Re: [Openvpn-devel] [PATCH 3/3] Implement tls-groups option to specify eliptic curves/groups

Hi, this patch looks pretty simple and easy to digest. However, there are several style things which are odd. See below: On 01/04/2020 12:21, Arne Schwabe wrote: > OpenSSL 1.1+ by default only allows signatures and key exchange from the > default list of X25519:secp256r1:X448:secp521r1:secp384r1

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

On 14/04/2020 20:52, Juliusz Sosinowicz wrote: > diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c > index 30eba7b2..a82c52ad 100644 > --- a/src/openvpn/cryptoapi.c > +++ b/src/openvpn/cryptoapi.c > @@ -39,6 +39,10 @@ > > #ifdef ENABLE_CRYPTOAPI > > +#ifdef ENABLE_CRYPTO_WOLFSSL >

Re: [Openvpn-devel] [PATCH] Fix broken async push with NCP is used

Am 13.03.20 um 17:59 schrieb Lev Stipakov: > From: Lev Stipakov > > With NCP and deferred auth, we perform cipher negotiation and > generate data channel keys on incoming push request, assuming that auth > succeeded. With async push, when auth succeeds in between push requests, > we send push rep

Re: [Openvpn-devel] [PATCH] Document some limitations of --auth-user-pass

Hi, On Fri, Mar 13, 2020 at 03:01:33PM +0200, sam...@openvpn.net wrote: > From: Samuli Seppänen > > URL: https://community.openvpn.net/openvpn/ticket/757 > Signed-off-by: Samuli Seppänen > --- I'm going to mark that patch in patchwork as "changes requested", given that Selva changed the issue

Re: [Openvpn-devel] [PATCH applied] Re: Skip expired certificates in Windows certificate store

Hi, On Wed, Apr 15, 2020 at 02:22:15PM -0400, Selva Nair wrote: > > is this one and aa6affe6df811db11577847366a569def0a3e314 also material > > for release/2.4? So "feature" or "bug" category? > > Yes it would be good to get this one and aa6affe into 2.4. This one > will cherry-pick with a minor

Re: [Openvpn-devel] [PATCH] Set the correct mtu on windows based systems

Hi, On Thu, Apr 04, 2019 at 01:16:56PM +0200, Christopher Schenk wrote: > Signed-off-by: Christopher Schenk > --- > include/openvpn-msg.h | 8 > src/openvpn/tun.c | 89 +++ > src/openvpnserv/interactive.c | 31 > 3 files chan

Re: [Openvpn-devel] [PATCH applied] Re: Skip expired certificates in Windows certificate store

Hi, > is this one and aa6affe6df811db11577847366a569def0a3e314 also material > for release/2.4? So "feature" or "bug" category? Yes it would be good to get this one and aa6affe into 2.4. This one will cherry-pick with a minor conflict in cryptoapicert.c, easily resolved. aa6affe should cherry-pi

Re: [Openvpn-devel] [PATCH applied] Re: Skip expired certificates in Windows certificate store

Hi, is this one and aa6affe6df811db11577847366a569def0a3e314 also material for release/2.4? So "feature" or "bug" category? (I've left this sit in my inbox and also in patchwork to remind me that I wanted to clarify this, and then never got around to actually do so) gert On Thu, Feb 13, 2020

Re: [Openvpn-devel] [PATCH applied] Fix possible access of uninitialized pipe handles

Hi, On Thu, Feb 20, 2020 at 07:21:24PM -0500, Selva Nair wrote: > On Thu, Feb 20, 2020 at 1:20 PM David Sommerseth wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > Your patch has been applied to the master branch > > > > commit 32723d29b2775d63d3fe329d017e7a08e0cdcb72 >

Re: [Openvpn-devel] [PATCH v2] Fix illegal client float

Hi, On 15/04/2020 11:32, Arne Schwabe wrote: > Am 15.04.20 um 09:30 schrieb Lev Stipakov: >> From: Lev Stipakov >> >> There is a time frame between allocating peer-id and initializing data >> channel key, which is performed on receiving push request. >> >> If a "rogue" data channel packet arrives

Re: [Openvpn-devel] Summary of the community meeting (15th April 2020) -- Win installer version checks

Hi, On Wed, Apr 15, 2020 at 11:52:50AM -0400, Nathan Stratton Treadway wrote: > (Of course, even better from a user standpoint would be a single unified > OpenVPN Windows installer which automatically installs the > correctly-signed drivers for the current system -- but I assume that > approach ha

Re: [Openvpn-devel] Summary of the community meeting (15th April 2020) -- Win installer version checks

On Wed, Apr 15, 2020 at 13:38:37 +0300, Samuli Seppänen wrote: > > Here's the summary of the IRC meeting. > > --- > > COMMUNITY MEETING > > Place: #openvpn-meeting on irc.freenode.net > Date: Wed 15th April 2020 > Time: 11:30 CEST (09:30 UTC) > [...] > > Mattock will check if it would be poss

Re: [Openvpn-devel] [PATCH 2/3] Refactor counting number of element in a : delimited list into function

Hi, On 01/04/2020 12:21, Arne Schwabe wrote: > --- > src/openvpn/misc.c| 18 ++ > src/openvpn/misc.h| 13 + > src/openvpn/ssl_mbedtls.c | 15 ++- > 3 files changed, 33 insertions(+), 13 deletions(-) > > diff --git a/src/openvpn/misc.c b/src

Re: [Openvpn-devel] [PATCH v2 4/5] Implement sending SSO challenge to clients

Am 27.03.20 um 22:09 schrieb David Sommerseth: > On 09/11/2019 16:13, Arne Schwabe wrote: >> This implements sending AUTH_PENDING and INFO_PRE messages to clients >> that indicate that the clients should be continue authentication with >> a second factor. This can currently be out of band (openurl)

[Openvpn-devel] Summary of the community meeting (15th April 2020)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 15th April 2020 Time: 11:30 CEST (09:30 UTC) Planned meeting topics for this meeting were here: Your local mee

[Openvpn-devel] [PATCH applied] Re: Fix OpenSSL 1.1.1 not using auto ecliptic curve selection

Your patch has been applied to the master and release/2.4 branch (bugfix). I've changed the title from "ecliptic" to "elliptic" curves, though :) Haven't tested, but have stared at the actual change and the surrounding code a bit, and hope that we can remove 1.0.x support soon... :-) commit d8ac

Re: [Openvpn-devel] [PATCH] Fix OpenSSL 1.1.1 not using auto ecliptic curve selection

Hi, On 28/03/2020 05:08, Arne Schwabe wrote: > Commit 8a01147ff attempted to avoid calling the deprecated/noop > operation SSL_CTX_set_ecdh_auto by surrounding it with #ifdef. > Unfortunately, that change also made the return; that would exit > the function no longer being compiled when using Open

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Hi, as Arne said, this is much better. On Tue, Apr 14, 2020 at 08:52:14PM +0200, Juliusz Sosinowicz wrote: > This patch adds support for wolfSSL in OpenVPN. Support is added by using > wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and > instead the OpenSSL includes po

Re: [Openvpn-devel] [PATCH v2] Fix illegal client float

Am 15.04.20 um 09:30 schrieb Lev Stipakov: > From: Lev Stipakov > > There is a time frame between allocating peer-id and initializing data > channel key, which is performed on receiving push request. > > If a "rogue" data channel packet arrives during that time frame from > another address and

Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz: > This patch adds support for wolfSSL in OpenVPN. Support is added by using > wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and > instead the OpenSSL includes point to wolfSSL headers and OpenVPN is linked > against the

[Openvpn-devel] [PATCH v2] Fix illegal client float

From: Lev Stipakov There is a time frame between allocating peer-id and initializing data channel key, which is performed on receiving push request. If a "rogue" data channel packet arrives during that time frame from another address and with same peer-id, this would cause client to float to th