This refactors the common code between mbed SSL and OpenSSL into
export_user_keying_material and also prepares the backend functions
to export more than one key.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 32 +++-
src/openvpn/ssl_backend.h | 14
This indirection is not very helpful in understanding the code
flow. Moving the check to process_coarse_timers and remove the
check function and rename the do_work function to the drop the do_work
as it does no longer serve a purpose
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 166
- Extract data packet handling to its own function
- Replace two instances of
if (x) { code }
with
if (!x) return; code
- Remove extra curly braces that were used for pre C99 code style
to be able to declare variables in the middle of a block
This patch is easier to
Move check into caller.
Remove two in function forward declarations that are not needed from
check_tls_errors.
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 27 ++-
src/openvpn/forward.h | 2 +-
2 files changed, 7 insertions(+), 22 deletions(-)
diff --git
This simplifies the code a bit and makes the code flow clearer as
it only adds three curly brackets in check_coarse_timers. Merging the
resulting check_coarse_timers_dowork function into the caller and
called function as with the other function does not make sense here
since it does more than
This another of the small wrapper function where the check is
better move into the calling function.
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 25 +
src/openvpn/forward.h | 2 +-
2 files changed, 6 insertions(+), 21 deletions(-)
diff --git
This moves the OpenVPN specific PRF into its own function also
simplifies the code a bit by passing tls_session directly instead of
5 of its fields.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 109 +-
1 file changed, 69 insertions(+), 40
The key state is virtually identical S_ACTIVE and we only did the state
state transition form S_ACTIVE to S_OP_NORMAL at the point where we
normally would have timed out the TLS negotiation. This is a very
useful to have and indeed we never that information.
Signed-off-by: Arne Schwabe
---
Rename the function to better capture its actual function.
Signed-off-by: Arne Schwabe
---
src/openvpn/ping.c | 6 +-
src/openvpn/ping.h | 13 +++--
2 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/src/openvpn/ping.c b/src/openvpn/ping.c
index 358d54b0..aa176fdb
Mostly C90 -> C99 cleanups and again immediately instead
wrapping function body into if.
(Review with ignore whitespace)
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 224 ++
1 file changed, 109 insertions(+), 115 deletions(-)
diff --git
This was only used in a check that is better suited in the calling
functions. This also removes passing the buf argument to
link_socket_connection_initiated that also does not use that
parameter at all.
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 4 ++--
src/openvpn/socket.c | 3
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index f10021f8..d20b345d 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -330,13 +330,10 @@
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 49 +++--
1 file changed, 30 insertions(+), 19 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index b7b7e32f..13738180 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@
This a number of patches that cleanup or refactor code in order
to improve either code quality or prepare other features. A few
patches that were necessary as prerequisite for NCP or client-connect
patches have been already extractracted from the refactoring and been
applied.
I id hold off
This move the timer check into process_coarse_timers and makes in line
with the other functions. The the pf.enabled check is also moved
process_coarse_timers to make it more clear this only is used if
pf is enabled at all.
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 6 +-
This avoids the error messages trying to open already used utuns.
Signed-off-by: Arne Schwabe
---
src/openvpn/tun.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index cc7b65cf..30454454 100644
--- a/src/openvpn/tun.c
+++
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 56 +--
1 file changed, 20 insertions(+), 36 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 2354a017..3bf0dcf8 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -831,10
Move the check that calls this function into the calling function.
Also eliminate the if (len) check in the
check_incoming_control_channel_dowork function as it is only called
if len is > 0 anyway and replace it with a ASSERT.
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c | 117
Acked-by: Gert Doering
Thanks, this is necessary (Changes.rst) and helpful (cipher-negotiation.rst).
I still think we might need a matrix in the wiki (because users of older
OpenVPN versions might not find the new man page). But this can be done
independently.
Fixed an extra B, reworded
Acked-by: Gert Doering
As discussed on IRC, I have rewritten parts of the commit
message to take the v3 changes and Richard's language comments
into account. I have also removed the whitespace change
hunks from multi.c that are not correct according to the
Whitespace Governor.
I can't claim
Acked-by: Gert Doering
"Trivially correct" (still tested, client side is enough to
excercise that code).
Unfortunately, the Whitespace Overlord required re-indentation
of the two lines of context, so I did that.
Your patch has been applied to the master branch.
commit
Acked-by: Gert Doering
(Why have local prototypes when the "real" prototype is just
a few lines further up in the same .h...?? And another
.._dowork() removal lurking :-) )
Basic client test.
Your patch has been applied to the master branch.
commit 76ea0859c5d0549f5d6193cbd5e43873e22d5906
Acked-by: Gert Doering
Haven't tested, but this looks a reasonable workaround for
"dummy.ko is not available on Travis, and t_net.sh will
always fail, without any informational value"
Your patch has been applied to the master branch.
commit feacd01c584898977c3450bf48d1ea5cbb9029f1
Author:
Acked-by: Gert Doering
This is a less trivial change than the previous patches, but
actually more important for future code maintenance in "master"
with patches backported to "release/2.5". Whacked on the server
testbed, whacked on the client, AND stared-at-code... :-)
(Something related but
Acked-by: Gert Doering
Straightforward. Client-side tested.
Your patch has been applied to the master branch.
commit cd88d947b100deb55bb8388fd2f1e95e0af4a658
Author: Arne Schwabe
Date: Mon Aug 10 16:37:01 2020 +0200
Eliminate check_tls wrapper function
Signed-off-by: Arne
Acked-by: Gert Doering
"What it says". Best viewed with -w due to indentation change.
Client side tested.
Your patch has been applied to the master branch.
commit eed645b34760955a060b8002dd69901cefefd0aa
Author: Arne Schwabe
Date: Mon Aug 10 16:37:00 2020 +0200
Eliminate
Acked-by: Gert Doering
I have no test rig for pf yet, but the change looks reasonable and
does not break client side testing.
Your patch has been applied to the master branch.
commit ce7ddaaf314553b6a4228f6bd4593b0a0a4badb4
Author: Arne Schwabe
Date: Mon Aug 10 16:36:57 2020 +0200
Acked-by: Gert Doering
"What the message says".
Passed the client-side test that excercises fragments.
Your patch has been applied to the master branch.
commit b7aebba25645e9e9c1359313fc35724f7e0e8529
Author: Arne Schwabe
Date: Mon Aug 10 16:36:59 2020 +0200
Eliminate check_fragment
Acked-by: Gert Doering
Stared-at-code and ran client side tests.
Your patch has been applied to the master branch.
commit 33773a02082e7602053938ce5d0af284214dabc4
Author: Arne Schwabe
Date: Mon Aug 10 16:36:53 2020 +0200
Clean up a number of leftover C89 initialisations in ssl.c
Not all travis instances are fit for running t_net.sh test due to
various configurations knob that we have no access to.
Prevent failures by not running t_net.sh on travis at all.
The t_net.sh is executed by other test rigs which we have more control
over.
The test is skipped by specifying
Acked-by: Gert Doering
Stared-at-code - best viewed with -w - and tested (udp, tcp, p2p).
Your patch has been applied to the master branch.
commit 60200b9e1a977c32e64907ed67406dd4208e8abf
Author: Arne Schwabe
Date: Mon Aug 10 16:36:55 2020 +0200
Remove buf argument from
Acked-by: Lev Stipakov
Lev ACKed the v1 of this patch, with the request to remove the
ASSERT() wrapping - v2 fixes this instead so it actually works, so
that should take the comment into account. I think the ASSERT()
is slightly overdoing things - this cannot fail, and having too
much "did it
Acked-by: Gert Doering
"Makes sense". Client side and (for completeness) server side tested.
Your patch has been applied to the master branch.
commit 42b39e987d55150b035c18c8b73c7ec08ef70d19
Author: Arne Schwabe
Date: Mon Aug 10 16:37:02 2020 +0200
Merge check_coarse_timers and
This adds a section in the man page that details the various behaviour
of older client/servers when using OpenVPN 2.5.
Patch V2: Include grammar/spelling fixes from
Richard Bonhomme
Signed-off-by: Arne Schwabe
---
Changes.rst | 23 +++
34 matches
Mail list logo