[Openvpn-devel] [PATCH v3 2/2] Add unit tests for engine keys

Testing engines is problematic, so one of the prerequisites built for the tests is a simple openssl engine that reads a non-standard PEM guarded key. The test is simply can we run a client/server configuration with the usual sample key replaced by an engine key. The trivial engine prints out some

[Openvpn-devel] PATCH v3 1/2] openssl: add engine method for loading the key

As well as doing crypto acceleration, engines can also be used to load key files. If the engine is set, and the private key loading fails for bio methods, this patch makes openvpn try to get the engine to load the key. If that succeeds, we end up using an engine based key. This can be used with

[Openvpn-devel] [PATCH v3 0/2] add engine keys keys

Engine keys are an openssl concept for a key file which can only be understood by an engine (usually because it's been wrapped by the engine itself). We use this for TPM engine keys, so you can either generate them within your TPM or wrap them from existing private keys. Once wrapped, the keys

[Openvpn-devel] [PATCH v2 1/3] Move code to free cd to a function CAPI_DATA_free()

From: Selva Nair - Avoids code-repetition especially so when support for more key types are added. Signed-off-by: Selva Nair --- v2: Same as the ACK-ed v1 but the extra newline removed. src/openvpn/cryptoapi.c | 62

[Openvpn-devel] [PATCH v2 2/3] Move setting private key to a function in prep for EC support

From: Selva Nair - Also add reference counting to CAPI_DATA (application data): When the application data is assigned to the private key we free it in the key's finish method. Proper error handling requires to keep track of whether data is assigned to the key or

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi, On Fri, Jan 26, 2018 at 10:26:58AM -0500, Selva Nair wrote: > The mystery (at least for me) is where that host part is coming > from... Its zeroed out before setting the route, and I thought the > same (?) route list pointer is > passed in while deleting routes. "I seem to remember code

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi, On 26/01/18 16:26, Selva Nair wrote: On Fri, Jan 26, 2018 at 10:20 AM, Jan Just Keijser wrote: On 26-Jan-18 16:08, Selva Nair wrote: arrrgh, the important line is missing: ERROR: Windows route add ipv6 command failed: returned error code 1 Gert has explained the

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi, On Fri, Jan 26, 2018 at 10:20 AM, Jan Just Keijser wrote: > Hi Selva, > > > > > On 26-Jan-18 16:08, Selva Nair wrote: >> ... >>> arrrgh, the important line is missing: >>> ERROR: Windows route add ipv6 command failed: returned error code 1 >> >> Gert has explained the

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi Selva, On 26-Jan-18 16:08, Selva Nair wrote: On Fri, Jan 26, 2018 at 8:23 AM, Jan Just Keijser wrote: On 26/01/18 14:11, Jan Just Keijser wrote: the patch works as expected but I did notice something in the openvpn log : Fri Jan 26 14:08:09 2018 do_ifconfig,

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi, On Fri, Jan 26, 2018 at 8:23 AM, Jan Just Keijser wrote: > On 26/01/18 14:11, Jan Just Keijser wrote: >> >> the patch works as expected but I did notice something in the openvpn log >> : >> >> Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 >> Fri Jan

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Hi, On Fri, Jan 26, 2018 at 02:11:52PM +0100, Jan Just Keijser wrote: > the route was added with the default GW of fe80::8 : should I be worried ? fe80::8 is our/my tun-over-tap hack. On "proper" tun devices, there is no ARP or IPv6 neighbour discovery, so you can point routes toward the

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

On 26/01/18 14:11, Jan Just Keijser wrote: the patch works as expected but I did notice something in the openvpn log : Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 Fri Jan 26 14:08:10 2018 NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address interface=17

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

the patch works as expected but I did notice something in the openvpn log : Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1 Fri Jan 26 14:08:10 2018 NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address interface=17 2001:610:120::200:0:1001 store=active Fri Jan 26

Re: [Openvpn-devel] [PATCH v3] Use lowest metric interface when multiple interfaces match a route

Works as expected. Tested-by: Jan Just Keijser On 24/01/18 18:31, selva.n...@gmail.com wrote: From: Selva Nair Currently a route addition using IPAPI or service is skipped if the route gateway is reachable by multiple interfaces. This changes that

[Openvpn-devel] [PATCH v2] Enable stricter compiler warnings by default

This by default enables the compiler warnings one could previously enable using the --enable-strict configure option. I think it is okay to do so now, because we've taken care of many warnings in the more standard builds. (Most of those were totally harmless, but they prevented us from spotting

Re: [Openvpn-devel] [PATCH 2/3] Move setting private key to a function in prep for EC support

Hi, On 24-01-18 06:06, selva.n...@gmail.com wrote: > From: Selva Nair > > - Also add reference counting to CAPI_DATA (application data): > > When the application data is assigned to the private key > we free it in the key's finish method. Proper error handling >

Re: [Openvpn-devel] [PATCH 1/3] Move code to free cd to a function CAPI_DATA_free()

Hi, On 24-01-18 06:06, selva.n...@gmail.com wrote: > From: Selva Nair > > - Avoids code-repetition especially so when support > for more key types are added. > > Signed-off-by: Selva Nair > --- > src/openvpn/cryptoapi.c | 63 >