Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack. Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/op

2017-02-15 Thread Antonio Quartulli
On Wed, Feb 15, 2017 at 10:34:16PM +0100, Olivier W wrote: > Hello Steffan, > > 2017-02-14 23:00 GMT+01:00 Steffan Karger : > > > Code still looks good, patch looks a lot better (applies cleanly now), > > but could use an extra newline in the subject. But that doesn't warrant

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack. Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/op

2017-02-15 Thread Olivier W
Hello Steffan, 2017-02-14 23:00 GMT+01:00 Steffan Karger : > Code still looks good, patch looks a lot better (applies cleanly now), > but could use an extra newline in the subject. But that doesn't warrant > an extra patch iteration, so ACK. Great, thanks! Yes, I don't know

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack. Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/op

2017-02-14 Thread Steffan Karger
Hi, On 13-02-17 19:38, O2 Graphics wrote: > Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2 > > Signed-off-by: Olivier Wahrenberger > --- > src/openvpn/ssl_openssl.c | 14 +++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > diff --git

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-14 Thread Olivier W
Hey :-) 2017-02-14 21:00 GMT+01:00 Gert Doering : > Funny enough, I was already subscribed to that bug... :) :-) > I find it a bit weird that this not addressed upstream in git itself, > but is burdened on the operating system maintainers... but most likely, > I'm missing

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-14 Thread Gert Doering
Hi, On Tue, Feb 14, 2017 at 08:32:42PM +0100, Olivier W wrote: > So, finally I've been able to use "git-send-email" with TLS. The > problem was a patch used by FreeBSD. > > If there are any FreeBSD users on this list or for the curious, you > can find more information on FreeBSD's bugtracker: >

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-14 Thread Olivier W
Hello, So, finally I've been able to use "git-send-email" with TLS. The problem was a patch used by FreeBSD. If there are any FreeBSD users on this list or for the curious, you can find more information on FreeBSD's bugtracker: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214335#c10 Or if

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Olivier W
Hello Selva, 2017-02-13 22:34 GMT+01:00 Selva Nair : > On Debian jessie, the following .gitconfig works fo me. > > [sendemail] > smtpEncryption = tls > smtpServer = smtp.gmail.com > smtpUser = user.n...@gmail.com > smtpServerPort = 587

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Selva Nair
Hi, On Mon, Feb 13, 2017 at 3:55 PM, Olivier W wrote: > >> That's a not exactly helpful error message... :( - I tend to just turn > >> off SSL on stuff that goes to public mailing lists anyway if it causes > >> issues... > > > > OpenSSL errors requires quite some efforts

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Olivier W
Hello David, 2017-02-13 20:37 GMT+01:00 David Sommerseth : > > smtpsslcertpath needs to point at a CA certificate which issued the SMTP > server certificate. You can easily verify that things are correct by > grabbing the server certificate using openssl: > >

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread David Sommerseth
On 13/02/17 18:50, Gert Doering wrote: > Hi, > > On Mon, Feb 13, 2017 at 06:46:11PM +0100, Olivier W wrote: [...snip...] >> Now I'm fighting with git which doesn't want to use gmail's smtp >> server to send the email. My .gitconfigure file is similar to: >>

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Olivier W
Hey :-) 2017-02-13 18:50 GMT+01:00 Gert Doering : > That's a not exactly helpful error message... :( - I tend to just turn > off SSL on stuff that goes to public mailing lists anyway if it causes > issues... Thanks. I also tried without SSL, but then I had messages about git

[Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack. Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openss

2017-02-13 Thread O2 Graphics
Use SSL_CTX_get0_privatekey() for OpenSSL >= 1.0.2 Signed-off-by: Olivier Wahrenberger --- src/openvpn/ssl_openssl.c | 14 +++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Gert Doering
Hi, On Mon, Feb 13, 2017 at 06:46:11PM +0100, Olivier W wrote: > 2017-02-13 9:31 GMT+01:00 Gert Doering : > > Look at "git rebase --interactive", which will enable you to squash > > three commits into a single one. Then you can use "git commit --amend" > > to work on the

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Olivier W
Hello Gert, 2017-02-13 9:31 GMT+01:00 Gert Doering : > Look at "git rebase --interactive", which will enable you to squash > three commits into a single one. Then you can use "git commit --amend" > to work on the (combined) commit message until you're happy with it. Thanks

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-13 Thread Gert Doering
Hi, On Mon, Feb 13, 2017 at 12:02:45AM +0100, Olivier W wrote: > I'll be sending the patch with "git format-patch" + "git send-email" > as I have three commits and I'm not sure how to send a single patch > with only "git send-email" Look at "git rebase --interactive", which will enable you to

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-12 Thread Olivier W
Hello Steffan, 2017-02-10 22:20 GMT+01:00 Steffan Karger : > > The code change looks good to me, so ACK to that. Thanks! > The commit does need a better commit message though, and somewhere in > the process the newlines got mangled. I think the commit message of > your

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-10 Thread Steffan Karger
Hi, On 09-02-17 21:04, Olivier W wrote: > Hello, > Please find the new version of the patch. > > So, I added back the comment I had removed and new versions of OpenSSL > will use SSL_CTX_get0_privatekey() instead of SSL_new() + > SSL_get_privatekey() + SSL_free(). > > It successfully compile

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-09 Thread Olivier W
Hello, Please find the new version of the patch. So, I added back the comment I had removed and new versions of OpenSSL will use SSL_CTX_get0_privatekey() instead of SSL_new() + SSL_get_privatekey() + SSL_free(). It successfully compile with LibreSSL 2.4.5, 2.5.1 and OpenSSL 1.0.2k. I've also

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-09 Thread Olivier W
Hello, 2017-02-08 23:39 GMT+01:00 Steffan Karger : > > The code change looks good, and passes my (manual) tests. I'd like to > keep the comment though, because this still is a hack/workaround to get > the private key from the SSL_CTX object, it just does so a little nicer > at

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-08 Thread Arne Schwabe
Am 08.02.17 um 23:39 schrieb Steffan Karger: > Hi, > > On 06-02-17 20:18, Olivier W wrote: >> Should be compatible with all versions of OpenSSL and LibreSSL. >> Similar to what is done in curl: >>

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-08 Thread Steffan Karger
Hi, On 07-02-17 09:45, Илья Шипицин wrote: > I have a question (sorry if I couldn't check myself): did you check that > SSL_get_privatekey() and SSL_free() won't crash when ssl is NULL ? > > what if we involve clang static analyzer for such things ? can we count > on it ? > > it is

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-08 Thread Steffan Karger
Hi, On 06-02-17 20:18, Olivier W wrote: > Should be compatible with all versions of OpenSSL and LibreSSL. > Similar to what is done in curl: > https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619 > > Error while compiling was: >

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-07 Thread Olivier W
Hello, Good question. For the test, I looked how it was done in other parts of ssl_openssl.c, like around line 1518: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/ssl_openssl.c#L1518-L1522 and did the same. And as said by Gert, crypto_msg() solve it. I'm sorry, in my first message,

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-07 Thread Илья Шипицин
2017-02-07 9:14 GMT+05:00 Antonio Quartulli : > On Mon, Feb 06, 2017 at 08:18:01PM +0100, Olivier W wrote: > > Should be compatible with all versions of OpenSSL and LibreSSL. > > Similar to what is done in curl: > >

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-07 Thread Gert Doering
Hi, On Tue, Feb 07, 2017 at 12:14:51PM +0800, Antonio Quartulli wrote: > > +if (!ssl) > > +{ > > +crypto_msg(M_FATAL, "SSL_new failed"); > > +} > > +pkey = SSL_get_privatekey(ssl); > > +SSL_free(ssl); > > I have a question (sorry if I couldn't

Re: [Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-06 Thread Antonio Quartulli
On Mon, Feb 06, 2017 at 08:18:01PM +0100, Olivier W wrote: > Should be compatible with all versions of OpenSSL and LibreSSL. > Similar to what is done in curl: > https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619 > > Error while compiling was:

[Openvpn-devel] [PATCH] Fix building with LibreSSL 2.5.1 by cleaning a hack.

2017-02-06 Thread Olivier W
Should be compatible with all versions of OpenSSL and LibreSSL. Similar to what is done in curl: https://github.com/curl/curl/blob/028391df5d84d9fae3433afdee9261d565900355/lib/vtls/openssl.c#L603-L619 Error while compiling was: "ssl_openssl.c:512:30: error: no member named 'cert' in 'struct