From mboxrd@z Thu Jan 1 00:00:00 1970 From: ummeegge To: development@lists.ipfire.org Subject: Re: [PATCH v2] CRL updater: Update script for OpenVPNs CRL Date: Wed, 14 Feb 2018 14:24:43 +0100 Message-ID: <1518614683.3543.14.camel@ipfire.org> In-Reply-To: <1518610937.2541.167.camel@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0053267909735878637==" List-Id: --===============0053267909735878637== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Hi Michael, Am Mittwoch, den 14.02.2018, 12:22 +0000 schrieb Michael Tremer: > > > What other steps are urgently necessary that we can roll out > > > OpenVPN > > > 2.4? Are the CGI changes necessary or new features? > > there is the need to make the changes for '--script-security' and > > to > > add '--ncp-disable' in ovpnmain.cgi.  > Okay. I will wait with merging OpenSSL until we have this sorted. Have send the forgotten AES-GCM patch --> https://lists.ipfire.org/pipe rmail/development/2018-February/004063.html would you merge it to openssl-11 if the review is OK, i would pull the chnages then and prepare/send the last ovpnmain.cgi patch ? > > > > > Also the integration of the directives via update.sh for the core > > update needs to be made since a server stop|start do not includes > > the > > changes into server.conf. > And this, too. Since there is currently no config/rootfiles/core/config/rootfiles/core directory for openssl-11 should i make one for core 119 (or 120 ?) and add there the commands in update.sh ? > > > > > So there are two steps left for a roll out of a 2.4 minimum > > version. > > Should i send this in two patches or better in one ? > Please try this in two patches. No problem if i am clear about the quest above. > > > > > In which core update should this be delivered ? > I am not sure, yet. 119 would have been good, but we already have a > lot in there > and I think we should not delay this too much. But 120 at the latest. > > It is really important that we get the latest OpenSSL out there as > soon as > possible. Have successfully installed yesterday an IPFire ISO with OpenSSL-1.1.0g i think the last changes from commit 59d77d2eae265304887408b1d36074269f6075a4 did it :D . Great work Michael. Two more commits and from the OpenVPN side all should be for the first OK. After that i would step then into testing mode... Greetings, Erik --===============0053267909735878637==--