Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. [PATCH] vpn-provider: Do not add unsupported configuration
(Daniel Wagner)
2. [PATCH] openvpn: Add --tls-auth option (Daniel Wagner)
----------------------------------------------------------------------
Message: 1
Date: Thu, 8 Aug 2019 08:41:03 +0200
From: Daniel Wagner <[email protected]>
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Subject: [PATCH] vpn-provider: Do not add unsupported configuration
Message-ID: <[email protected]>
Remove provider from the hash table if provider_probe() fails.
connman-vpn will crash when trying to add all connections to a D-Bus
message in append_connection_structs(). The not fully initilized
struct vpn_provider has no valid path for example.
Avoid this by undoing what the vpn_provider_get() function does.
---
vpn/vpn-provider.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/vpn/vpn-provider.c b/vpn/vpn-provider.c
index 29d93a41c4d5..ff4bab9a9df8 100644
--- a/vpn/vpn-provider.c
+++ b/vpn/vpn-provider.c
@@ -1787,6 +1787,13 @@ static struct vpn_provider *vpn_provider_get(const char
*identifier)
return provider;
}
+static void vpn_provider_put(const char *identifier)
+{
+ configuration_count_del();
+
+ g_hash_table_remove(provider_hash, identifier);
+}
+
static void provider_dbus_ident(char *ident)
{
int i, len = strlen(ident);
@@ -2151,8 +2158,6 @@ int __vpn_provider_create_from_config(GHashTable
*settings,
provider->config_file = g_strdup(config_ident);
provider->config_entry = g_strdup(config_entry);
- provider_register(provider);
-
provider_resolv_host_addr(provider);
}
@@ -2187,6 +2192,7 @@ int __vpn_provider_create_from_config(GHashTable
*settings,
return 0;
fail:
+ vpn_provider_put(ident);
g_free(ident);
g_slist_free_full(networks, free_route);
--
2.21.0
------------------------------
Message: 2
Date: Thu, 8 Aug 2019 10:12:18 +0200
From: Daniel Wagner <[email protected]>
To: [email protected]
Cc: Daniel Wagner <[email protected]>
Subject: [PATCH] openvpn: Add --tls-auth option
Message-ID: <[email protected]>
---
doc/vpn-config-format.txt | 5 +++++
vpn/plugins/openvpn.c | 1 +
2 files changed, 6 insertions(+)
diff --git a/doc/vpn-config-format.txt b/doc/vpn-config-format.txt
index 0bc62c08f19a..b9d37fa4196b 100644
--- a/doc/vpn-config-format.txt
+++ b/doc/vpn-config-format.txt
@@ -92,6 +92,11 @@ be contacted to supply the information.
OpenVPN 2.3+.
OpenVPN.TLSAuth sub-option of --tls-remote (O)
OpenVPN.TLSAuthDir sub-option of --tls-remote (O)
+ OpenVPN.TLSCipher --tls-cipher Add an additional layer of HMAC
+ authentication on top of the TLS
+ control channel to mitigate DoS
attacks
+ and attacks on the TLS stack. Static
+ key file given as parameter (0)
OpenVPN.Cipher --cipher Encrypt packets with cipher algorithm
given as parameter (O)
OpenVPN.Auth --auth Authenticate packets with HMAC using
diff --git a/vpn/plugins/openvpn.c b/vpn/plugins/openvpn.c
index f38c0c365ed1..4bdc4cd75932 100644
--- a/vpn/plugins/openvpn.c
+++ b/vpn/plugins/openvpn.c
@@ -67,6 +67,7 @@ struct {
{ "OpenVPN.TLSRemote", "--tls-remote", 1 },
{ "OpenVPN.TLSAuth", NULL, 1 },
{ "OpenVPN.TLSAuthDir", NULL, 1 },
+ { "OpenVPN.TLSCipher", "--tls-cipher", 1},
{ "OpenVPN.Cipher", "--cipher", 1 },
{ "OpenVPN.Auth", "--auth", 1 },
{ "OpenVPN.CompLZO", "--comp-lzo", 0 },
--
2.21.0
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 46, Issue 5
**************************************
