On Tuesday 01 April 2014 00:45:16 Steffan Karger wrote:
> The attached patch fixes your problem, but if there is someone around
> with a better idea (and, preferrably, patch) to fix it, I'm all ears!
ACK, fixes the problem indeed, without introducing a new set of flags even.
Thanks
Heiko
Hi,
On 31-03-14 16:13, Heiko Hund wrote:
> On Sunday 23 March 2014 14:27:43 Steffan Karger wrote:
>> +AC_EGREP_CPP(have_ssl_op_no_ticket, [
>> +#include
>
> We just found that this breaks if the openssl headers are in a non-standard
> place. The test above sets the -I option in CFLAGS,
On Sunday 23 March 2014 14:27:43 Steffan Karger wrote:
> +AC_EGREP_CPP(have_ssl_op_no_ticket, [
> +#include
We just found that this breaks if the openssl headers are in a non-standard
place. The test above sets the -I option in CFLAGS, but not in CPPFLAGS. So,
maybe we should generally
On Sun, Mar 23, 2014 at 1:26 PM, Gert Doering wrote:
> On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote:
> > ACK. Message looks correct and clear to me.
>
> Thanks. Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849.
>
> Can you send the needed patch for master/2.4?
>
Hi,
On Sun, Mar 23, 2014 at 10:22:57AM +0100, Steffan Karger wrote:
> ACK. Message looks correct and clear to me.
Thanks. Committed and pushed as 2cf9d4e3f06f4a61cb6d159728ac6c8a790d6849.
Can you send the needed patch for master/2.4?
gert
--
USENET is *not* the non-clickable part of WWW!
Hi,
On Sat, Mar 22, 2014 at 7:35 PM, Gert Doering wrote:
> On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote:
> > > So it seems I spoke too soon... sorry for the noise, although I must
> > > say that I'm still in favour of checking for the existence of an IFDEF
> > > instead of rely
Hi,
On Tue, Mar 18, 2014 at 05:40:41PM +0100, Steffan Karger wrote:
> > So it seems I spoke too soon... sorry for the noise, although I must
> > say that I'm still in favour of checking for the existence of an IFDEF
> > instead of relying on a particular version...
>
> Point taken, just checking
On 18/03/14 17:40, Steffan Karger wrote:
> Hi,
>
> On 18/03/2014 14:44, Jan Just Keijser wrote:
>> On 18/03/14 14:12, David Sommerseth wrote:
>>> On 18/03/14 10:51, Jan Just Keijser wrote:
On 18/03/14 10:39, Steffan Karger wrote:
>> On 17/03/2014 23:23, James Yonan wrote:
>>
>> On
Hi,
On 18/03/2014 14:44, Jan Just Keijser wrote:
> On 18/03/14 14:12, David Sommerseth wrote:
> > On 18/03/14 10:51, Jan Just Keijser wrote:
> >> On 18/03/14 10:39, Steffan Karger wrote:
> On 17/03/2014 23:23, James Yonan wrote:
>
> On 17/03/2014 14:29, Gert Doering wrote:
> > R
Hi David,
On 18/03/14 14:12, David Sommerseth wrote:
On 18/03/14 10:51, Jan Just Keijser wrote:
On 18/03/14 10:39, Steffan Karger wrote:
Hi,
On 17/03/2014 23:23, James Yonan wrote:
On 17/03/2014 14:29, Gert Doering wrote:
Right now, if I read configure.ac correct, we require 0.9.6 or later
On 18/03/14 10:39, Steffan Karger wrote:
> Hi,
>
>> On 17/03/2014 23:23, James Yonan wrote:
>>
>> On 17/03/2014 14:29, Gert Doering wrote:
>>> Right now, if I read configure.ac correct, we require 0.9.6 or later
>>> (and check this only if pkg-config is available) - but obviously,
>>> SSL_OP_NO_TI
On 18/03/14 10:39, Steffan Karger wrote:
Hi,
On 17/03/2014 23:23, James Yonan wrote:
On 17/03/2014 14:29, Gert Doering wrote:
Right now, if I read configure.ac correct, we require 0.9.6 or later
(and check this only if pkg-config is available) - but obviously,
SSL_OP_NO_TICKET was added later
Hi,
> On 17/03/2014 23:23, James Yonan wrote:
>
> On 17/03/2014 14:29, Gert Doering wrote:
> > Right now, if I read configure.ac correct, we require 0.9.6 or later
> > (and check this only if pkg-config is available) - but obviously,
> > SSL_OP_NO_TICKET was added later on.
> >
> > Fix 1: only us
On 17/03/2014 14:29, Gert Doering wrote:
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
However, even with the above code, stateless session resumption
is still possible unless explicitly disabled with the
SSL_OP_NO_TICKET flag. This patch does this.
This actually raises an
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> However, even with the above code, stateless session resumption
> is still possible unless explicitly disabled with the
> SSL_OP_NO_TICKET flag. This patch does this.
This actually raises an interesting question. My OpenSolaris
On 17/03/14 11:08, Steffan Karger wrote:
> Hi,
>
>> -Original Message-
>> From: Gert Doering [mailto:g...@greenie.muc.de]
>> Sent: maandag 17 maart 2014 9:34
>> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
>> context for Open
Hi,
> -Original Message-
> From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net]
> Sent: maandag 17 maart 2014 11:40
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumpt
Hi,
> -Original Message-
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: maandag 17 maart 2014 9:34
> Subject: Re: [Openvpn-devel] [PATCH] Set SSL_OP_NO_TICKET flag in SSL
> context for OpenSSL builds, to disable TLS stateless session
> resumption.
>
>
Hi,
On Sun, Mar 16, 2014 at 06:49:36PM -0600, James Yonan wrote:
> OpenVPN doesn't want or need SSL session renegotiation or
> resumption, as it handles renegotiation on its own.
>
> For this reason, OpenVPN always disables the SSL session cache:
>
> SSL_CTX_set_session_cache_mode (ctx, SSL_SESS
OpenVPN doesn't want or need SSL session renegotiation or
resumption, as it handles renegotiation on its own.
For this reason, OpenVPN always disables the SSL session cache:
SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_OFF)
However, even with the above code, stateless session resumption
i
20 matches
Mail list logo