[Openvpn-devel] [PATCH v2 2/2] Allow unicode search string in --cryptoapicert option

2018-04-02 Thread selva . nair
From: Selva Nair Currently when the certificate is specified as "SUBJ:foo", the string foo is assumed to be ascii. Change that and interpret it as utf-8, convert to a wide string, and flag it as unicode in CertFindCertifcateInStore(). Signed-off-by: Selva Nair

[Openvpn-devel] [PATCH v2 1/2] Skip expired certificates in Windows certificate store

2018-04-02 Thread selva . nair
From: Selva Nair Have the cryptoapicert option find the first matching certificate in store that is valid at the present time. Currently the first found item, even if expired, is returned. This makes it possible to update certifiates in store without having to delete old

Re: [Openvpn-devel] [PATCH v3] Improve management-external-key/cert error handling

2018-04-02 Thread Selva Nair
Hi, This one applies cleanly on top of master. On Mon, Apr 2, 2018 at 7:44 AM, Steffan Karger wrote: > > Check the return values of management_query_cert() and > tls_ctx_use_external_private_key(), and error out with a more descriptive > error message. To do so, we make the

Re: [Openvpn-devel] [PATCH 1/2] Skip expired certificates in Windows certificate store

2018-04-02 Thread Steffan Karger
Hi, On 02-04-18 16:58, Selva Nair wrote: > On Mon, Apr 2, 2018 at 8:37 AM, Steffan Karger wrote: >> Also, this looks like a somewhat unrelated fix. I would have personally >> preferred it in a separate patch (so we can e.g. backport it easily even >> if we decide not not

Re: [Openvpn-devel] [PATCH] Properly respond to SIGTERM received during DNS resolution.

2018-04-02 Thread Steffan Karger
Hi, On 06-02-18 06:53, Selva Nair wrote: > On Mon, Feb 5, 2018 at 7:52 PM, Jonathan K. Bullard > wrote: >> Hi, I'd like to reopen this patch -- it seems to have gotten lost. >> >> The patch is so old the line numbers are wrong but the code doesn't >> seem to have changed.

Re: [Openvpn-devel] [PATCH 1/2] Skip expired certificates in Windows certificate store

2018-04-02 Thread Steffan Karger
Hi, One comment based on stare-at-code only: On 12-03-18 02:17, selva.n...@gmail.com wrote: > @@ -636,6 +640,8 @@ find_certificate_in_store(const char *cert_prop, > HCERTSTORE cert_store) > } > if (!*++p) /* unexpected end of string */ > { > +

Re: [Openvpn-devel] [PATCH] Improve management-external-key/cert error handling

2018-04-02 Thread Steffan Karger
Hi, On 9 March 2018 at 04:38, Selva Nair wrote: > I wanted to give this a quick test, but it doesn't apply. > > It seems you have patch 116 (Antonio's "inline-tag changed to bool" > patch) in your local repo. Oops, you're right - this was based on top of my local working

[Openvpn-devel] [PATCH v3] Improve management-external-key/cert error handling

2018-04-02 Thread Steffan Karger
Check the return values of management_query_cert() and tls_ctx_use_external_private_key(), and error out with a more descriptive error message. To do so, we make the openssl-backed implementation of tls_ctx_use_external_private_key() not throw fatal error anymore. (And fix line wrapping while

Re: [Openvpn-devel] [PATCH] Depreciate IPv4-related options.

2018-04-02 Thread Marvin Adeff
Antonio, I certainly don’t disagree with you. However I think I’ve taken up enough bandwidth over this topic on Openvpn-devel. Thank you all. Marvin > On Apr 1, 2018, at 7:20 PM, Antonio Quartulli wrote: > >> On 02/04/18 10:12, Marvin Adeff wrote: >> Even on the internet