Hi,
On 17/03/2021 23:34, Richard Bonhomme wrote:
> Suppress printing the complete Diffy Hellman parameters file
> to the log file when it has been configured as an inline file.
>
> Signed-off-by: Richard Bonhomme
This is indeed something that I forgot to change when implementing
Suppress printing the complete Diffy Hellman parameters file
to the log file when it has been configured as an inline file.
Signed-off-by: Richard Bonhomme
---
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
Your patch has been applied to the master branch.
Mildly tested on an OpenSSL 1.0.2u box, client side only. Works :-)
commit 476990d41ad78ac4419a3743cdab55c85c41b041
Author: Juliusz Sosinowicz
Date: Fri Mar 12 16:06:29 2021 +0100
EVP_DigestSignFinal siglen parameter correction
This patch adds support for wolfSSL in OpenVPN. Support is added by using
wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and
instead the OpenSSL includes point to wolfSSL headers and OpenVPN is linked
against the wolfSSL library. The wolfSSL installation directory is
My apologies. I didn't notice your reply Gert. I will submit an updated
patch.
Sincerely
Juliusz
On 17/03/2021 18:22, Gert Doering wrote:
Hi,
On Wed, Mar 17, 2021 at 06:13:04PM +0100, Arne Schwabe wrote:
I would consider this an ACK. @Gert do you want a new version with the
configure.ac
Hi Arne,
wolfSSL does not support Ed25519 certificates in the compatibility layer.
I added the EKM signaling locally. I can submit the patch with this
modification if you would like me to.
Sincerely
Juliusz
On 17/03/2021 18:13, Arne Schwabe wrote:
Am 12.03.21 um 16:12 schrieb Juliusz
Hi,
On Wed, Mar 17, 2021 at 06:13:04PM +0100, Arne Schwabe wrote:
> I would consider this an ACK. @Gert do you want a new version with the
> configure.ac fixed?
Since this is a real code change, I'd prefer to have an updated patch
with that change included.
gert
--
"If was one thing all
Am 12.03.21 um 16:12 schrieb Juliusz Sosinowicz:
> Hi Arne,
>
> I found that the connecting issue is that
> wolfSSL_CTX_set_min_proto_version will fail when the user (in this case
> OpenVPN) tries to set a protocol version that was not compiled in. I
> modified our configure.ac script when
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> This fixes the issue that if a client reconnects the next connection
> entries inherits the keepalive settings that were pushed or set by
> the previous entry. Since UDP+PULL entries have an implicit 120s
> timeout, this timeout also got applied
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> This unifies save/restoring options that might be changed by a push
> from the server. It also removes using the context_1 to store something
> that is not related to a SIGHUP lifetime.
>
> Patch v2: rebase on master.
>
> Signed-off-by: Arne
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> We currently delay restoring these options until we actually must
> restore them. Since there is no reason to do so apart from the very
> minor saving to not have to execute that code when a connection fails,
> move them it into the general
Hi all,
On 17/03/2021 17:04, Arne Schwabe wrote:
> When not using username and password (i.e. auth-user-pass) it can still make
> to provide the client with an auth-token, e.g. for allowing a session to
> continue after a reconnect without requiring 2FA again.
>
> However, without
When not using username and password (i.e. auth-user-pass) it can still make
to provide the client with an auth-token, e.g. for allowing a session to
continue after a reconnect without requiring 2FA again.
However, without --auth-user-pass openvpn does not have a username and will
ignore any
We currently delay restoring these options until we actually must
restore them. Since there is no reason to do so apart from the very
minor saving to not have to execute that code when a connection fails,
move them it into the general context_2 initialisation.
Patch V2: rebase on master.
This fixes the issue that if a client reconnects the next connection
entries inherits the keepalive settings that were pushed or set by
the previous entry. Since UDP+PULL entries have an implicit 120s
timeout, this timeout also got applied to a TCP session after an
UDP entry.
Patch v2: rebase on
This unifies save/restoring options that might be changed by a push
from the server. It also removes using the context_1 to store something
that is not related to a SIGHUP lifetime.
Patch v2: rebase on master.
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c| 36
Am 12.03.21 um 16:06 schrieb Juliusz Sosinowicz:
> In the EVP_DigestSignFinal API, "before the call the siglen parameter should
> contain the length of the sig buffer".
>
> Signed-off-by: Juliusz Sosinowicz
> ---
> src/openvpn/crypto_openssl.c | 4 +++-
> 1 file changed, 3 insertions(+), 1
This patch also refactors the if condition that checks the result of
the authentication since that has become quite unreadable. It renames
s1/s2 and extracts some parts of the condition into individual variables
to make the condition better understandle
Patch v2: add refactoring of the if
This structures the code a bit nicer and also prepares for deferred
scripts that needs their own set of files.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c| 4 +--
src/openvpn/ssl_common.h | 12 ++--
src/openvpn/ssl_verify.c | 63
Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on irc.freenode.net
Date: Wed 17th March 2021
Time: 11:30 CET (10:30 UTC)
Planned meeting topics for this meeting were here:
https://community.openvpn.net/openvpn/wiki/Topics-2021-03-17
Your local
Hi,
On Tue, Mar 16, 2021 at 11:26:18PM +, tincanteksup wrote:
> Or the server indicate an initial unrequested PUSH, technically
> this is not a PUSH_REPLY.
Since the message is called "PUSH_REPLY", this is what it is, technically
or otherwise. This is the same message and same code path
21 matches
Mail list logo