Testing engines is problematic, so one of the prerequisites built for
the tests is a simple openssl engine that reads a non-standard PEM
guarded key. The test is simply can we run a client/server
configuration with the usual sample key replaced by an engine key.
The trivial engine prints out some
As well as doing crypto acceleration, engines can also be used to load
key files. If the engine is set, and the private key loading fails
for bio methods, this patch makes openvpn try to get the engine to
load the key. If that succeeds, we end up using an engine based key.
This can be used with t
Engine keys are an openssl concept for a key file which can only be
understood by an engine (usually because it's been wrapped by the
engine itself). We use this for TPM engine keys, so you can either
generate them within your TPM or wrap them from existing private keys.
Once wrapped, the keys wi
From: Selva Nair
- Avoids code-repetition especially so when support
for more key types are added.
Signed-off-by: Selva Nair
---
v2: Same as the ACK-ed v1 but the extra newline removed.
src/openvpn/cryptoapi.c | 62 +
1 file changed, 27 insert
From: Selva Nair
- Also add reference counting to CAPI_DATA (application data):
When the application data is assigned to the private key
we free it in the key's finish method. Proper error handling
requires to keep track of whether data is assigned to the
key or not before an error occur
Hi,
On Fri, Jan 26, 2018 at 10:26:58AM -0500, Selva Nair wrote:
> The mystery (at least for me) is where that host part is coming
> from... Its zeroed out before setting the route, and I thought the
> same (?) route list pointer is
> passed in while deleting routes.
"I seem to remember code chan
Hi,
On 26/01/18 16:26, Selva Nair wrote:
On Fri, Jan 26, 2018 at 10:20 AM, Jan Just Keijser wrote:
On 26-Jan-18 16:08, Selva Nair wrote:
arrrgh, the important line is missing:
ERROR: Windows route add ipv6 command failed: returned error code 1
Gert has explained the fe80::8 magic.
Here
Hi,
On Fri, Jan 26, 2018 at 10:20 AM, Jan Just Keijser wrote:
> Hi Selva,
>
>
>
>
> On 26-Jan-18 16:08, Selva Nair wrote:
>>
...
>>> arrrgh, the important line is missing:
>>> ERROR: Windows route add ipv6 command failed: returned error code 1
>>
>> Gert has explained the fe80::8 magic.
>>
>>
Hi Selva,
On 26-Jan-18 16:08, Selva Nair wrote:
On Fri, Jan 26, 2018 at 8:23 AM, Jan Just Keijser wrote:
On 26/01/18 14:11, Jan Just Keijser wrote:
the patch works as expected but I did notice something in the openvpn log
:
Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=
Hi,
On Fri, Jan 26, 2018 at 8:23 AM, Jan Just Keijser wrote:
> On 26/01/18 14:11, Jan Just Keijser wrote:
>>
>> the patch works as expected but I did notice something in the openvpn log
>> :
>>
>> Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
>> Fri Jan 26 14:08:10 2018 NETS
Hi,
On Fri, Jan 26, 2018 at 02:11:52PM +0100, Jan Just Keijser wrote:
> the route was added with the default GW of fe80::8 : should I be worried ?
fe80::8 is our/my tun-over-tap hack.
On "proper" tun devices, there is no ARP or IPv6 neighbour discovery, so
you can point routes toward the *interf
On 26/01/18 14:11, Jan Just Keijser wrote:
the patch works as expected but I did notice something in the openvpn log :
Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Fri Jan 26 14:08:10 2018 NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address interface=17 2001:61
the patch works as expected but I did notice something in the openvpn log :
Fri Jan 26 14:08:09 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Fri Jan 26 14:08:10 2018 NETSH: C:\Windows\system32\netsh.exe interface
ipv6 set address interface=17 2001:610:120::200:0:1001 store=active
Fri Jan 26 1
Works as expected.
Tested-by: Jan Just Keijser
On 24/01/18 18:31, selva.n...@gmail.com wrote:
From: Selva Nair
Currently a route addition using IPAPI or service is skipped if the
route gateway is reachable by multiple interfaces. This changes that
to use the interface with lowest metric. Im
This by default enables the compiler warnings one could previously
enable using the --enable-strict configure option. I think it is
okay to do so now, because we've taken care of many warnings in the
more standard builds. (Most of those were totally harmless, but they
prevented us from spotting n
Hi,
On 24-01-18 06:06, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Also add reference counting to CAPI_DATA (application data):
>
> When the application data is assigned to the private key
> we free it in the key's finish method. Proper error handling
> requires to keep track of
Hi,
On 24-01-18 06:06, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - Avoids code-repetition especially so when support
> for more key types are added.
>
> Signed-off-by: Selva Nair
> ---
> src/openvpn/cryptoapi.c | 63
> ++---
> 1 file cha
17 matches
Mail list logo