Re: [Openvpn-devel] [PATCH] cert_data: fix memory leak

On Mon, Apr 20, 2015 at 16:30 +0200, Yegor Yefremov wrote: > Release pCertName, if SecCertificateCopyValues() fails. > > Found via cppcheck. > > Signed-off-by: Yegor Yefremov <yegorsli...@googlemail.com> > Cc: Vasily Kulikov <seg...@openwall.com> Acked-by: Vasil

Re: [Openvpn-devel] [PATCH v4] Mac OS X Keychain management client

Hi, On Mon, Mar 30, 2015 at 10:26 +0300, Samuli Seppänen wrote: > > On Fri, Mar 06, 2015 at 17:29 +0300, Vasily Kulikov wrote: > >> On Fri, Feb 27, 2015 at 20:34 +0100, Gert Doering wrote: > >>> Mmmh. Actually we don't usually do Makefile changes, as this is always &

Re: [Openvpn-devel] [PATCH v4] Mac OS X Keychain management client

Hi, On Fri, Mar 06, 2015 at 17:29 +0300, Vasily Kulikov wrote: > On Fri, Feb 27, 2015 at 20:34 +0100, Gert Doering wrote: > > Mmmh. Actually we don't usually do Makefile changes, as this is always > > generated by configure for us - so normally, it is good to have it in

Re: [Openvpn-devel] [PATCH v4] Mac OS X Keychain management client

Hi Gert, On Fri, Feb 27, 2015 at 19:28 +0100, Gert Doering wrote: > On Wed, Feb 25, 2015 at 07:07:18PM +0300, Vasily Kulikov wrote: > > The patch is against commit 3341a98c2852d1d0c1eafdc70a3bdb218ec29049. > > > > v4: > > - added '--management-external-cert' argum

[Openvpn-devel] [PATCH v4] Mac OS X Keychain management client

d-off-by: Vasily Kulikov <seg...@openwall.com> -- diff --git a/.gitignore b/.gitignore index 538c020..f504ddb 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,6 @@ Debug Win32-Output .deps .libs -Makefile Makefile.in aclocal.m4 autodefs.h diff --git a/contrib/keychain-mcd/Makefile b/contrib/k

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

On Mon, Feb 23, 2015 at 12:55 +, David Woodhouse wrote: > On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote: > > > > Am 23.02.15 um 09:04 schrieb Vasily Kulikov: > > > management-external-cert 'macosx-keychain:SUBJECT:c=US' > > > > > > With th

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

SIGN or NEEDS-CERTIFICATE if it > contains characters that are used as delimiters.) IMNSHO don't change rsa-sign at all and have no API breakage. -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

Hi, On Sun, Feb 15, 2015 at 23:01 +0100, Gert Doering wrote: > Hi, > > On Sun, Feb 15, 2015 at 10:05:07PM +0100, Arne Schwabe wrote: > > Am 24.01.15 um 18:04 schrieb Vasily Kulikov: > [..] > > > OpenVPN itself gets new 'NEED-CERTIFICATE" command which is called

Re: [Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

ge right away :-) Thank you for the review, I'll send the patch during the weekends. -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments

[Openvpn-devel] [PATCH v3] Mac OS X Keychain management client

ssage/33125844/): - used RSA_METHOD to extend openvpn itself - used autoconf and automake scripts - used newer Mac OS X API - improved crypto API errors checking Brian Raderman's version: http://thread.gmane.org/gmane.network.openvpn.devel/3631 Signed-off-by: Vasily Kulikov <seg...@openwall.com&

Re: [Openvpn-devel] [PATCHv2] Mac OS X Keychain management client

On Mon, Jan 12, 2015 at 13:54 +0100, Arne Schwabe wrote: > > Am 12.01.15 12:45, schrieb David Woodhouse: > > On Mon, 2015-01-12 at 11:51 +0300, Vasily Kulikov wrote: > >> This patch adds support for using certificates stored in the Mac OSX > >> Keychain to authen

[Openvpn-devel] [PATCHv2] Mac OS X Keychain management client

: http://thread.gmane.org/gmane.network.openvpn.devel/9320 Signed-off-by: Vasily Kulikov <seg...@openwall.com> --- diff --git a/.gitignore b/.gitignore index 538c020..f504ddb 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,6 @@ Debug Win32-Output .deps .libs -Makefile Makef

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

and the external daemon. On > the rsa-sign request, Tunnelblick would just connect to the external > daemon ask that daemon to process the rsa-sign request. Right. I was talking more about breaking current state of affairs rather than completely incompatible changes that cannot be fixed on the Tunnelblick side. -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

Hi, On Fri, Dec 12, 2014 at 19:24 +0100, Arne Schwabe wrote: > > On Mon, Dec 08, 2014 at 14:52 +0300, Vasily Kulikov wrote: > >> This patch adds support for using certificates stored in the Mac OSX > >> Keychain to authenticate with the OpenVPN server. This works with

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

Hi Arne, On Fri, Dec 12, 2014 at 19:24 +0100, Arne Schwabe wrote: > Am 12.12.14 17:52, schrieb Vasily Kulikov: > > Any comments? > > > None yet. The patch is very large and our time is unfortenately limited. > And the number of people how do crypto and Mac OS is even smal

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

Hi, On Mon, Dec 08, 2014 at 14:52 +0300, Vasily Kulikov wrote: > This patch adds support for using certificates stored in the Mac OSX > Keychain to authenticate with the OpenVPN server. This works with > certificates stored on the computer as well as certificates on hardware

[Openvpn-devel] [PATCH] Add Mac OS X keychain support

() and similar. However, they are used in other OpenVPN code, so I decided not to touch it. The patch is against commit 3341a98c2852d1d0c1eafdc70a3bdb218ec29049. Signed-off-by: Vasily Kulikov <seg...@openwall.com> -- diff --git a/configure.ac b/configure.ac index 608ab6d..127e173