On 14 Oct 2016 9:14 p.m., "Matthias Andree" wrote:
>
> Am 14.10.2016 um 17:28 schrieb Samuli Seppänen:
> > Hi,
> >
> > Should we have a separate apt repository for "unstable" apt packages?
> > Right now our apt repositories hold 2.3.x packages, meaning that
> > upgrades
On 13-10-16 21:59, David Sommerseth wrote:
> This sets the flag if the OpenVPN server should create authentication
> tokens on-the-fly on successful --auth-user-pass-verify or --plugin with
> OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY processing.
>
> If an OpenVPN server is running without this
On 14/10/16 10:48, David Sommerseth wrote:
> Your patch has been applied to the master branch
>
> commit b891e57e1fe794483c08296e32c15751f2676a2d
> Author: David Sommerseth
> Date: Thu Oct 13 21:59:27 2016 +0200
>
> Move memcmp_constant_time() to crypto.h
>
> Signed-off-by: David
When --auth-gen-token is used a random token key is generated for
each client after a successful user/password authentication. This
token is expected to be returned in the password field on the
following authentications.
The token is 256 bits long and BASE64 encoded before it is stored.
v2 -
Hi David,
On 13-10-16 21:59, David Sommerseth wrote:
> This function is quite useful other places, so make it generally
> accessible.
>
> Signed-off-by: David Sommerseth
> ---
> src/openvpn/crypto.c | 18 --
> src/openvpn/crypto.h | 18 ++
>
Hi,
Patch looks good, but haven't tested yet. Will test he set as a whole.
Some minor remarks:
On 13-10-16 21:59, David Sommerseth wrote:
> When --auth-gen-token is used a random token key is generated for
> each client after a successful user/password authentication. This
> token is expected
binefI2zJVRFB.bin
Description: PGP/MIME version identification
encrypted.asc
Description: OpenPGP encrypted message
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
This sets the flag if the OpenVPN server should create authentication
tokens on-the-fly on successful --auth-user-pass-verify or --plugin with
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY processing.
If an OpenVPN server is running without this option, it should behave
as before. Next patches will
Hi,
On Thu, Oct 13, 2016 at 06:54:16PM +0200, Arne Schwabe wrote:
> Patch V5: Assume generic OS in tun.c is also IPv6 capable. Add changes to man
> page. Fix typos/change message as suggest by David.
Patch still looks reasonable. Since David tested Linux, I gave NetBSD 5.1
a run for the money
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ACK. This looks good now, testing looks fine on Linux (SL7.2 x86_64) too.
I've done some editorial changes to the commit message though, nothing changed
except adding and removing whitespaces and fixing a few typos (Ipv6 -> IPv6,
etc).
Your patch
On 13/10/16 21:59, David Sommerseth wrote:
> If --auth-gen-token has been enabled and a token has been generated,
> ensure this token is pushed to the client using the 'auth-token' option.
>
> Signed-off-by: David Sommerseth
> ---
> src/openvpn/misc.c | 5 +
>
Hi,
Should we have a separate apt repository for "unstable" apt packages?
Right now our apt repositories hold 2.3.x packages, meaning that
upgrades have historically been fairly minor.
That said, users who use _our_ apt repositories have expressed interest
in using something newer than what
Meh ... disregard this patch. Just noticed that the auth_token_sent
member in the struct tls_options sneaked into this patch during my git
rebasing.
I'll send the correct v2 patch (as v2.1 in the subject only)
--
kind regards,
David Sommerseth
On 14/10/16 12:18, David Sommerseth wrote:
>
When --auth-gen-token is used a random token key is generated for
each client after a successful user/password authentication. This
token is expected to be returned in the password field on the
following authentications.
The token is 256 bits long and BASE64 encoded before it is stored.
v2 -
binzYSpfSyiyE.bin
Description: PGP/MIME version identification
encrypted.asc
Description: OpenPGP encrypted message
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
Am 14.10.2016 um 17:28 schrieb Samuli Seppänen:
> Hi,
>
> Should we have a separate apt repository for "unstable" apt packages?
> Right now our apt repositories hold 2.3.x packages, meaning that
> upgrades have historically been fairly minor.
>
> That said, users who use _our_ apt repositories
On 14/10/16 15:30, Steffan Karger wrote:
>
>
> On 13-10-16 21:59, David Sommerseth wrote:
>> If --auth-gen-token has been enabled and a token has been generated,
>> ensure this token is pushed to the client using the 'auth-token' option.
>>
>> Signed-off-by: David Sommerseth
If --auth-gen-token has been enabled and a token has been generated,
ensure this token is pushed to the client using the 'auth-token' option.
This patch will also remove the logging of auth-token values being
pushed, unless --verb level is 7 or higher.
v2 - Don't exceed 80 chars line length
18 matches
Mail list logo