openvpn: update to 2.7.2 by sanderpqr · Pull Request #29216 · openwrt/packages

sanderpqr · 2026-04-24T00:00:14Z

📦 Package Details

Maintainer: @zhaojh329 @commodo

Description:
Update OpenVPN to 2.7.2

For changes, see:
https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst

🧪 Run Testing Details

OpenWrt Version: main
OpenWrt Target/Subtarget: filogic
OpenWrt Device: Cudy TR3000

✅ Formalities

I have reviewed the CONTRIBUTING.md file for detailed contributing guidelines.

commodo · 2026-04-24T12:12:48Z

Error is

2026-04-24T11:52:44.6272028Z ssl_openssl.c: In function 'cert_verify_callback':
2026-04-24T11:52:44.6273876Z ssl_openssl.c:321:5: error: implicit declaration of function 'X509_STORE_CTX_set0_crls'; did you mean 'X509_STORE_CTX_get0_cert'? [-Wimplicit-function-declaration]
2026-04-24T11:52:44.6275528Z   321 |     X509_STORE_CTX_set0_crls(ctx, session->opt->ssl_ctx->crls);
2026-04-24T11:52:44.6276549Z       |     ^~~~~~~~~~~~~~~~~~~~~~~~
2026-04-24T11:52:44.6277119Z       |     X509_STORE_CTX_get0_cert
2026-04-24T11:52:44.6287431Z ssl_openssl.c: In function 'tls_ctx_set_options':
2026-04-24T11:52:44.6288618Z ssl_openssl.c:343:35: warning: conversion from 'uint64_t' {aka 'long long unsigned int'} to 'long int' may change value [-Wconversion]
2026-04-24T11:52:44.6289834Z   343 |     SSL_CTX_set_options(ctx->ctx, sslopt);
2026-04-24T11:52:44.6290533Z       |                                   ^~~~~~

LGA1150 · 2026-04-24T13:52:27Z

The patch should be restored, unless openwrt/openwrt#23072 is merged. @commodo

Update OpenVPN to 2.7.2 For changes, see: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst Signed-off-by: Sander van Deijck <sander@vandeijck.com>

LGA1150 · 2026-04-25T08:59:45Z

Still the same error.
git blame shows that the new API is introduced by OpenVPN/openvpn@0588668.

Related issue: wolfSSL/wolfssl#10309

LGA1150 · 2026-04-25T09:19:22Z

WolfSSL is not officially supported by OpenVPN. Since WolfSSL is not OpenWrt's default SSL library, I suggest either drop the variant or wait for WolfSSL to keep up. Your thoughts?

LGA1150 · 2026-04-25T09:54:20Z

Reverting OpenVPN/openvpn@0588668 and OpenVPN/openvpn@c3dd2ab fixes the build.

sanderpqr · 2026-04-25T16:48:48Z

WolfSSL is not officially supported by OpenVPN. Since WolfSSL is not OpenWrt's default SSL library, I suggest either drop the variant or wait for WolfSSL to keep up. Your thoughts?

Why is OpenWrt still supporting wolfSSL at all? It was selected as default in 19.07 (I think, or was it 18.06?), but then switched back to MbedTLS due to wolfSSL's lack of a long-term support (LTS) release and its unstable ABI, which causes packages relying on it to break during minor updates.

sanderpqr · 2026-04-26T20:09:57Z

I think this should fix it? wolfSSL/wolfssl@b9514e7

LGA1150 · 2026-04-27T05:47:50Z

I think this should fix it? wolfSSL/wolfssl@b9514e7

This fixed another issue, but not related to the one I mentioned.

sanderpqr · 2026-04-28T11:38:38Z

OpenVPN 2.7.3 has been released, so I'm closing this. I'll create a new PR later

sanderpqr force-pushed the openvpn272 branch from fcdd878 to dc443bd Compare April 24, 2026 00:10

LGA1150 reviewed Apr 24, 2026

View reviewed changes

Comment thread net/openvpn/patches/101-Revert-ssl_verify_openssl-use-official-ASN1_STRING_-.patch Outdated

sanderpqr force-pushed the openvpn272 branch from dc443bd to a0e6dd8 Compare April 24, 2026 07:32

commodo approved these changes Apr 24, 2026

View reviewed changes

openvpn: update to 2.7.2

0ae343f

Update OpenVPN to 2.7.2 For changes, see: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst Signed-off-by: Sander van Deijck <sander@vandeijck.com>

commodo force-pushed the openvpn272 branch from a0e6dd8 to 0ae343f Compare April 25, 2026 05:30

sanderpqr marked this pull request as draft April 26, 2026 22:44

sanderpqr closed this Apr 28, 2026

sanderpqr deleted the openvpn272 branch April 28, 2026 11:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

openvpn: update to 2.7.2#29216

openvpn: update to 2.7.2#29216
sanderpqr wants to merge 1 commit intoopenwrt:masterfrom
sanderpqr:openvpn272

sanderpqr commented Apr 24, 2026

Uh oh!

Uh oh!

commodo commented Apr 24, 2026

Uh oh!

LGA1150 commented Apr 24, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

sanderpqr commented Apr 25, 2026

Uh oh!

sanderpqr commented Apr 26, 2026

Uh oh!

LGA1150 commented Apr 27, 2026

Uh oh!

sanderpqr commented Apr 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

sanderpqr commented Apr 24, 2026

📦 Package Details

🧪 Run Testing Details

✅ Formalities

Uh oh!

Uh oh!

commodo commented Apr 24, 2026

Uh oh!

LGA1150 commented Apr 24, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

LGA1150 commented Apr 25, 2026

Uh oh!

sanderpqr commented Apr 25, 2026

Uh oh!

sanderpqr commented Apr 26, 2026

Uh oh!

LGA1150 commented Apr 27, 2026

Uh oh!

sanderpqr commented Apr 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants