Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Steffan Karger
On 22-02-17 08:39, Gert Doering wrote: > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 From: "Simon (simix)" >>> >>> Do we have a policy how to handle patches with missing author info? >> >> I

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Antonio Quartulli
On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: > On 22-02-17 08:39, Gert Doering wrote: > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 2001 > From: "Simon (simix)" > >>> > >>> Do

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Илья Шипицин
2017-02-22 13:30 GMT+05:00 Steffan Karger : > On 22-02-17 08:39, Gert Doering wrote: > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00 > 2001 > From: "Simon (simix)" >

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread Antonio Quartulli
On Wed, Feb 22, 2017 at 02:07:06PM +0500, Илья Шипицин wrote: > 2017-02-22 13:30 GMT+05:00 Steffan Karger : > > > On 22-02-17 08:39, Gert Doering wrote: > > > On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: > > >From

Re: [Openvpn-devel] [PATCH] Fix segfault when using crypto lib without AES-256-CTR or SHA256

2017-02-22 Thread David Sommerseth
On 22/02/17 10:54, Antonio Quartulli wrote: > On Wed, Feb 22, 2017 at 09:30:39AM +0100, Steffan Karger wrote: >> On 22-02-17 08:39, Gert Doering wrote: >>> On Wed, Feb 22, 2017 at 02:21:35AM +0100, David Sommerseth wrote: >> >From d97f526a2ddbf2abe60a64260601ebd742fc00cc Mon Sep 17 00:00:00

Re: [Openvpn-devel] [RFC PATCH v1 09/15] OpenSSL: don't use direct access to the internal of X509_STORE_CTX

2017-02-22 Thread Christian Hesse
Steffan Karger on Tue, 2017/02/21 22:30: > ACK. Changes look good and tested against OpenSSL 0.9.8, 1.0.0, 1.0.1 > and 1.0.2. You answered to a patch in the middle of a series. Does this ACK apply to the complete series or just this patch? -- main(a){char*c=/*Schoene

Re: [Openvpn-devel] [RFC PATCH v1 09/15] OpenSSL: don't use direct access to the internal of X509_STORE_CTX

2017-02-22 Thread Steffan Karger
On 22 February 2017 at 15:47, Christian Hesse wrote: > Steffan Karger on Tue, 2017/02/21 22:30: >> ACK. Changes look good and tested against OpenSSL 0.9.8, 1.0.0, 1.0.1 >> and 1.0.2. > > You answered to a patch in the middle of a series. Does this ACK apply to

[Openvpn-devel] Should we use mbedTLS certificate profiles?

2017-02-22 Thread James Yonan
mbedTLS 2 has a new feature that allows rejection of certificates if the key size is too small or the signing hash is weak. The feature is controlled via struct mbedtls_x509_crt_profile. For example, you could specify that certificates must be at least 2048 bits and use a SHA-2 signing alg.

[Openvpn-devel] Summary of today's (Wed 22nd Oct 2017) community meeting

2017-02-22 Thread Samuli Seppänen
Hi, Here's the summary of today's IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 22nd Oct 2017 Time: 20:00 CET (19:00 UTC) Planned meeting topics for this meeting were here: The

Re: [Openvpn-devel] [RFC PATCH v1 02/15] OpenSSL: don't use direct access to the internal of X509_STORE

2017-02-22 Thread Steffan Karger
On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including X509_STORE. We have to use the defined functions > to do so. > > Compatibility with OpenSSL 1.0 is kept by defining

Re: [Openvpn-devel] [RFC PATCH v1 04/15] OpenSSL: don't use direct access to the internal of RSA_METHOD

2017-02-22 Thread Steffan Karger
Hi, On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including RSA_METHOD. We have to use the defined > functions to do so. > > Compatibility with OpenSSL 1.0 is kept by

[Openvpn-devel] [PATCH applied] Re: OpenSSL: don't use direct access to the internal of X509_STORE

2017-02-22 Thread Gert Doering
Your patch has been applied to the master and release/2.4 branch. commit f05665df4150c6a345eec5432a02fd799bea0f2c (master) commit 24bca7bee2ee5c48880a197ce9727bbc5a0149e5 (release/2.4) Author: Emmanuel Deloget Date: Fri Feb 17 23:00:41 2017 +0100 OpenSSL: don't use direct access to the

[Openvpn-devel] [PATCH applied] Re: OpenSSL: don't use direct access to the internal of SSL_CTX

2017-02-22 Thread Gert Doering
Your patch has been applied to the master and release/2.4 branch. commit 6554ac9fed9c5680f22aa4722e6e07ebf3aa3441 (master) commit b936ddfb631e3a4b219bd035f7110da5679b2d12 (release/2.4) Author: Emmanuel Deloget Date: Fri Feb 17 23:00:40 2017 +0100 OpenSSL: don't use direct access to the

[Openvpn-devel] [PATCH applied] Re: OpenSSL: don't use direct access to the internal of X509_OBJECT

2017-02-22 Thread Gert Doering
Your patch has been applied to the master and release/2.4 branch. commit 47191f49890ee5c53fa78a8ce9bf96b9c8d27a82 (master) commit d782597ede843266fd2c7854a6f90ec7ce4bb92b (release/2.4) Author: Emmanuel Deloget Date: Fri Feb 17 23:00:42 2017 +0100 OpenSSL: don't use direct access to the

Re: [Openvpn-devel] [RFC PATCH v1 01/15] OpenSSL: don't use direct access to the internal of SSL_CTX

2017-02-22 Thread Steffan Karger
On 17-02-17 23:00, log...@free.fr wrote: > From: Emmanuel Deloget > > OpenSSL 1.1 does not allow us to directly access the internal of > any data type, including SSL_CTX. We have to use the defined functions > to do so. > > Compatibility with OpenSSL 1.0 is kept by defining the