I'm facing an issue with Netgear (Case #24518893) and OpenVPN (ticket/502) where the connection would fail with the "SSL3_GET_RECORD:bad decompression" error message. Google search shown that there are a lot of people having the same issue with different products as well (nginx, apache, ruby etc). Apparently, the root cost is in zlib and openssl incapability. It was also not possible to disable SSL_OP_NO_COMPRESSION in openssl:0.9.8. I've filed upstream bugs for both Netgear and OpenVPN and created a patch. OpenVPN devs seems ready to accept the patch (or will simply disable SSL compression). For more details, see the following bug report: https://community.openvpn.net/openvpn/ticket/502 While it is work in progress, it's not clear how long will it take for upstream to fix the issue and release a new version. So I suggest to accept the patch now.
Due to the sensitive nature of OpenVPN and the maintenance burden, I don't really want to take patches that have not been approved by upstream. Please try to convince the upstream maintainers, then I will be happy to update the ebuild.
The upstream has agreed, so it's just a matter of time. However, the patch might be different so I fully understand your concerns. You consider adding "epatch_user" so affected users would be able to fix it themselves while the upstream bug report is pending.
The upstream bug report has been resolved. Here is the link to the patch: https://community.openvpn.net/openvpn/changeset/5d5233778868ddd568140c394adfcfc8e3453245/ Feel free to accepted it.
Yup, I've been monitoring the upstream bug report. I'll attempt to backport the patch some time this week, as I have time.
Created attachment 396594 [details, diff] Disable SSL compression patch Basically, they have accepted my patch (without debug log line). Should take 3min to "backport" it. It's just 3 lines of code ;-) Thanks.
Committed in 2.3.6-r2, thanks!