>
> Second thing, more of a comment: 127 feels really low. 'AES-256-GCM' is
> 11 characters, so 127 / 12 (11 chars and a separator) says you're
> limiting to about 10 ciphers. If I do `openvpn --show-ciphers` there's
> a LOT of data there. I'd think, for future-proofing, you'd want to
> allow
Some operating system do not have the strsep function. Since this API
is more "modern" (4.4BSD) than strtok, add it as compat function.
At least Windows is missing strsep. FreeBSD, Linux, macOS and OpenSolaris
should not need the compat function.
Signed-off-by: Arne Schwabe
---
configure.ac
Signed-off-by: Arne Schwabe
---
src/openvpn/openvpn.vcxproj | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj
index 7446d97d..b3d35ba2 100644
--- a/src/openvpn/openvpn.vcxproj
+++ b/src/openvpn/openvpn.vcxproj
@@ -191,6 +191,7 @@
Am 14.11.19 um 22:58 schrieb Selva Nair:
> Hi David
>
> Thanks for the comments
>
> My idea was just to add -Werror right in the line above, and not
> extend the
> ACL_CHECK_ADD_COMPILE_FLAGS macro with another argument.
>
>
> I'm fine with that approach as well. Let me know if you
Am 10.11.19 um 21:17 schrieb Antonio Quartulli:
> CFLAGS may not resolve to anything and the build-check.sh script would
> just fail.
>
> Switch to EXTRA_FLAGS and use proper substitution so that the script won't
> error out when EXTRA_FLAGS is uninitialized.
>
> At the same time ensure that such
This allows unit test the NCP functions. The ssl.c file has too
many dependencies to make unit testing of it viable.
Signed-off-by: Arne Schwabe
---
src/openvpn/Makefile.am | 1 +
src/openvpn/init.c | 1 +
src/openvpn/multi.c | 1 +
src/openv
Our current NCP version is flawed in the way that it can only indicate support
for
AES-256-GCM and AES-128-GCM. While configuring client and server with different
ncp-cipher configuration directive works, the server will blindly push the first
cipher of that list to the client if the client sends
We currently always announce IV_NCP=2 when we support these ciphers even
when we do not accept them. This lead to a server pushing a AES-GCM-128
cipher to clients and the client then rejecting it.
Signed-off-by: Arne Schwabe
---
doc/openvpn.8| 2 ++
src/openvpn/init.c | 4
In scenarios of mbed TLS vs OpenSSL we already normalise the ciphers
that are send via the wire protocol via OCC to not have a mismatch
warning between server and client. This is done by
translate_cipher_name_from_openvpn. The same applies also to the
ncp-ciphers list. Specifying non normalised nam