diff options
author | Arne Schwabe | 2021-03-16 13:44:21 +0100 |
---|---|---|
committer | Gert Doering | 2021-03-18 10:32:20 +0100 |
commit | 4524feb2bbbb6d1bd463a0c5c2d53aae5bdf360a (patch) | |
tree | 1763f8b13c90f32d973e89fa287906878df977b4 /configure.ac | |
parent | 24596b258aa3a9c0bd79e7e7bd4753c48a435408 (diff) | |
download | openvpn-4524feb2bbbb6d1bd463a0c5c2d53aae5bdf360a.zip openvpn-4524feb2bbbb6d1bd463a0c5c2d53aae5bdf360a.tar.gz |
Avoid generating unecessary mbed debug messages
The main motivation to make this change is to avoid a crash in mbed TLS
2.25 with --verb < 8.
mbed TLS 2.25 has a nasty bug that the print function for Montgomery style
EC curves (Curve25519 and Curve448) does segfault. See also the issue
reported here: https://github.com/ARMmbed/mbedtls/issues/4208
We request always debug level 3 from mbed TLS but filter out any debug
output of level 3 unless verb 8 or higher is set. This commeit sets
the debug level to 2 to avoid this problem by makeing mbed TLS not
generatin the problematic debug output.
For the affected version to still use --verb 8 with mbed TLS 2.25 is to
restrict the EC groups to ones that do not crash the print function
like with '--tls-groups secp521r1:secp384r1:secp256r1'.
This patch has no patch on user-visible behaviour on unaffected mbed TLS
versions.
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Patch V2: Replace magic constant with proper define. Highlight more this
avoding generating unessary debug output than crash workaround.
Acked-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20210316124421.1635-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21667.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'configure.ac')
0 files changed, 0 insertions, 0 deletions