On 21/04/2014 05:33, Arne Schwabe wrote:
On 21.04.2014 09:10, James Yonan wrote:
remote-override -- replace the hostname in all remote
directives with alt-remote.
Just a question. How does remote-override differ from ip-remote-hint?
Both options seem to have the same effect aside from very
On 21/04/2014 05:27, Arne Schwabe wrote:
On 21.04.2014 09:10, James Yonan wrote:
Define PIP_OPT_MASK to represent all flags of interest to
process_ip_header, so that it can have a fast exit path
if no flags are set.
I haven't look at the code but if remember correctly, this method does
not
On 21/04/2014 05:49, Gert Doering wrote:
Hi,
On Mon, Apr 21, 2014 at 01:11:05PM +0200, Arne Schwabe wrote:
Yes. But with this patch it is always turned off, keeping OpenVPN in 99%
of installations in TLS 1.0. Is there any other known case where it
breaks aside from the Tomato OpenVPN client?
Patch has been applied to the master and release/2.3 branches.
commit 1e3a1786a80e4afac37133ce5d6a1dcff779a4ce (master)
commit 413f052937179c60cadf571933a3eb4b3058a7dc (release/2.3)
Author: Gert Doering
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sun Apr 20 20:41:01 2014 +0200
Hi,
On Mon, Apr 21, 2014 at 01:11:05PM +0200, Arne Schwabe wrote:
> Yes. But with this patch it is always turned off, keeping OpenVPN in 99%
> of installations in TLS 1.0. Is there any other known case where it
> breaks aside from the Tomato OpenVPN client?
Flags like {OPEN,POLAR}SSL_CFLAGS were used by the core build, but not by
the plugins. However, all plugins include openvpn-plugin.h, which need
crypto/ssl headers.
Signed-off-by: Steffan Karger
---
src/plugins/auth-pam/Makefile.am | 5 +++--
On 21.04.2014 09:10, James Yonan wrote:
Define PIP_OPT_MASK to represent all flags of interest to
process_ip_header, so that it can have a fast exit path
if no flags are set.
I haven't look at the code but if remember correctly, this method does
not get passed the actual flags but the flags
ACK (you're the one who builds most with MSVC anyway, so you know).
Your patch has been applied to the master and release/23 branches.
commit 6b8e2f4a8143a7260a06b6999dcb21c4c72fc620 (master)
commit 040b306f58fa0cc175c66ed67f390c0a289ddd4e (release/2.3)
Author: James Yonan
List-Post:
On 21.04.2014 12:42, Gert Doering wrote:
Hi,
On Mon, Apr 21, 2014 at 12:24:30PM +0200, Steffan Karger wrote:
On 21-04-14 09:10, James Yonan wrote:
For OpenSSL, this means to use TLSv1_(client|server)_method rather
than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags
for specific
On 20.04.2014 20:41, Gert Doering wrote:
- remove built tests/t_client.sh script on "make clean"
- ignore Linux iproute2 "ssthresh " output that sometimes shows up
in "ip -6 route show" and breaks before/after comparison
ACK.
Arne
ACK (as in "fixes the build for me". None of the default plugins will
actually *use* this, and any plugin using x509 stuff would have to be
adapted to the 1.3 API - yes, this is the way it is)
Your patch has been applied to the master branch.
commit cc1cee74c683ce92e56bb6a6170988fb6520b803
Hi,
On Mon, Apr 21, 2014 at 12:24:30PM +0200, Steffan Karger wrote:
> On 21-04-14 09:10, James Yonan wrote:
> > For OpenSSL, this means to use TLSv1_(client|server)_method rather
> > than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags
> > for specific TLS versions to disable.
>
>
Hi,
On 21-04-14 09:10, James Yonan wrote:
> For OpenSSL, this means to use TLSv1_(client|server)_method rather
> than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags
> for specific TLS versions to disable.
I'm not sure I understand the rationale behind this. If I don't specify
a
Hi,
On 21-04-14 11:04, Gert Doering wrote:
> When test-building, it seems that there is a patch missing to the plugin
> API bits...
Ah, right, I usually compile polar builds without the plugin api.
Attached a patch that should fix this. It compiles and passes client_t
tests, but I don't have
Your patch has been applied to the master branch.
commit 5e0112d9c60c488d3951491052d1aec8ef793023
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Tue Feb 4 13:58:05 2014 +0100
Improve error reporting during key/cert loading with PolarSSL.
Signed-off-by:
Updated patch.
vpn_binding_key:
- keying material derived by openvpn's crypto later (ssl.c:tls1_*)
- life time across negotiations (works a bit like EKM)
tls_ekm: Exported Keying Material [RFC 5705]
- derived when crypto backend support ( currently openssl >= 1.0.2 )
diff --git
Hi,
On Sat, Apr 19, 2014 at 04:33:39PM +0200, Steffan Karger wrote:
> Ouch, James was totally right. This would always be true, but should
> always be *false* for reasonable input; the check has to be the other
> way around. Attached the same two patches, except for that single
> character...
On 19/04/2014 08:33, Steffan Karger wrote:
Hi,
On 04/18/2014 02:49 PM, Steffan Karger wrote:
On 04/17/2014 09:41 PM, James Yonan wrote:
I'm not sure I understand the (SIZE_MAX - hashlen) > asn_len part.
Wouldn't this always be true for reasonable values of hashlen and asn_len?
This should
For OpenSSL, this means to use TLSv1_(client|server)_method rather
than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags
for specific TLS versions to disable.
For PolarSSL, this means to avoid calling ssl_set_min_version and
instead implicitly control the TLS version via allowed
MSVC 2013 C library now defines strtoull() function,
so use the native implementation when available.
Signed-off-by: James Yonan
---
config-msvc.h | 3 +++
1 file changed, 3 insertions(+)
diff --git a/config-msvc.h b/config-msvc.h
index 99c00f9..9a95ae6 100644
---
Define PIP_OPT_MASK to represent all flags of interest to
process_ip_header, so that it can have a fast exit path
if no flags are set.
Merged from OpenVPN 2.1
Signed-off-by: James Yonan
---
src/openvpn/forward.c | 6 +-
src/openvpn/forward.h | 4 +++-
2 files changed, 4
remote-override -- replace the hostname in all remote
directives with alt-remote.
Merged from OpenVPN 2.1
Signed-off-by: James Yonan
---
src/openvpn/options.c | 7 ++-
src/openvpn/options.h | 2 ++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git
22 matches
Mail list logo