Signed-off-by: Arne Schwabe
---
src/openvpn/misc.c| 19 +++
src/openvpn/misc.h| 14 ++
src/openvpn/ssl_mbedtls.c | 15 ++-
3 files changed, 35 insertions(+), 13 deletions(-)
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all groups per default is not a sensible
choice anymore and instead a
The Readme looks good. Just one suggestion.
On 16/04/2020 13:11, Arne Schwabe wrote:
Am 16.04.20 um 12:42 schrieb Juliusz Sosinowicz:
Hi Arne,
On 15/04/2020 11:31, Arne Schwabe wrote:
Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz:
This patch adds support for wolfSSL in OpenVPN. Support is
>>
>
> Other than my little nitpicks above, the patch looks good.
> However, I have a question.
>
> Since you are refactoring this code and this is going to master/2.5, why
> not reimplementing the get_num_elements() function using strtok() ?
>
strsep/strok have the disadvantage of modifying
Hi,
On 16/04/2020 13:39, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/crypto.h | 16 +---
> src/openvpn/crypto_mbedtls.c | 19 +++
> src/openvpn/crypto_openssl.c | 5 +
> 3 files changed, 25 insertions(+), 15 deletions(-)
>
>
Hi,
On 16/04/2020 15:49, Antonio Quartulli wrote:
> The tun interface has proved to be a bit fragile for basic netlink tests
> as it may introduce delays in switching state, depending on the system
> the test is ran on.
>
> For this reason, switch to dummy interface type and at the same type
>
The tun interface has proved to be a bit fragile for basic netlink tests
as it may introduce delays in switching state, depending on the system
the test is ran on.
For this reason, switch to dummy interface type and at the same type
set its oper-state to up right after creation to avoid hitting
To bring everything back to the agreed upon style, run uncrustify once
more. Uncrustify version used:
Uncrustify-0.70.1_f
I double checked the result by running uncrustify (Uncrustify-0.69.0_f)
from Ubuntu focal/20.04 which does not do any further changes and
uncrustify 0.66.1_f from
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto.h | 16 +---
src/openvpn/crypto_mbedtls.c | 19 +++
src/openvpn/crypto_openssl.c | 5 +
3 files changed, 25 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/crypto.h b/src/openvpn/crypto.h
index
These are small manual changes that are done to improve the code
style and also make the result of uncrustify better without mixing
manual changes/automatic changes into a single commit.
- Make prototype and function identical for gc_addspecial. Also fixes
uncrustify misparsing the embedded
Am 16.04.20 um 12:42 schrieb Juliusz Sosinowicz:
> Hi Arne,
>
> On 15/04/2020 11:31, Arne Schwabe wrote:
>> Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz:
>>> This patch adds support for wolfSSL in OpenVPN. Support is added by
>>> using wolfSSL's OpenSSL compatibility layer. Function calls are
Hi Arne,
On 15/04/2020 11:31, Arne Schwabe wrote:
Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz:
This patch adds support for wolfSSL in OpenVPN. Support is added by using
wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and
instead the OpenSSL includes point to
Hi Gert,
thanks for the suggestion. I will change this in the next patch after
looking into the issue that Arne brought up.
On 15/04/2020 11:48, Gert Doering wrote:
Hi,
as Arne said, this is much better.
On Tue, Apr 14, 2020 at 08:52:14PM +0200, Juliusz Sosinowicz wrote:
This patch adds
Hi,
On 16/04/2020 10:49, Arne Schwabe wrote:
> After the last big formatting patch a number of changes have been
> commited that do not conform with our style/uncrustify config. This
> has lead to the problem that running uncrustify on before sending PR
> some of the changes made by uncrustify
After the last big formatting patch a number of changes have been
commited that do not conform with our style/uncrustify config. This
has lead to the problem that running uncrustify on before sending PR
some of the changes made by uncrustify need to be backed out again.
To bring everything back
Your patch has been applied to the master and release/2.4 branch (bugfix).
I have amended the commit message to make it more clear what is the
risk (DoS against another random user of the same server, but no traffic
injection or stealing)
Code change is "obviously correct". Have still given
Your patch has been applied to the master and release/2.4 branch (bugfix).
I have read the semi-ACK from Arne, discussed with Lev, and we decided to
go for "we'll merge this simple change now, so that the bug is fixed, and
then we can have a longer discussion on how to make this code nicer"
17 matches
Mail list logo