In addition to the thorough review from Steffan, I have tortured
this patch on the client and server side (read: patched client
talking to an old server, old clients talking to a patched server,
patched client talking to patched server, with/without NCP) and
everything succeeded/failed as expected.
I have actually seen the handshake happen between openssl client
and server, and mbedtls 2.24.0 (gentoo) client / openssl server
(I have not checked if the handshake had any actual *effect*, just
if I could see it in the PUSH_REPLY message, and that ping worked
afterwards).
"PUSH_REPLY ... cipher none,key-derivation tls-ekm" looks weird :-)
Your patch has been applied to the master branch.
commit 6dc09d0d4520483716530e12a444b156720cdfcc
Author: Arne Schwabe
Date: Fri Oct 9 13:54:53 2020 +0200
Implement generating data channel keys via EKM/RFC 5705
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Steffan Karger <steffan.kar...@foxcrypto.com>
Message-Id: <20201009115453.4279-1-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21187.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
