On Wed, Jul 25, 2018 at 4:43 PM, Gert Doering wrote:
> Hi,
>
> On Wed, Jul 25, 2018 at 04:31:05PM -0500, Joe Bell wrote:
> > I don't know if it is appropriate to reply to this post in this manner,
>
> It is and it helps :-)
>
> We want test reports, as in "I am using this, because it is a useful
Not used yet, but prepare for sending and receiving tls-crypt-v2 handshake
messages.
Signed-off-by: Steffan Karger
---
v3: rebase on curent master / v3 patch set
src/openvpn/ps.c | 3 ++-
src/openvpn/ssl.c| 23 ++-
src/openvpn/ssl.h| 5 -
Rewrite buf_write_string_file to buffer_write_file, which is simpler to
use and can deal with not-null-terminated strings. Mostly implemented so
this can be easily reused for tls-crypt-v2 (client) key files.
Signed-off-by: Steffan Karger
---
v3: split change out of "generate client key", reuse
As a first step towards a full tls-crypt-v2 implementation, add
functionality to generate tls-crypt-v2 client keys.
Signed-off-by: Steffan Karger
---
v3: Include length in WKc
doc/openvpn.8 | 51 +
src/openvpn/init.c | 35 +-
src/openvpn/integer.h | 10 ++
To allow rejecting incoming connections very early in the handshake,
add a --tls-crypt-v2-verify option that allows administators to
run an external command to verify the metadata from the client key.
See doc/tls-crypt-v2.txt for more details.
Because of the extra dependencies, this requires
This is a preliminary description of tls-crypt-v2. It should give a good
impression about the reasoning and design behind tls-crypt-v2, but might
need some polishing and updating.
Signed-off-by: Steffan Karger
---
v3: Include length in WKc
doc/tls-crypt-v2.txt | 170
Add helper functions to unwrap tls-crypt-v2 client keys.
Signed-off-by: Steffan Karger
---
v3: Include length in WKc
src/openvpn/buffer.h | 7 +
src/openvpn/tls_crypt.c | 120 ++
tests/unit_tests/openvpn/test_tls_crypt.c | 253
This makes clients send-and-use, and servers receive-unwrap-and-use
tls-crypt-v2 client keys, which completes the on-the-wire work.
Signed-off-by: Steffan Karger
---
v3: include length in WKc, rebase on curent master / v3 patch set
src/openvpn/init.c| 41
>From 30e851ffafcc9ad76928d796f9b18144c8d79040 Mon Sep 17 00:00:00 2001
From: Kevin Kane
Date: Fri, 13 Jul 2018 09:47:43 -0700
Subject: Install/uninstall dialer DLL as part of Windows installer operation
Signed-off-by: Kevin Kane
---
windows-nsis/openvpn.nsi | 4
1 file changed, 4
>From 58cc8b37f567da867e3a6e2efa4c15de36495a79 Mon Sep 17 00:00:00 2001
From: Kevin Kane
Date: Fri, 13 Jul 2018 09:44:00 -0700
Subject: Register/unregister trusted custom dialer DLL when
installing/uninstalling service
Add copyright notice as required where Microsoft has contributed code
Hi,
On Wed, Jul 25, 2018 at 1:01 PM, Kevin Kane via Openvpn-devel
wrote:
> From ed96e2d91a0eb9ecdaab8d7104f397f7d77e5ced Mon Sep 17 00:00:00 2001
>
> From: Kevin Kane
>
> Date: Fri, 13 Jul 2018 09:50:00 -0700
>
> Subject: Update system tray to populate Windows VPN flyout
>
>
>
> Add a DLL to be
Hi,
On Wed, Jul 25, 2018 at 1:01 PM, Kevin Kane via Openvpn-devel
wrote:
> Ok, I’ve gotten clearance to contribute the dialer feature from Microsoft’s
> OpenVPN fork back upstream. As previously discussed, this feature isn’t
> production-ready because the integration I did was quick and dirty –
I agree. This was the consensus when we discussed this feature before, but
there was some interest in possibly taking this work in an experimental branch
and later building something more production-ready on top of the plumbing work.
It is with that expectation I'm offering it upstream.
Hi,
On Wed, Jul 25, 2018 at 01:34:44PM -0400, Selva Nair wrote:
> Do we have an experimental branch where we could add this so that we do
> not lose track of it?
If you tell me you want that and how I should name it, I'll add one.
OTOH it's in patchwork as well.
gert
--
"If was one thing all
Hi,
On Wed, Jul 25, 2018 at 1:45 PM, Gert Doering wrote:
> Hi,
>
> On Wed, Jul 25, 2018 at 01:34:44PM -0400, Selva Nair wrote:
>> Do we have an experimental branch where we could add this so that we do
>> not lose track of it?
>
> If you tell me you want that and how I should name it, I'll add
Hi,
as a side note, your mail client massacres leading whitespace, so
the patch is all squeezed to the left side:
On Wed, Jul 25, 2018 at 05:01:39PM +, Kevin Kane via Openvpn-devel wrote:
> diff --git a/Makefile.am b/Makefile.am
> index 8301087..d8435ed 100644
> --- a/Makefile.am
> +++
Ugh. Thanks, Outlook. I'd have to use a personal e-mail account to use
something other than Exchange.
The other option is for me to add the files to the e-mail as attachments. Is
that acceptable, or do you really need the patch text to be in the message body?
-Original Message-
From:
Hi,
On Wed, Jul 25, 2018 at 06:08:19PM +, Kevin Kane wrote:
> Ugh. Thanks, Outlook. I'd have to use a personal e-mail account to use
> something other than Exchange.
>
> The other option is for me to add the files to the e-mail as attachments. Is
> that acceptable, or do you really need
Add copyright notice as required where Microsoft has contributed code
Signed-off-by: Kevin Kane
---
src/openvpnserv/service.c | 241 +++---
1 file changed, 222 insertions(+), 19 deletions(-)
diff --git a/src/openvpnserv/service.c b/src/openvpnserv/service.c
Signed-off-by: Kevin Kane
---
windows-nsis/openvpn.nsi | 4
1 file changed, 4 insertions(+)
diff --git a/windows-nsis/openvpn.nsi b/windows-nsis/openvpn.nsi
index e92904d..aff7cb3 100755
--- a/windows-nsis/openvpn.nsi
+++ b/windows-nsis/openvpn.nsi
@@ -1,6 +1,7 @@
;
Add a DLL to be wired in as a custom dialer, which introduces new build
dependencies
Add copyright notices as required where Microsoft has contributed code
Signed-off-by: Kevin Kane
---
.gitignore | 3 +
BUILD.rst| 1 +
Makefile.am | 10 ++-
configure.ac | 4 ++
dialer.c |
Alright, I found the SMTP server and sent the patches out again with git
send-email. Let me know how those look.
-Original Message-
From: Gert Doering
Sent: Wednesday, July 25, 2018 11:18 AM
To: Kevin Kane
Cc: Gert Doering ; openvpn-devel
Subject: Re: [Openvpn-devel] [PATCH]
чт, 26 июл. 2018 г. в 1:04, Kevin Kane via Openvpn-devel <
openvpn-devel@lists.sourceforge.net>:
> Alright, I found the SMTP server and sent the patches out again with git
> send-email. Let me know how those look.
>
looks good from patchwork point of view:
I don't know if it is appropriate to reply to this post in this manner, but
Selva's static challenge response in the PAM plugin would be a great
addition; I've applied this and the base64 patch and can successfully use
the implementation with Tunnelblick (which is supporting static-challenge
as of
Hi,
On Wed, Jul 25, 2018 at 04:31:05PM -0500, Joe Bell wrote:
> I don't know if it is appropriate to reply to this post in this manner,
It is and it helps :-)
We want test reports, as in "I am using this, because it is a useful
feature for me, and it works fine!" - not as strong as a full code
25 matches
Mail list logo