subject:"Re\: \[Openvpn\-devel\] \[PATCH\] Make \-\-cipher\/\-\-auth none more explicit on the risks"

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

2017-04-11 Thread Steffan Karger

On 11-04-17 10:55, David Sommerseth wrote:
> On 11/04/17 06:26, Simon Matter wrote:
>>> The warning provided to --cipher and --auth using the 'none' setting may
>>> not have been too clearly understandable to non-developers or people not
>>> fully understanding encryption and cryptography.  This tries to improve
>>> that.
>>>
>>> While at it, also break up the long source lines.
>>>
>>> Signed-off-by: David Sommerseth 
>>> ---
>>>  src/openvpn/crypto.c | 11 +--
>>>  src/openvpn/init.c   |  5 -
>>>  2 files changed, 13 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
>>> index 909f725..8a5c723 100644
>>> --- a/src/openvpn/crypto.c
>>> +++ b/src/openvpn/crypto.c
>>> @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char
>>> *ciphername,
>>>  {
>>>  if (warn)
>>>  {
>>> -msg(M_WARN, "*** WARNING ***: null cipher specified,
>>> no encryption will be used");
>>> +msg(M_WARN, "*** WARNING ***: '--cipher none' was
>>> specified. "
>>> +"This means NO encryption will be performed and tunnelled
>>> "
>>> +"data WILL be transmitted in clear text over the network!
>>> "
>>> +"PLEASE DO RECONIDER THIS SETTING!");
>>
>> Hi
>>
>> Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches.
> 
> Meh, yeah, sorry about that.  That need to be fixed, but also something
> I can fix on-the-fly at commit time; that's an uncritical last minute
> change.  Just need an ACK first ;-)

ACK if you fix the typos :)

-Steffan




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

2017-04-11 Thread David Sommerseth

On 11/04/17 06:26, Simon Matter wrote:
>> The warning provided to --cipher and --auth using the 'none' setting may
>> not have been too clearly understandable to non-developers or people not
>> fully understanding encryption and cryptography.  This tries to improve
>> that.
>>
>> While at it, also break up the long source lines.
>>
>> Signed-off-by: David Sommerseth 
>> ---
>>  src/openvpn/crypto.c | 11 +--
>>  src/openvpn/init.c   |  5 -
>>  2 files changed, 13 insertions(+), 3 deletions(-)
>>
>> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
>> index 909f725..8a5c723 100644
>> --- a/src/openvpn/crypto.c
>> +++ b/src/openvpn/crypto.c
>> @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char
>> *ciphername,
>>  {
>>  if (warn)
>>  {
>> -msg(M_WARN, "*** WARNING ***: null cipher specified,
>> no encryption will be used");
>> +msg(M_WARN, "*** WARNING ***: '--cipher none' was
>> specified. "
>> +"This means NO encryption will be performed and tunnelled
>> "
>> +"data WILL be transmitted in clear text over the network!
>> "
>> +"PLEASE DO RECONIDER THIS SETTING!");
> 
> Hi
> 
> Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches.

Meh, yeah, sorry about that.  That need to be fixed, but also something
I can fix on-the-fly at commit time; that's an uncritical last minute
change.  Just need an ACK first ;-)


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc




signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

2017-04-10 Thread Simon Matter

> The warning provided to --cipher and --auth using the 'none' setting may
> not have been too clearly understandable to non-developers or people not
> fully understanding encryption and cryptography.  This tries to improve
> that.
>
> While at it, also break up the long source lines.
>
> Signed-off-by: David Sommerseth 
> ---
>  src/openvpn/crypto.c | 11 +--
>  src/openvpn/init.c   |  5 -
>  2 files changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
> index 909f725..8a5c723 100644
> --- a/src/openvpn/crypto.c
> +++ b/src/openvpn/crypto.c
> @@ -784,7 +784,10 @@ init_key_type(struct key_type *kt, const char
> *ciphername,
>  {
>  if (warn)
>  {
> -msg(M_WARN, "*** WARNING ***: null cipher specified,
> no encryption will be used");
> +msg(M_WARN, "*** WARNING ***: '--cipher none' was
> specified. "
> +"This means NO encryption will be performed and tunnelled
> "
> +"data WILL be transmitted in clear text over the network!
> "
> +"PLEASE DO RECONIDER THIS SETTING!");

Hi

Small typos, you may want to 's/RECONIDER/RECONSIDER/g' the patches.

Regards,
Simon



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

Re: [Openvpn-devel] [PATCH] Make --cipher/--auth none more explicit on the risks

3 matches

Site Navigation

Mail list logo

Footer information