Re: [Openvpn-devel] PKCS#11 - a little bit of help?

2018-01-03 Thread Emmanuel Deloget
Hello Steffan, On Mon, Jan 1, 2018 at 4:36 PM, Steffan Karger wrote: > Hi, > > On 01-01-18 14:57, Emmanuel Deloget wrote: > > I'm trying to get openvpn read my certificates from a TPM2 using a > > specially crafted PKCS#11 provider (the existing tpm2-pk11 is quite > > limited

Re: [Openvpn-devel] [PATCH] reliable: remove reliable_unique_retry()

2018-01-03 Thread Arne Schwabe
Am 03.01.18 um 10:40 schrieb Steffan Karger: > This function has been in the code since 2005, and enabled since 2010, but > it's not clear why we'd want this behaviour. > > Running some simple tests, where I simulate an server->client link of > 1mbit with 30ms delay and 1% packet loss, and a

Re: [Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

2018-01-03 Thread Emmanuel Deloget
Hello, On Wed, Jan 3, 2018 at 9:34 AM, Arne Schwabe wrote: > Am 03.01.18 um 09:19 schrieb Steffan Karger: > > On 03-01-18 03:22, Selva Nair wrote: > >> This is with openssl 1.0.1 and that could be the problem -- it may not > >> have EVP_PKEY_get0_RSA() in which case the

[Openvpn-devel] [PATCH] reliable: remove reliable_unique_retry()

2018-01-03 Thread Steffan Karger
This function has been in the code since 2005, and enabled since 2010, but it's not clear why we'd want this behaviour. Running some simple tests, where I simulate an server->client link of 1mbit with 30ms delay and 1% packet loss, and a client->server link of 200kbit, 200ms delay, I get the

Re: [Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

2018-01-03 Thread Arne Schwabe
Am 03.01.18 um 09:19 schrieb Steffan Karger: > On 03-01-18 03:22, Selva Nair wrote: >> This is with openssl 1.0.1 and that could be the problem -- it may not >> have EVP_PKEY_get0_RSA() in which case the compatibility interface in >> use is probably not smart enough... > > Exactly this is the

Re: [Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

2018-01-03 Thread Steffan Karger
On 03-01-18 03:22, Selva Nair wrote: > This is with openssl 1.0.1 and that could be the problem -- it may not > have EVP_PKEY_get0_RSA() in which case the compatibility interface in > use is probably not smart enough... Exactly this is the case I think. The following should solve the issue: ---

Re: [Openvpn-devel] [PATCH] Return NULL if GetAdaptersInfo fails

2018-01-03 Thread Simon Rozman
Hi, > -Original Message- > From: selva.n...@gmail.com [mailto:selva.n...@gmail.com] > Sent: Wednesday, January 03, 2018 5:02 AM > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH] Return NULL if GetAdaptersInfo fails > > From: Selva Nair >

Re: [Openvpn-devel] [PATCH] Return NULL if GetAdaptersInfo fails

2018-01-03 Thread Илья Шипицин
is it related to trac#973 ? 2018-01-03 9:02 GMT+05:00 : > From: Selva Nair > > - Currently a pointer to potentially uninitialized IP_ADAPTER_INFO > struct is returned on error causing ill-defined behaviour. > > Signed-off-by: Selva Nair

Re: [Openvpn-devel] [PATCH] Return NULL if GetAdaptersInfo fails

2018-01-03 Thread Steffan Karger
Hi, On 03-01-18 05:02, selva.n...@gmail.com wrote: > From: Selva Nair > > - Currently a pointer to potentially uninitialized IP_ADAPTER_INFO > struct is returned on error causing ill-defined behaviour. > > Signed-off-by: Selva Nair > --- > >

Re: [Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

2018-01-03 Thread Arne Schwabe
Am 03.01.18 um 03:22 schrieb Selva Nair: > Hi, > > I expected an error message saying only RSA certs are supported for > --management-external-key, but openvpn appears to segfault if a cert > with an ECC key is used with that option. > > A stack trace shows it fails in ssl_openssl.c line 1117