Hi, Here's the summary of the previous IRC meeting / sprint.
--- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday 8th Sep 2011 Time: 18:00 UTC Planned meeting topics for this meeting were on this page: <https://community.openvpn.net/openvpn/wiki/Topics-2011-09-08> Next meeting will be announced in advance, but will probably be on the same weekday and at the same time. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/worldclock> or with $ date -u SUMMARY andj, d457k, krzee, jamesyonan, mattock and uuuppz participated in this meeting. -- Discussed the "Fix warnings in event.c when building for win32-64" patch: <http://thread.gmane.org/gmane.network.openvpn.devel/4941> Although %p is not a standard printf feature, this patch only affects Windows where %p is guaranteed to be available. Therefore jamesyonan and andj gave this patch an ACK. For further details, see: <http://stackoverflow.com/questions/2369541/where-is-p-useful-with-printf> -- Discussed the "Remove wrapper code for Windows CryptoAPI function" patch: <http://thread.gmane.org/gmane.network.openvpn.devel/4937> Jamesyonan gave this patch an ACK. -- Discussed the "Better --auto-proxy support for Windows" patchset: <http://thread.gmane.org/gmane.network.openvpn.devel/4927> Suggested the following modifications: Patch [1/3]: Add MinGW WinHTTP compatibility layer - Make use of import libraries: <http://www.mingw.org/wiki/CreateImportLibraries> Patch [2/3]: Do automatic proxy detection on Windows right... Patch [3/3]: Query auto-proxy information when connecting... - Verify that these patches play well with existing functionality: - PROXY queries from the management interface - http-proxy-fallback option - http-proxy-override option -- Discussed Adriaan's (andj's) PolarSSL patches. All remaining "SSL library separation" patches were reviewed and ACKed. The full status of the PolarSSL patchset before and after the meeting: <https://community.openvpn.net/openvpn/wiki/PolarSSLintegration?version=54> <https://community.openvpn.net/openvpn/wiki/PolarSSLintegration?version=60> If you have any comments regarding any of the patches (or ACKs) please chime in. If there are no complaints, the ACKed patches will be merged to the main Git repository soon. It will probably take 1-2 IRC sprints to go through the remaining PolarSSL patches. --- Full chatlog as an attachment -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
andj 21:02:36 evening mattock 21:02:38 so, I can finally start creating proper Windows snapshots hi jamesyonan 21:02:39 jamesyonan 21:02:49 hi mattock 21:02:51 https://community.openvpn.net/openvpn/wiki/Topics-2011-09-08 vpnHelper 21:02:52 Title: Topics-2011-09-08 â OpenVPN Community (at community.openvpn.net) mattock 21:03:50 dazo suggested starting with d12fk's patches (on top) andj 21:04:08 cool mattock 21:04:11 d12fk: there? d457k 21:04:52 jepp mattock 21:05:07 ah, d457k atm jamesyonan: can you take a look at http://thread.gmane.org/gmane.network.openvpn.devel/4941 21:05:23 vpnHelper 21:05:26 Title: Gmane Loom (at thread.gmane.org) d457k 21:05:34 yes, i'm still in the process of moving to a bouncer =) andj 21:07:48 don't see a problem with that patch on gcc, but not sure what other compilers do with %p d457k 21:08:16 %p is a windows feature so there souldn't be problems andj 21:08:32 ok jamesyonan 21:08:35 yeah, I'm wondering that as well -- is %p a printf standard? d457k 21:08:35 of the c runtime to be precise no but a common extension 21:08:46 however the code is windows only 21:08:55 i think %p is sus or s.th. similar 21:09:19 iso doesn't have it 21:09:40 andj 21:10:04 for what it's worth: http://stackoverflow.com/questions/2369541/where-is-p-useful-with-printf vpnHelper 21:10:05 Title: c++ - Where is `%p` useful with printf? - Stack Overflow (at stackoverflow.com) jamesyonan 21:10:27 does glibc support it? andj 21:10:44 it seems to be common jamesyonan: yes 21:11:15 d457k 21:11:16 jamesyonan: yes andj 21:11:20 lol well timed 21:11:22 d457k 21:11:34 yeah andj 21:12:19 so ack jamesyonan 21:12:34 I don't see %p mentioned on the Mac OS X manpage for printf but I see it for Linux 21:12:44 d457k 21:13:54 jamesyonan: teh code is within #ifdef win32 andj 21:14:15 http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man3/printf.3.html vpnHelper 21:14:16 Title: Loading (at developer.apple.com) andj 21:14:28 p The void * pointer argument is printed in hexadecimal (as if by `%#x' or `%#lx'). so it should be ok 21:14:40 jamesyonan 21:14:41 sure, that's fine then if it's windows-only andj 21:15:18 what's next? mattock 21:15:42 http://thread.gmane.org/gmane.network.openvpn.devel/4937 ? vpnHelper 21:15:44 Title: Gmane Loom (at thread.gmane.org) andj bows out 21:16 d457k 21:18:43 basically just the wrapper code removed since mingw supports it since several versions jamesyonan 21:18:52 sure, that looks fine mattock 21:19:02 nice! next one is: http://thread.gmane.org/gmane.network.openvpn.devel/4927 vpnHelper 21:19:05 Title: Gmane Loom (at thread.gmane.org) d457k 21:19:28 let's start with 1/3 during configure it's check if winhttp code compiles, is not the compat layer macro is defined 21:20:29 the macros themselfes caused concerns by some ppl 21:21:31 i of course don't see any probs =) 21:23:17 andj 21:25:47 not too familiar with this kind of code jamesyonan 21:26:04 Why do we have to add so much ugly code to deal with the fact that mingw is not up-to-date? Can't mingw be updated with latest windows headers? 21:26:32 d457k 21:26:33 mingw does not support winhttp at all so far jamesyonan 21:26:59 but isn't it just a library? d457k 21:27:33 yes, i've requested support, but it's not in sight jamesyonan 21:27:47 it seems that anything that can be loaded at run time with LoadLibrary can also be bound at link time d457k 21:28:23 iff you have the .lib and .h the lib on windows is there, but the link lib and headers are missing in mingw/unis cross-compile env 21:29:01 if we don't have the compat layer openvpn cannot be compiled in linux or with gcc/cygwin/msys on windows 21:30:40 jamesyonan 21:31:50 wouldn't it be easier to add the right header to mingw for this library not sure how you do this with mingw, but in VC it would just be the C prototypes with declspec dllexport, and that would generate the .lib 21:33:11 d457k 21:33:27 haven't looked into mingw yet, I think it should be doable be someone. however it will take a while until that gets into distributions there's a .a for every .dll in mingw, guess gcc does have that feature 21:35:35 *not have 21:35:45 jamesyonan 21:36:38 why not just generate the .a as a part of the build process when using mingw uuuppz 21:36:39 who is the primary user for the mingw build? mattock 21:37:10 uuuppz: there are quite a few people using it, but we got no numbers jamesyonan 21:37:19 that keeps the LoadLibrary ugliness (and possible security issues) out of the OpenVPN code d457k 21:37:22 i'm one of them mattock 21:37:42 d457k: is jamesyonan's solution ok for you? d457k 21:37:58 don't know how to do such an .a LoadLibrary is secure if you use full paths 21:38:30 uuuppz 21:38:52 http://www.mingw.org/wiki/CreateImportLibraries vpnHelper 21:38:53 Title: HOWTO Create an Import Library for a DLL using MinGW | MinGW (at www.mingw.org) d457k 21:40:13 cool, I'll look into it mattock 21:40:16 nice! next one? 21:40:19 d457k 21:40:23 yes mattock 21:40:49 http://thread.gmane.org/gmane.network.openvpn.devel/4927/focus=4929 vpnHelper 21:40:50 Title: Gmane Loom (at thread.gmane.org) mattock 21:42:00 no discussion on the ml it seems andj 21:42:29 + options->auto_proxy_info = get_proxy_settings ("https://openvpn.net";, &error, &options->gc); does that mean that openvpn.net is always chosen 21:42:39 as a reference? 21:42:50 jamesyonan 21:44:20 yeah, I don't understand why https://openvpn.net is in this code vpnHelper 21:44:22 Title: OpenVPN - Open Source VPN (at openvpn.net) mattock 21:45:02 leftover from testing? andj 21:45:23 I assumed it was to query proxy settings for reaching that url as opposed to a different, local one 21:45:38 d457k 21:45:43 no that will be resolved in 3/3 andj 21:45:50 ah, ok d457k 21:45:58 it's just temporary so to say the hostname/ip address of the actual server will be used then 21:46:27 mattock 21:46:45 pretty big patch, definitely needs testing... but besides that, does it look ok? andj 21:49:19 codewise I haven't got a problem with it, I just don't know the API, which means I don't know any weirdness with it mattock 21:49:50 jamesyonan: any thoughts? jamesyonan 21:50:23 does this patch have any interactions with management interface command http-proxy-fallback and >PROXY notifications? d457k 21:50:48 no just replaces the code query functionality however it could be that 3/3 introduces issues 21:51:18 jamesyonan 21:51:54 I'm concerned about breaking existing functionality d457k 21:52:27 it moves the time auto_proxy_info is queried to init whats http-proxy-fallback and >PROXY 21:52:50 we should look at 3/3 as well right now mattock 21:53:33 mattock 21:53:37 ok jamesyonan 21:53:47 http-proxy-fallback is a way to automatically fall back to using a proxy if a direct connection fails mattock 21:53:56 http://thread.gmane.org/gmane.network.openvpn.devel/4927/focus=4926 vpnHelper 21:53:58 Title: Gmane Loom (at thread.gmane.org) d457k 21:54:38 ok i'll investigate that and >PROXY? 21:54:44 http-proxy-fallback is not in the manual, is it? 21:55:52 jamesyonan 21:56:11 it may not be, it's a relatively new feature it's designed to allow the client that's driving the management interface to communicate the proxy info, but only if it's needed because a direct connection failed 21:56:59 andj 21:57:58 ack on 3/3 fwiw 21:58:02 d457k 21:58:28 but isn't that obsolete with wpad? where should the client get the info from if not from wpad or the IE settings? 21:58:58 what other itch does the feature scratch 21:59:43 uuuppz 22:00:13 well I can think of one issue..... jamesyonan 22:00:20 well it's a portability issue... uuuppz 22:00:21 if client is running as service its likely not to be running under the same user account 22:00:35 as the gui using the MI 22:00:39 afaik IE proxy settings are per user 22:00:51 might be wrong.... 22:01:05 jamesyonan 22:01:15 yes, that's an issue as well d457k 22:01:19 wpad is not per user and the code also queries the system proxy settings set via proxycfg also, with the interactive service openvpn will be running as the user 22:01:53 jamesyonan 22:01:54 it's basically (a) proxy detection is os-specific, and (b) may be user-specific as well d457k 22:02:16 os is an issue, ack uuuppz 22:02:17 imo tho in this case 22:02:19 for my GUI if I add proxy support - I would expect to pass the proxy as a CLI param. I should know this before I start the con. 22:02:44 (sorry not if, when, I promise I will !) 22:02:56 d457k 22:03:42 valid argument jamesyonan 22:03:54 well it's a performance issue -- it takes time to get proxy info via WPAD because multiple strategies need to be tried d457k 22:04:10 either you pass --auto-proxy or --http-proxy mattock 22:04:44 I think IE is/was doing tons of proxy auto-detection also, which makes/made startups really slow different strategies, that is 22:04:54 with timeouts 22:05:06 maybe it's using WPAD 22:05:19 andj 22:05:42 there's not much of a problem with a choice is there? either do it manually, or do it automatically? d457k 22:05:43 this can be disabled on a per connection basis, tho jamesyonan 22:05:46 yeah, but http-proxy-fallback is a more automatic solution because it only tries the proxy if direct connect fails so there's no WPAD-related startup overhead in the case where direct connect succeeds 22:05:47 andj 22:06:12 and auto should be pretty exhaustive from an end-user's standpoint d457k 22:06:34 in my test wpad did not take more than 2-3 sec. if it was not configured jamesyonan 22:06:51 andj: sure, just want to make sure that this patch plays well with the existing functionality d457k 22:06:58 and one the pac file was located and loaded it's unfortunately cached andj 22:07:31 jamesyonan: agree on not breaking the fallback option to try directly first d457k 22:08:00 yes I'll check out if it breaks that, wasn't aware of the functionality is it mgmt itf only? 22:08:09 jamesyonan 22:08:28 yeah d457k 22:08:35 how is it activated? or can you always pass the info 22:08:48 jamesyonan 22:10:00 the options http-proxy-fallback and http-proxy-override control it d457k 22:10:42 so you need both to be asked by ovpn via mgmt? jamesyonan 22:12:17 basically the MI sends a >PROXY notification if it needs proxy settings d457k 22:12:33 ok now i understand andj 22:13:07 so verify PROXY, http-proxy-fallback, and http-proxy-override during tests? for an ACK? 22:13:11 d457k 22:13:17 i think i should have stumbled over the feature if it would have been in the way but i'll verify until next week 22:13:31 jamesyonan 22:13:40 that sounds good d457k 22:14:34 ok so 1/3 with dlltool nad 2/3 & 3/3 need verification regarding fallback breakage be be back on the list regarding both 22:14:53 mattock 22:15:03 d457k: excellent! andj 22:15:11 cool mattock 22:15:16 shall we tackle a few SSL library separation patches: https://community.openvpn.net/openvpn/wiki/PolarSSLintegration#SSLlibraryseparation vpnHelper 22:15:18 Title: PolarSSLintegration â OpenVPN Community (at community.openvpn.net) andj 22:15:24 http://article.gmane.org/gmane.network.openvpn.devel/4957 ? vpnHelper 22:15:26 Title: Gmane -- Mail To News And Back Again (at article.gmane.org) mattock 22:15:30 not that many left, actually andj 22:15:36 seems relatively straightforward mattock 22:15:48 andj: the show is yours andj 22:15:54 to finish off the other patch queue, but Polar is cool too mattock 22:16:06 oh, we (=I) forgot one patch andj 22:16:08 ok: https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 vpnHelper 22:16:09 Title: Commit df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:16:13 almost got acked last week mattock 22:16:16 http://article.gmane.org/gmane.network.openvpn.devel/4957 vpnHelper 22:16:17 Title: Gmane -- Mail To News And Back Again (at article.gmane.org) andj 22:16:23 https://gist.github.com/1171353 vpnHelper 22:16:24 Title: andj's gist: 1171353 Gist (at gist.github.com) andj 22:16:33 However there was a question from dazo abot the code at line 56 of the gist 22:16:41 mattock 22:16:53 disregard my link above, let's tackle polarssl first andj 22:16:54 carefull consideration shows that the removed code is dead code since that function got called with "SSL_FILETYPE_PEM" 22:17:36 krzee 22:17:38 (RIP dead code) andj 22:17:41 hard coded d457k 22:18:37 i'm out guys thanks for the feedback 22:18:45 andj 22:18:50 thanks d457k mattock 22:19:06 bye! krzee 22:19:17 later d457k! jamesyonan 22:19:57 take care ok, so you're saying the line 56 code would never be called? 22:20:40 andj 22:20:58 it would never be called I think it got copy-pasted from the openssl code 22:21:16 but openvpn always uses PEM 22:21:32 jamesyonan 22:24:19 right, that makes sense andj 22:25:00 the other difference is that the late call to SSL_CTX_use_certificate_chain_file is gone and moved to the tls_ctx_load_cert_file() function 22:25:12 used to be: "SSL_CTX_use_certificate_file " is now "SSL_CTX_use_certificate_chain_file " 22:26:13 since that makes more sense to call directly, instead of waiting 22:26:30 was that an ack? or do you want to check the second point 22:27:57 jamesyonan 22:29:43 but isn't SSL_CTX_use_certificate_chain_file somewhat different than SSL_CTX_use_certificate_file? andj 22:30:19 yes, but if you use the former, in the original code using_file or something is set 22:30:46 and it's called anyway 22:30:49 which just overrides the previous choice 22:30:57 I remember asking about it on -devel at some point 22:31:06 https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8#L0L1998 22:31:25 vpnHelper 22:31:28 Title: Commit df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:31:36 and https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8#L0L2106 vpnHelper 22:31:37 Title: Commit df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:31:50 so the latter is just moved forward a little to ease the split in SSL library 22:32:01 to: https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8#L2R431 22:32:38 vpnHelper 22:32:39 Title: Commit df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:33:28 the non-chain version just doesn't load the chained CAs while the chained version does 22:33:34 which is the desired behaviour 22:33:41 otherwise you wouldn't be supplying a chain 22:33:56 jamesyonan 22:34:57 does this interact in any way with "extra-certs" option? andj 22:35:21 that's the next patch, or one of the next ones, let me get a link https://github.com/andj/openvpn-ssl-refactoring/commit/b5ceb7049dd57ac8e7fa05d542c479382a4ed1ed 22:35:50 vpnHelper 22:35:51 Title: Commit b5ceb7049dd57ac8e7fa05d542c479382a4ed1ed to andj/openvpn-ssl-refactoring - GitHub (at github.com) jamesyonan 22:36:39 re: chained vs. non-chained, shouldn't the cert file contain a singleton cert, and have intermediates necessary to build up the chain be in ca list? andj 22:37:12 it can be in the pem file as well, that's why the code at https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8#L0L2106 was there vpnHelper 22:37:13 Title: Commit df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:37:44 it's about the chain sent to remote, not the one used to verify anyway, to answer your earlier question about extra_certs 22:38:45 jamesyonan 22:38:53 right andj 22:39:00 those are loaded after the chain is loaded which should be fine 22:39:04 jamesyonan 22:39:56 some people use a different CA chain to sign servers vs. clients andj 22:40:08 that's still very much valid jamesyonan 22:40:13 cool mattock 22:40:18 ACK? jamesyonan 22:40:26 yes, ACK andj 22:40:42 next up is mgmt key loading mattock 22:40:44 andj: what exactly did we get ACKed? andj 22:40:46 https://github.com/andj/openvpn-ssl-refactoring/commit/2a5f084332fc7a619107513b17b2f4a3dc0c31b2 vpnHelper 22:40:48 Title: Commit 2a5f084332fc7a619107513b17b2f4a3dc0c31b2 to andj/openvpn-ssl-refactoring - GitHub (at github.com) mattock 22:40:49 so many links... andj 22:40:55 df9b63c5c0b mattock 22:40:57 ok andj 22:41:21 the gist is here https://gist.github.com/1171413 vpnHelper 22:41:23 Title: andj's gist: 1171413 Gist (at gist.github.com) andj 22:41:25 for the last one shows that not much canged 22:41:34 +c 22:41:38 +h even 22:41:40 just got moved 22:41:47 to the openssl-specific part 22:42:36 jamesyonan 22:44:51 is this to support management-external-key? andj 22:45:01 yes, that's it moves to the openssl-specific backend 22:45:13 jamesyonan 22:46:28 right, this is fine andj 22:46:43 ok, extra certs got ack'ed by dazo so: https://github.com/andj/openvpn-ssl-refactoring/commit/899913d235502a2a6bd754e368bbe5a782a83911 22:46:56 vpnHelper 22:46:58 Title: Commit 899913d235502a2a6bd754e368bbe5a782a83911 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:47:14 that moves the keystate ssl-specific stuff into an extra struct https://gist.github.com/1171454 22:47:14 vpnHelper 22:47:15 Title: andj's gist: 1171454 Gist (at gist.github.com) andj 22:47:26 not much difference, just a struct added if you look at the gist 22:47:32 the ks_ssl struct is library-specific 22:47:57 and contains the BIOs, or whatever $library uses 22:48:18 jamesyonan 22:50:35 where do configuration file boolean options end up? andj 22:51:07 in ssl_common.h see https://github.com/andj/openvpn-ssl-refactoring/commit/899913d235502a2a6bd754e368bbe5a782a83911#L3L45 22:51:21 vpnHelper 22:51:22 Title: Commit 899913d235502a2a6bd754e368bbe5a782a83911 to andj/openvpn-ssl-refactoring - GitHub (at github.com) jamesyonan 22:51:51 so this is just a pure refactor then? andj 22:51:53 they were copied there in an earlier patch yes 22:51:55 jamesyonan 22:52:05 looks fine to me andj 22:52:15 ok, same for the next patch: https://github.com/andj/openvpn-ssl-refactoring/commit/68adc0eff8f06eef9d98a4bd12eb36bcbfc62164 vpnHelper 22:52:16 Title: Commit 68adc0eff8f06eef9d98a4bd12eb36bcbfc62164 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:52:18 https://gist.github.com/1171458 vpnHelper 22:52:20 Title: andj's gist: 1171458 Gist (at gist.github.com) andj 22:52:26 does the same, but for init basically, just moves the key state init to the backend 22:53:07 jamesyonan 22:54:05 looks good andj 22:54:11 https://github.com/andj/openvpn-ssl-refactoring/commit/fc50119c1fe1b37cebc76913c66854bce103b68f vpnHelper 22:54:12 Title: Commit fc50119c1fe1b37cebc76913c66854bce103b68f to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 22:54:15 for the write functions https://gist.github.com/1140049 22:54:23 vpnHelper 22:54:24 Title: andj's gist: 1140049 Gist (at gist.github.com) andj 22:54:38 this is the actual refactor of the key state write 22:54:54 that's the wrong gist 22:56:24 oops 22:56:36 let me make a new one 22:56:59 mattock 22:57:17 I think I got so split soon, early wakeup tomorrow andj 22:57:34 almost there correct gist: https://gist.github.com/1140049 22:57:54 vpnHelper 22:57:56 Title: andj's gist: 1140049 Gist (at gist.github.com) andj 22:58:11 after this 1 more, and we have separation done oh wait, missed one 22:59:05 2 more after this 22:59:08 jamesyonan: still here, and on the correct gist now? 23:00:04 mattock 23:00:11 yeah, 2 jamesyonan 23:00:17 yes, I'm looking at it andj 23:01:35 ok, sorry, just checking that I wasn't wasting your time jamesyonan 23:02:51 why is it that struct tls_multi* multi is no longer passed to some of the functions, like bio_write? andj 23:03:14 wasn't used if I'm not mistaken yeah, it was passed straight to bio_write 23:04:06 and bio_write only used the ks_ssl parts of it 23:04:27 jamesyonan 23:04:51 yeah, I see andj 23:05:01 so it cleans up nicely bio stuff doesn't need to know about openvpn structs anyway 23:05:16 jamesyonan 23:07:12 this one looks fine andj 23:07:17 ok, read code: https://github.com/andj/openvpn-ssl-refactoring/commit/72e75b9776e7528a8e36671f8e5337a00aa840ba with gist at https://gist.github.com/1171480 vpnHelper 23:07:18 Title: Commit 72e75b9776e7528a8e36671f8e5337a00aa840ba to andj/openvpn-ssl-refactoring - GitHub (at github.com) mattock 23:08:32 second last andj 23:08:39 whee mattock 23:08:40 \o/ andj 23:08:40 jamesyonan 23:09:14 looks fine andj 23:09:26 https://github.com/andj/openvpn-ssl-refactoring/commit/7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77 vpnHelper 23:09:27 Title: Commit 7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 23:09:31 no gist that removes the ks and ks_lame macro's 23:09:39 since they weren't used everywhere 23:09:50 and confused the hell out of me at first 23:09:58 especially since they were undefed halfway through the file 23:10:15 this does the same thing, but makes it a little easier on the eyes 23:10:52 ok, a quick request: the next large patch is the PolarSSL addition one, the rest are just small bugfixes and such 23:12:54 could people have a look at the PolarSSL one in their spare time? 23:13:07 jamesyonan 23:13:16 sure that makes sense -- but why does the diff not show '-' for removed ks/ks_lame andj 23:13:23 I don't think a 2-hour session will cut it https://github.com/andj/openvpn-ssl-refactoring/commit/7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77#L0L2754 23:13:29 vpnHelper 23:13:30 Title: Commit 7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 23:13:50 it used to be a macro at that location 23:14:06 jamesyonan 23:14:38 ah, right -- yes, I agree that it's more clear to lose the macro andj 23:14:53 cool, that's it for OpenSSL separation thanks 23:14:55 mattock 23:14:58 nice! jamesyonan 23:14:59 great andj 23:15:20 next patch is the big one, but that's for another time and there's lots of small ones 23:15:33 jamesyonan 23:15:40 andj: BTW, what is the code size difference between OpenSSL and PolarSSL? mattock 23:15:40 patch tracking page up-to-date: https://community.openvpn.net/openvpn/wiki/PolarSSLintegration?version=60 vpnHelper 23:15:42 Title: PolarSSLintegration â OpenVPN Community (at community.openvpn.net) andj 23:15:58 not entirely sure, significant is all I can say thanks, mattock 23:16:05 mattock 23:16:15 thanks to everyone! andj 23:16:18 you can disable most modules in polarssl http://polarssl.org/source_code 23:16:34 vpnHelper 23:16:35 Title: PolarSSL Source Code overview - PolarSSL (at polarssl.org) mattock 23:16:48 I'll write the summary tomorrow
