Hi, On Wed, 2018-02-14 at 14:24 +0100, ummeegge wrote: > Hi Michael, > > Am Mittwoch, den 14.02.2018, 12:22 +0000 schrieb Michael Tremer: > > > > > What other steps are urgently necessary that we can roll out > > > > OpenVPN > > > > 2.4? Are the CGI changes necessary or new features? > > > > > > there is the need to make the changes for '--script-security' and > > > to > > > add '--ncp-disable' in ovpnmain.cgi. > > > > Okay. I will wait with merging OpenSSL until we have this sorted. > > Have send the forgotten AES-GCM patch --> https://lists.ipfire.org/pipe > rmail/development/2018-February/004063.html would you merge it to > openssl-11 if the review is OK, i would pull the chnages then and > prepare/send the last ovpnmain.cgi patch ? You can work on the other patches independently from this one. > > > > > > > > Also the integration of the directives via update.sh for the core > > > update needs to be made since a server stop|start do not includes > > > the > > > changes into server.conf. > > > > And this, too. > > Since there is currently no config/rootfiles/core/config/rootfiles/core > directory for openssl-11 should i make one for core 119 (or 120 ?) and > add there the commands in update.sh ? Please provide that in an extra script. I do not know when this will land in a Core Update. > > > > > > > > So there are two steps left for a roll out of a 2.4 minimum > > > version. > > > Should i send this in two patches or better in one ? > > > > Please try this in two patches. > > No problem if i am clear about the quest above. > > > > > > > > > In which core update should this be delivered ? > > > > I am not sure, yet. 119 would have been good, but we already have a > > lot in there > > and I think we should not delay this too much. But 120 at the latest. > > > > It is really important that we get the latest OpenSSL out there as > > soon as > > possible. > > Have successfully installed yesterday an IPFire ISO with OpenSSL-1.1.0g > i think the last changes from commit > 59d77d2eae265304887408b1d36074269f6075a4 > did it :D . Great work Michael. Two more commits and from the OpenVPN > side all should be for the first OK. After that i would step then into > testing mode... > > Greetings, > > Erik