Re: [Openvpn-devel] Community meeting tomorrow

Il 13/11/18 22:36, sam...@openvpn.net ha scritto: > > As planned last week we'll have a community meeting tomorrow at the usual > time. I'll setup the topic page tomorrow morning unless somebody does it > first. One of the main topics is undoubtedly the openvpn 2.5 release. > > Samuli > _

Re: [Openvpn-devel] [PATCH] tls-crypt-v2: clarify --tls-crypt-v2-genkey man page section

Hi, On 31/10/2018 20:22, Steffan Karger wrote: > As kitsune1 mentioned in IRC, this section should explain that > "--tls-crypt-v2-genkey client" requires the user to supply the server > key using "--tls-crypt-v2". > > Signed-off-by: Steffan Karger Makes sense and, after listening to some people

Re: [Openvpn-devel] [PATCH] tls-crypt-v2: fix client reconnect bug

Hi, On 31/10/2018 23:07, Steffan Karger wrote: > As reported by tincantech on the openvpn-devel IRC channel, a tls-crypt-v2 > client could be caused to trigger an assert in tls_crypt_wrap() because the > client key might not be correctly initialized after a reconnect attempt. > > This was caused

[Openvpn-devel] Summary of the community meeting (Wed, 14th Nov 2018)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 14th November 2018 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: The ne

Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

>> For TLS 1.0 to 1.2 and OpenSSL 1.1.0 calls us and requires a PKCS1 >> padded response. As TLS 1.3 mandates RSA-PSS padding support and also >> requires an TLS 1.3 implementation to support RSA-PSS for older TLS >> version, OpenSSL will query us to sign an already RSA-PSS padded >> string. >> >>

[Openvpn-devel] Fwd: [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

Somehow this didn't get copied to the list -- Forwarded message - From: Selva Nair Date: Wed, Nov 14, 2018 at 11:06 AM Subject: Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key To: Arne Schwabe Hi, On Wed, Nov 14, 2018 at 10

Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

Hi, A thought: why not split this patch into two: (i) extend PK_SIGN to optionally signal ALG (signalled only if client_version > 2). Include all the changes to rsa_priv_enc() etc to to handle PSS sign requests from OpenSSL 1.1.1. If client version is <= 2 continue to use PK_SIGN as before provi

Re: [Openvpn-devel] [PATCH v5 2/2] Add support for OpenSSL TLS 1.3 when using management-external-key

>> Unless I overlooked something, I don't see any situation in which we ask >> for an unsupported signature. > > Consider this: > (i) config has --management-external-key nopadding but client announces > version > 2. We will not error out but send the signature request as > PK_SIGN > without th