Hi,
On Wed, 2018-02-14 at 14:24 +0100, ummeegge wrote:
Hi Michael,
Am Mittwoch, den 14.02.2018, 12:22 +0000 schrieb Michael Tremer:
What other steps are urgently necessary that we can roll out OpenVPN 2.4? Are the CGI changes necessary or new features?
there is the need to make the changes for '--script-security' and to add '--ncp-disable' in ovpnmain.cgi.
Okay. I will wait with merging OpenSSL until we have this sorted.
Have send the forgotten AES-GCM patch --> https://lists.ipfire.org/pipe rmail/development/2018-February/004063.html would you merge it to openssl-11 if the review is OK, i would pull the chnages then and prepare/send the last ovpnmain.cgi patch ?
You can work on the other patches independently from this one.
Also the integration of the directives via update.sh for the core update needs to be made since a server stop|start do not includes the changes into server.conf.
And this, too.
Since there is currently no config/rootfiles/core/config/rootfiles/core directory for openssl-11 should i make one for core 119 (or 120 ?) and add there the commands in update.sh ?
Please provide that in an extra script. I do not know when this will land in a Core Update.
So there are two steps left for a roll out of a 2.4 minimum version. Should i send this in two patches or better in one ?
Please try this in two patches.
No problem if i am clear about the quest above.
In which core update should this be delivered ?
I am not sure, yet. 119 would have been good, but we already have a lot in there and I think we should not delay this too much. But 120 at the latest.
It is really important that we get the latest OpenSSL out there as soon as possible.
Have successfully installed yesterday an IPFire ISO with OpenSSL-1.1.0g i think the last changes from commit 59d77d2eae265304887408b1d36074269f6075a4 did it :D . Great work Michael. Two more commits and from the OpenVPN side all should be for the first OK. After that i would step then into testing mode...
Greetings,
Erik