On Sun, Dec 25, 2016 at 6:20 PM, Steffan Karger wrote:
> Hi,
>
> On 18-12-16 22:26, Gert Doering wrote:
>> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
>>> Our internal options digest uses MD5 hashes to store the state, instead of
>>> storing the full options string. There's no
Hi,
On 18-12-16 22:26, Gert Doering wrote:
> On Sun, Dec 18, 2016 at 05:40:55PM +0100, Steffan Karger wrote:
>> Our internal options digest uses MD5 hashes to store the state, instead of
>> storing the full options string. There's nothing wrong with that, but it
>> would still be better to use SH
Ever since we support TLS 1.2 (OpenVPN 2.3.3+), the RSA_SIGN might not
only request MD5-SHA1 'TLS signatures', but also other variants.
Document this by updating the implementation hints, and explicitly
stating that we expect a PKCS#1 1.5 signature.
Trac: #764
Signed-off-by: Steffan Karger
---
As suggested by krzee in trac #790, refer to the --tls-crypt option
form the --tls-auth section of the man page, to encourage users to
check out the --tls-crypt feature.
Trac: #790
Signed-off-by: Steffan Karger
---
doc/openvpn.8 | 5 +
1 file changed, 5 insertions(+)
diff --git a/doc/openv
Hi,
On 25-12-16 15:42, Franco Fichtner wrote:
> This is an issue seen on FreeBSD 10.3 (OPNsense 16.7) with the
> 2.4-RC2 version, while 2.3.14 works as expected (connection ok):
>
> Dec 23 09:10:58 openvpn[76817]: SIGTERM[hard,] received, process exiting
> Dec 23 09:10:55 openvpn[76817]: /usr/loc
On 25 December 2016 at 20:41, Gert Doering wrote:
> On Sun, Dec 25, 2016 at 08:58:23PM +0800, Antonio Quartulli wrote:
>> What is the general rule then? cron2 explained me on IRC that in the past
>> some C
>> programs would crash when trying to print NULL, but it should not be
>> the case anymore
Hi,
On Sun, Dec 25, 2016 at 08:58:23PM +0800, Antonio Quartulli wrote:
> What is the general rule then? cron2 explained me on IRC that in the past
> some C
> programs would crash when trying to print NULL, but it should not be
> the case anymore (at least on Linux).
As mentioned occasionally, we
Hi list,
This is an issue seen on FreeBSD 10.3 (OPNsense 16.7) with the
2.4-RC2 version, while 2.3.14 works as expected (connection ok):
Dec 23 09:10:58 openvpn[76817]: SIGTERM[hard,] received, process exiting
Dec 23 09:10:55 openvpn[76817]: /usr/local/sbin/ovpn-linkdown ovpns7 1500 1564
10.2.0.
On Sun, Dec 25, 2016 at 06:09:01PM +0800, Antonio Quartulli wrote:
> On Sun, Dec 25, 2016 at 10:44:45AM +0100, Steffan Karger wrote:
> >
> > On 19-12-16 02:39, Antonio Quartulli wrote:
> > > Carrying around the INLINE_TAG is not really efficient,
> > > because it requires a strcmp() to be performe
On 25 December 2016 at 11:59, Gert Doering wrote:
> This is no longer needed, as anything 2.4 or later is known to have
> this functionality, and IV_VER can be used to detect this on the server.
>
> Signed-off-by: Gert Doering
> ---
> src/openvpn/ssl.c | 3 ---
> 1 file changed, 3 deletions(-)
>
This is no longer needed, as anything 2.4 or later is known to have
this functionality, and IV_VER can be used to detect this on the server.
Signed-off-by: Gert Doering
---
src/openvpn/ssl.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 15f62f2
On Sun, Dec 25, 2016 at 10:44:45AM +0100, Steffan Karger wrote:
>
> On 19-12-16 02:39, Antonio Quartulli wrote:
> > Carrying around the INLINE_TAG is not really efficient,
> > because it requires a strcmp() to be performed every
> > time we want to understand if the data is stored inline
> > or no
On Sun, Dec 25, 2016 at 09:58:31AM +, Arne Schwabe wrote:
> Am 25.12.16 um 09:44 schrieb Steffan Karger:
> >> +bool pkcs12_file_inline; /* contains the base64 encoding of pkcs12
> >> file */
> > This comment is no longer accurate, and should probably just be removed.
> >
>
> I don't see
Hi,
On 25 December 2016 at 10:58, Arne Schwabe wrote:
> Am 25.12.16 um 09:44 schrieb Steffan Karger:
>>> +bool pkcs12_file_inline; /* contains the base64 encoding of pkcs12
>>> file */
>> This comment is no longer accurate, and should probably just be removed.
>>
>
> I don't see the patch ch
Am 25.12.16 um 09:44 schrieb Steffan Karger:
>> +bool pkcs12_file_inline; /* contains the base64 encoding of pkcs12 file
>> */
> This comment is no longer accurate, and should probably just be removed.
>
I don't see the patch changing that, so I would assume it to be still.
Furthermore, chan
On 19-12-16 02:39, Antonio Quartulli wrote:
> Carrying around the INLINE_TAG is not really efficient,
> because it requires a strcmp() to be performed every
> time we want to understand if the data is stored inline
> or not.
>
> Convert all the *_inline attributes to bool to make the
> logic easi
16 matches
Mail list logo