gert@localhost)
by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 63L5rwRN021726
for openvpn-devel@lists.sourceforge.net; Tue, 21 Apr 2026 07:53:58 +0200
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 21 Apr 2026 07:53:50 +0200
Message-ID: <20260421055357.21708-1-gert@greenie.muc.de>
X-Mailer: git-send-email 2.52.0
In-Reply-To:
<gerrit.1776718304000.Ica5f37e525c3812609021750ecd3986c1420e2a4@gerrit.openvpn.net>
References:
<gerrit.1776718304000.Ica5f37e525c3812609021750ecd3986c1420e2a4@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: 1.3 (+)
X-Spam-Report: Spam detection software,
running on the system "sfi-spamd-2.hosts.colo.sdot.me",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Max Fillinger <maximilian.fillinger@sentyron.com>
Previously,
when no valid groups were specified with the tls-groups option, the Mbed
TLS build of OpenVPN would start up and run,
but fail to complete a handshake,
while the OpenSSL build would exit w [...]
Content analysis details: (1.3 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Headers-End: 1wF43m-00060u-DE
Subject: [Openvpn-devel] [PATCH v1] Mbed TLS: Error out if we have no valid
tls-groups
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1863058312304341484?=
X-GMAIL-MSGID: =?utf-8?q?1863058312304341484?=
|
| Series |
[Openvpn-devel,v1] Mbed TLS: Error out if we have no valid tls-groups
|
expand
|
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 85c771a..8a0f7d2 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -450,6 +450,12 @@ } } + /* Check if any groups were valid. */ + if (i == 0) + { + msg(M_FATAL, "Error: All groups in \"%s\" are invalid or unsupported.", groups); + } + /* Recent mbedtls versions state that the list of groups must be terminated * with 0. Older versions state that it must be terminated with MBEDTLS_ECP_DP_NONE * which is also 0, so this works either way. */