Re: [Openvpn-devel] [PATCH] OpenSSL: Fix --crl-verify not loading multiple CRLs in one file

Am 07.04.20 um 03:28 schrieb WGH: > I think there has been some misunderstanding about the error handling in my > patch. > > On 4/2/20 5:25 PM, Arne Schwabe wrote: >>> backend_tls_ctx_reload_crl doesn't return an error (as it's void), and its >>> caller never checks OpenSSL error stack. So as th

Re: [Openvpn-devel] [PATCH] Do not write extra 0 byte for --gen-key with auth-token/tls-crypt-v2

Am 06.04.20 um 17:44 schrieb Steffan Karger: > Hi, > > On 06-04-2020 15:00, Arne Schwabe wrote: >> crypto_pem_encode put a nul-terminated terminated string into the >> buffer. This is useful for printf but should not be written into >> the file. >> >> Also for static keys, we were missing the nul

Re: [Openvpn-devel] [PATCH] Do not write extra 0 byte for --gen-key with auth-token/tls-crypt-v2

On 06-04-2020 18:00, Arne Schwabe wrote: > Am 06.04.20 um 17:44 schrieb Steffan Karger: >> Hi, >> >> On 06-04-2020 15:00, Arne Schwabe wrote: >>> crypto_pem_encode put a nul-terminated terminated string into the >>> buffer. This is useful for printf but should not be written into >>> the file. >>>

[Openvpn-devel] [PATCH applied] Re: Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata

Your patch has been applied to the master branch. While a bugfix, the code in question is not in release/2.4, so no need to backport. No real testing done, just a quick test compile. commit e23fb6b8c88a2aec160965769f6467d455c0d010 (master) Author: Arne Schwabe Date: Fri Apr 3 11:09:44 2020 +02

Re: [Openvpn-devel] [PATCH] Do not write extra 0 byte for --gen-key with auth-token/tls-crypt-v2

Hi, On 06-04-2020 15:00, Arne Schwabe wrote: > crypto_pem_encode put a nul-terminated terminated string into the > buffer. This is useful for printf but should not be written into > the file. > > Also for static keys, we were missing the nul termination when priting > it to stadout but since the

Re: [Openvpn-devel] [PATCH] Fix off-by-one in tls-crypt-v2 client wrapping with custom metadata

Hi, On 03-04-2020 11:09, Arne Schwabe wrote: > Instead of writing at the end of the metadata buffer, the decoded > base64 data overwrites the opcode as BPTR points to the beginning > of the buffer and not the current position. Replace with BEND to > fix this off-by-one > > Signed-off-by: Arne Sch

Re: [Openvpn-devel] [PATCH] Do not write extra 0 byte for --gen-key with auth-token/tls-crypt-v2

I have tested this fix all the way to ensuring that tls-cypt-v2.keys are created successfully and do allow successful VPN connection. I have not tested auth-tokens. Tested-by: Richard Bonhomme On 06/04/2020 14:00, Arne Schwabe wrote: crypto_pem_encode put a nul-terminated terminated string i

[Openvpn-devel] [PATCH] Do not write extra 0 byte for --gen-key with auth-token/tls-crypt-v2

crypto_pem_encode put a nul-terminated terminated string into the buffer. This is useful for printf but should not be written into the file. Also for static keys, we were missing the nul termination when priting it to stadout but since the buffer was cleared before, there was always a NULL byte in