Hi, On Mon, Oct 8, 2018 at 5:50 PM Arne Schwabe <a...@rfc2549.org> wrote:
> For TLS 1.0 to 1.2 OpenSSL calls us and requires a PKCS1 padded > response, for TLS 1.3 it requires to an unpadded response. Since we > can PCKS1 pad an unpadded response, we prefer to always query for > an unpadded response from the management interface and add the PCKS1 > padding ourselves when needed. > > This patch adds an 'unpadded' parameter to the management-external-key > option to signal that it is uses the new unpadded API. Since we cannot > support TLS 1.3 without unpadded queries we disable TLS 1.3 otherwise. > We also do the same for cryptoapi since it uses the same API. > > Using the management api client version instead might seem like the > more logical way but since we only now that version very late, > it would extra logic and complexity to deal with this asynchronous > behaviour . > I am a bit confused about these patches. Is it that old 3/4 and 4/4 of became v2 2/3 and v2 3/3 ? If so, is 1/3 mistakenly added to this series (it about removing some superfluous MANAGEMENT_xxx defines..) or does 2/3 and 3/3 depend on it? It may help if you mark the superseded patches as such on patchwork so that the newest versions stand out. Thanks, Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
