[Openvpn-devel] consider exe_path optional ?

2018-01-18 Thread Илья Шипицин
Hello, changes https://github.com/OpenVPN/openvpn-gui/pull/197 actually make openvpn-gui less dependent on registry we sometimes see similar issue with interactive service: openvpnserv error: Не удается найти указанный файл. (0x2) Error querying registry value: HKLM\SOFTWARE\OpenVPN\exe_path (

[Openvpn-devel] Summary of the community meeting (Wed, 17th Jan 2018)

2018-01-18 Thread Samuli Seppänen
Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 17th Jan 2018 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: The next mee

Re: [Openvpn-devel] [PATCH 2/3] Allow external EC key through --management-external-key

2018-01-18 Thread Selva Nair
Hi On Wed, Jan 17, 2018 at 3:53 AM, Steffan Karger wrote: > Hi, > > On 17-01-18 05:24, Selva Nair wrote: > > Also I'm toying with the idea of renaming ecdsa-sig/ECDSA-SIGN by > > pkey-sig/PKEY-SIGN so that eventually we may be able to use it for > > all types of keys and retire rsa-sig. Any thou

Re: [Openvpn-devel] consider exe_path optional ?

2018-01-18 Thread Selva Nair
On Thu, Jan 18, 2018 at 3:49 AM, Илья Шипицин wrote: > Hello, > > changes https://github.com/OpenVPN/openvpn-gui/pull/197 actually make > openvpn-gui less dependent on registry > > > we sometimes see similar issue with interactive service: > > openvpnserv error: Не удается найти указанный файл. (

[Openvpn-devel] [PATCH v2 2/3] Allow external EC key through --management-external-key

2018-01-18 Thread selva . nair
From: Selva Nair - This automatically supports EC certificates through --management-external-cert - EC signature request from management has the same format as for rsa with '>RSA_SIGN' replaced by '>PK_SIGN'. Response should be of the form 'pk-sig' followed by DER encoded signature as bas

[Openvpn-devel] [PATCH v2 3/3] Document management request >PK_SIGN and response pk-sig

2018-01-18 Thread selva . nair
From: Selva Nair v2: Commands renamed to >PK_SIGN and pk-sig Signed-off-by: Selva Nair --- Well, the previous version has been acked, but obviously that patch is obsolete now. doc/management-notes.txt | 37 + 1 file changed, 37 insertions(+) diff --git a/

Re: [Openvpn-devel] consider exe_path optional ?

2018-01-18 Thread Илья Шипицин
2018-01-18 22:11 GMT+05:00 Selva Nair : > > On Thu, Jan 18, 2018 at 3:49 AM, Илья Шипицин > wrote: > >> Hello, >> >> changes https://github.com/OpenVPN/openvpn-gui/pull/197 actually make >> openvpn-gui less dependent on registry >> >> >> we sometimes see similar issue with interactive service: >>

Re: [Openvpn-devel] consider exe_path optional ?

2018-01-18 Thread Илья Шипицин
what if we determine GetModuleFileNameW of openvpnserv.exe ... and consider it as a "trusted" (instead of taking installation path from registry)? if windows service is running, it means it was installed with trusted way (which is relatively hard to break) 2018-01-18 22:11 GMT+05:00 Selva Nair :

Re: [Openvpn-devel] consider exe_path optional ?

2018-01-18 Thread Selva Nair
Hi, > > > I do not think that speciying a path is somewhat related to security (for > example, I can put a malware named "openvpn.exe" in that path). It is indeed a security measure. You cannot put a malware in that path unless you are admin or an admin sets HKLM\Software\OpenVPN's default value