summaryrefslogtreecommitdiff
path: root/debian/patches/fix-openssl-error.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/fix-openssl-error.patch')
-rw-r--r--debian/patches/fix-openssl-error.patch51
1 files changed, 0 insertions, 51 deletions
diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch
deleted file mode 100644
index 566d7e6..0000000
--- a/debian/patches/fix-openssl-error.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-In the corner case that the global OpenSSL has an invalid command like
-
- MinProtocol = TLSv1.0
-
-(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct)
-
-the SSL_ctx_new function leaves the errors for parsing the config file
-on the stack.
-
-OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
-
-Since the later functions, especially the one of loading the
-certificates expected a clean error this error got reported at the
-wrong place.
-
-Print the warnings with crypto_msg when we detect that we are in this
-situation (this also clears the stack).
----
- src/openvpn/ssl_openssl.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 5955c6bd..555cbbdf 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS server context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
-@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS client context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
---
-2.26.0