Attention is currently required from: ralf_lici. plaisthos has posted comments on this change by ralf_lici. ( http://gerrit.openvpn.net/c/openvpn/+/1478?usp=email )
Change subject: tls: reject incoming reneg request if primary key is not fully valid ...................................................................... Patch Set 2: Code-Review+2 (2 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/1478/comment/d36c7cbc_c403a599?usp=email : PS2, Line 12: checks deauthenticate the key without demoting its TLS state. Should we add the scenario where we just waiting for the hand-window to have the key be fully authenticated? The patch seem to address this but the commit message does not. File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/1478/comment/7f990c4b_9382fc22?usp=email : PS2, Line 3757: "TLS Error: rejecting incoming renegotiation request: key not fully authenticated/valid"); Maybe make this message a bit more verbose to help later debugging and print the key-id in ks too? -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1478?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I704c560fa23c03237d0f8adc30908a617265a5a1 Gerrit-Change-Number: 1478 Gerrit-PatchSet: 2 Gerrit-Owner: ralf_lici <[email protected]> Gerrit-Reviewer: plaisthos <[email protected]> Gerrit-CC: openvpn-devel <[email protected]> Gerrit-Attention: ralf_lici <[email protected]> Gerrit-Comment-Date: Mon, 16 Feb 2026 14:32:19 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
