Hi, Here's the summary of the previous IRC meeting / sprint.
Next meeting will be on Wednesday 3rd August at 17:00 UTC. In that meeting we continue reviewing the remaining verification functions. --- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday, 28th July 2011 Time: 17:00 UTC Planned meeting topics for this meeting were on this page: <https://community.openvpn.net/openvpn/wiki/Topics-2011-07-28> Next meeting will be announced in advance, but will be on the same weekday and at the same time. Your local meeting time is easy to check from services such as <http://www.timeanddate.com/world clock> or with $ date -u SUMMARY andj, jamesyonan and mattock participated in this meeting. -- This meeting was sprint, where Adriaan's (andj's) PolarSSL patches were reviewed, fixed and ACKed on the fly. The sprint focused on the "Verification functions" patchset. <https://community.openvpn.net/openvpn/wiki/PolarSSLintegration?version=14#Verificationfunctions> The above page also shows the ACK status of patches after the meeting ended. The ACK status before the meeting is visible on version 6 of the same page. If you have any comments regarding any of the patches, please chime in. If there are no complaints, the ACKed patches will be merged to main Git repository soon. --- Full chatlog as an attachment -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock
dazo 28/07/2011 20:04:07 mattock: I won't be able to join today (as announced earlier), but for general reviews, we should seriously look at Gerrit ... http://code.google.com/p/gerrit/ ... it changes our workflow slightly, but for reviewing purpose, it seems to simplify that process vpnhelper 28/07/2011 20:04:08 Title: gerrit - Gerrit Code Review - Google Project Hosting (at code.google.com) mattock 28/07/2011 20:04:27 james should be coming very soon 28/07/2011 20:04:37 dazo: ok, no problem 28/07/2011 20:04:53 let's take a good look at gerrit and maybe take it for a spin 28/07/2011 20:05:04 dazo heads out now 19:46 andj waves 19:46 andj 28/07/2011 20:14:25 hmm, could you send him a poke e-mail? mattock 28/07/2011 20:14:41 I poked him already, but I'll try again with "poky" subject line hmm, I think he was confused about the time 28/07/2011 20:15:50 he mailed me "I can attend" a few minutes ago 28/07/2011 20:16:02 jamesyonan 28/07/2011 20:17:06 hi andj 28/07/2011 20:17:10 hi mattock 28/07/2011 20:17:34 hi jamesyonan! oh, we actually don't have topic page, I'll make one as we go 28/07/2011 20:17:52 andj 28/07/2011 20:18:07 I've prepared a few diffs of diffs, and we have this one: https://community.openvpn.net/openvpn/wiki/PolarSSLintegration 28/07/2011 20:18:08 vpnhelper 28/07/2011 20:18:08 Title: PolarSSLintegration â OpenVPN Community (at community.openvpn.net) andj 28/07/2011 20:19:07 jamesyonan: I have a question about CRL verification. It looks like the CRL verification code doesn't work with chained CRLs So if you have CA->intCA->client 28/07/2011 20:19:53 and intCA is revoked 28/07/2011 20:19:57 It won't get detected 28/07/2011 20:20:02 jamesyonan 28/07/2011 20:20:33 yeah, I didn't write the current CRL code in ssl.c andj 28/07/2011 20:20:50 I know how to fix it in Polar, not quite sure about OpenSSL anyway, we'll hopefully meet that code somewhere later this evening 28/07/2011 20:21:11 mattock 28/07/2011 20:21:18 patch status for today is here: https://community.openvpn.net/openvpn/wiki/PolarSSLintegration#Verificationfunctions vpnhelper 28/07/2011 20:21:21 Title: PolarSSLintegration â OpenVPN Community (at community.openvpn.net) jamesyonan 28/07/2011 20:21:23 it would be better to add the CRLs for each level of the cert chain to the SSL context object andj 28/07/2011 20:21:35 and let OpenSSL do it itself? jamesyonan 28/07/2011 20:21:39 yeah andj 28/07/2011 20:22:07 Might be a good feature to add after the patches get through shouldn't be too hard 28/07/2011 20:22:12 Today's first patch is https://github.com/andj/openvpn-ssl-refactoring/commit/bbe117b0217180718f9d84ed21c149b0d0f035ad 28/07/2011 20:22:17 vpnhelper 28/07/2011 20:22:18 Title: Commit bbe117b0217180718f9d84ed21c149b0d0f035ad to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 20:22:43 I've taken a diff of the additions and subtractions, and placed it here: https://gist.github.com/1111954 vpnhelper 28/07/2011 20:22:44 Title: andj's gist: 1111954 Gist (at gist.github.com) mattock 28/07/2011 20:23:20 topic page: https://community.openvpn.net/openvpn/wiki/Topics-2011-07-28 vpnhelper 28/07/2011 20:23:23 Title: Topics-2011-07-28 â OpenVPN Community (at community.openvpn.net) andj 28/07/2011 20:24:29 that second diff shows nicely that no significant changes were made does that look ok? 28/07/2011 20:26:26 jamesyonan 28/07/2011 20:28:49 what's happening with if (ks->authenticated && multi->locked_cert_hash_set) ? i.e. ks->authenticated removed from conditional? 28/07/2011 20:29:04 andj 28/07/2011 20:29:10 The whole function only runs when ks->authenticated jamesyonan 28/07/2011 20:29:20 ok andj 28/07/2011 20:29:44 "verify_final_auth_checks" only gest called when ks->authenticated is set next patch? 28/07/2011 20:30:15 mattock 28/07/2011 20:30:50 jamesyonan: ACK? andj: I finally managed to wrap my head around your diff script 28/07/2011 20:31:27 pretty neat 28/07/2011 20:31:31 and simple 28/07/2011 20:31:35 andj 28/07/2011 20:31:48 It's just a diff of the additions and removals It works great for code that hasn't changed order 28/07/2011 20:32:05 which isn't all of the code unfortunately 28/07/2011 20:32:16 But we'll take those bits on a case by case basis 28/07/2011 20:32:26 mattock 28/07/2011 20:32:28 even so, if it covers _most_ that's good jamesyonan 28/07/2011 20:32:34 yes, ACK mattock 28/07/2011 20:32:37 nice! andj 28/07/2011 20:33:13 https://github.com/andj/openvpn-ssl-refactoring/commit/4254b8152e94fdd46015505157a81a3033700202 and https://gist.github.com/1111955 for the diff of diffs vpnhelper 28/07/2011 20:33:15 Title: Commit 4254b8152e94fdd46015505157a81a3033700202 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 20:33:17 is the next set then Note that tls_set_common_name is unused 28/07/2011 20:33:36 and disappears altogether in a later patch 28/07/2011 20:33:48 ks->authenticated is the same story as for the last patch 28/07/2011 20:34:22 mattock 28/07/2011 20:34:38 andj: when are these pastes set to expire? andj 28/07/2011 20:34:46 never I think mattock 28/07/2011 20:34:59 ok, I'll add the to notes section andj 28/07/2011 20:35:02 the default anyway there's a link at the bottom of every diff 28/07/2011 20:35:09 on github 28/07/2011 20:35:16 mattock 28/07/2011 20:35:16 ah ok 28/07/2011 20:35:18 jamx 28/07/2011 20:37:27 andj: you can manually set syntax highlighting for those gists to "diff", for some basic syntax coloring andj 28/07/2011 20:38:06 nice, thanks done 28/07/2011 20:38:06 28/07/2011 20:38:07 jamesyonan 28/07/2011 20:40:11 since you're testing for ks->authenticated once before these calls are made, have you confirmed that all of the places in the code that might change ks->authenticated run before the test occurs? andj 28/07/2011 20:42:10 You mean within verify_final_auth_checks? The other two functions in there are independent checks, which should run ok 28/07/2011 20:43:38 jamesyonan 28/07/2011 20:43:45 well in the current organization of ssl.c, ks->authenticated can be potentially set in multiple places andj 28/07/2011 20:43:55 the ordering there hasn't changed The functions have basically just been extracted out of their current location and placed in ssl_verify, but they're called at the same time 28/07/2011 20:44:38 jamesyonan 28/07/2011 20:44:57 the reason why those conditionals that use ks->authenticated are repeated so much is to make sure that the value hasn't changed so we would need to be sure that no function that's potentially callable from inside verify_final_auth_checks could modify ks->authenticated 28/07/2011 20:45:51 andj 28/07/2011 20:46:22 They are actually modified, so I see what you mean But it doesn't hurt the situation, it's just an extra check that gets performed 28/07/2011 20:46:44 https://github.com/andj/openvpn-ssl-refactoring/blob/master/ssl_verify.c#L1170 28/07/2011 20:48:13 jamesyonan 28/07/2011 20:48:14 wouldn't it be safer to put the ks->authenticated back into the if expressions andj 28/07/2011 20:48:16 contains the final version vpnhelper 28/07/2011 20:48:26 Title: ssl_verify.c at master from andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 20:48:33 as you can see, there's three checks in there locked_cn 28/07/2011 20:48:39 cert_hash 28/07/2011 20:48:44 and client_config_dir_exclusive 28/07/2011 20:48:55 For the checks to pass/fail, the value of ks->authenticated doesn't matter 28/07/2011 20:49:17 all adding it would do is to fail more quickly 28/07/2011 20:49:39 It's possible, but it doesn't hurt performance 28/07/2011 20:49:54 But I'm willing to add the checks back in 28/07/2011 20:50:03 jamesyonan 28/07/2011 20:50:29 yes, I think we should add them back andj 28/07/2011 20:50:37 Ok, patch incoming other than that, ok? 28/07/2011 20:50:46 jamesyonan 28/07/2011 20:50:51 yes andj 28/07/2011 20:51:12 The next one is a doozy https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c 28/07/2011 20:51:13 vpnhelper 28/07/2011 20:51:17 Title: Commit ba69026d92958de3dbee6410c016d5b5cff01d6c to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 20:51:23 https://gist.github.com/1111925 vpnhelper 28/07/2011 20:51:25 Title: andj's gist: 1111925 Gist (at gist.github.com) jamesyonan 28/07/2011 20:53:54 do you have a diff that shows just non-whitespace changes? andj 28/07/2011 20:54:42 https://github.com/andj/openvpn-ssl-refactoring/commit/5c0202f2be6a28b049d878b6b55019b8b1cfa5dc vpnhelper 28/07/2011 20:54:43 Title: Commit 5c0202f2be6a28b049d878b6b55019b8b1cfa5dc to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 20:54:49 Patch for the last issue with the authenticated stuff 28/07/2011 20:54:55 jamesyonan: I'll see what I can do 28/07/2011 20:55:22 jamesyonan: got rid of whitespace, just reload https://gist.github.com/1111925 28/07/2011 20:57:35 vpnhelper 28/07/2011 20:57:38 Title: andj's gist: 1111925 Gist (at gist.github.com) mattock 28/07/2011 21:00:21 topic page once again up-to-date s/topic/patch/1 28/07/2011 21:00:45 andj 28/07/2011 21:01:23 nice jamesyonan 28/07/2011 21:03:20 what is with the changes to verify_user_pass (or are those just diff artifacts)? andj 28/07/2011 21:05:39 Which ones? ah, right those 28/07/2011 21:06:02 It gets factored out to a separate function 28/07/2011 21:08:51 see https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c#L0L3103 28/07/2011 21:09:16 vpnhelper 28/07/2011 21:09:18 Title: Commit ba69026d92958de3dbee6410c016d5b5cff01d6c to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 21:10:01 So what you're seeing is a bit of diff artifact, it's actually a few separate small blocks +static inline bool verify_user_pass_enabled(struct tls_session *session)+{+ return (session->opt->auth_user_pass_verify_script+ || plugin_defined (session->opt->plugins, OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY)+ || management_enable_def_auth (management));+} 28/07/2011 21:10:17 that doesn't paste well, sorry 28/07/2011 21:10:25 mattock 28/07/2011 21:15:35 jamesyonan: what do you think? jamesyonan 28/07/2011 21:19:08 why is it refactored? andj 28/07/2011 21:19:32 what? the function? 28/07/2011 21:19:37 because the verify_user_pass function was rather large, with a lot of intertwined options 28/07/2011 21:21:32 this way, it's split off from key_method_2_read, making that code clearer, and at the same time putting the verification functions in a separate module from the control channel negotiation stuff 28/07/2011 21:22:50 jamesyonan 28/07/2011 21:23:35 do you have a diff that makes it more clear what's going on in the refactoring? andj 28/07/2011 21:23:57 which part of the refactoring do you want to look at? https://gist.github.com/1111925 shows that codewise, not much changes here 28/07/2011 21:24:21 vpnhelper 28/07/2011 21:24:22 Title: andj's gist: 1111925 Gist (at gist.github.com) andj 28/07/2011 21:24:29 just movement of functions jamesyonan 28/07/2011 21:24:37 I'm just looking for some sort of verification that the refactoring doesn't change any functionality andj 28/07/2011 21:24:50 then there 's the section you asked about The "if (session->opt->auth_user_pass_verify_script..." 28/07/2011 21:25:20 part 28/07/2011 21:25:20 there's not much changed there 28/07/2011 21:25:39 but the area to look at is at https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c#L0L3054 28/07/2011 21:25:48 vpnhelper 28/07/2011 21:25:48 Title: Commit ba69026d92958de3dbee6410c016d5b5cff01d6c to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 21:26:22 What happens there is that the code from key_method_2_read moves to verify_user_pass Which is defined at https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c#L3R654 28/07/2011 21:27:11 vpnhelper 28/07/2011 21:27:16 Title: Commit ba69026d92958de3dbee6410c016d5b5cff01d6c to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 21:27:52 comparing those two bits of code starts in https://gist.github.com/1111925 at line 259 28/07/2011 21:28:18 vpnhelper 28/07/2011 21:28:19 Title: andj's gist: 1111925 Gist (at gist.github.com) andj 28/07/2011 21:28:51 as you can see, a few variables go unused but not much else changes There's not much else that I can show... 28/07/2011 21:30:05 + int s1 = OPENVPN_PLUGIN_FUNC_SUCCESS; 28/07/2011 21:30:53 - int s1 = OPENVPN_PLUGIN_FUNC_SUCCESS; 28/07/2011 21:30:53 oops 28/07/2011 21:31:01 https://gist.github.com/1111925 shows the only real differences, and they can all be explained 28/07/2011 21:32:25 which I'm more than willing to do of course 28/07/2011 21:32:37 vpnhelper 28/07/2011 21:32:41 Title: andj's gist: 1111925 Gist (at gist.github.com) andj 28/07/2011 21:34:37 Is there any area you need an clarification on? jamesyonan 28/07/2011 21:35:46 I'm concerned a bit about breaking up the function andj 28/07/2011 21:36:38 which one? key_method_2_read? It was really long earlier, making it quite difficult to read/modify 28/07/2011 21:37:07 jamesyonan 28/07/2011 21:37:11 because there are many different ways that external modules can drive the auth system -- scripts, plugins, management interface, etc. andj 28/07/2011 21:37:28 exactly, they're now more clearly defined jamesyonan 28/07/2011 21:38:14 sure -- I think it's great that you clarified it, but we need some testing to confirm that each mode works as it did before andj 28/07/2011 21:38:35 sure, in which case can we ACK it with tests for the different modes? mattock 28/07/2011 21:38:41 jamesyonan: what tests should be done? andj: +1 28/07/2011 21:38:43 andj 28/07/2011 21:39:07 I'm pretty confident about the code, and the diff reinforces that but I understand your concern. 28/07/2011 21:39:29 krzee 28/07/2011 21:39:46 and maybe those sorts of tests can be done by the master of puppets andj 28/07/2011 21:39:47 How about we ack it, with a note that we should focus alpha testing on that area? mattock 28/07/2011 21:40:05 krzee: I doubt it krzee 28/07/2011 21:40:32 ahh, figured if they could it would be great one day when 3.0 moves beyond planning mattock 28/07/2011 21:41:08 andj: makes sense, unless there's some easy set of tests we could do now jamesyonan 28/07/2011 21:41:11 this functionality is so central to the security of OpenVPN that we need to do some testing here andj 28/07/2011 21:41:53 agreed, but the clarification to this code is also very important to security there was a (non-security) bug in related code just a few weeks ago, because it was tough to read 28/07/2011 21:42:14 In fact, that bug is findable in the next patch 28/07/2011 21:42:48 jamesyonan 28/07/2011 21:42:49 agreed that clarification is important to security andj 28/07/2011 21:42:58 or the fix for it ok, so how shall we approach the user/pass verification matter? 28/07/2011 21:43:18 jamesyonan 28/07/2011 21:43:37 but I would ask, how do you guarantee that refactoring doesn't change functionality? andj 28/07/2011 21:43:52 By looking at the diff of diffs, and testing jamesyonan 28/07/2011 21:43:59 in many cases, the diffs are trivial enough that you can be reasonably sure by just looking at the diff andj 28/07/2011 21:44:17 I'm performing a lot of tests on these patches here and at work 28/07/2011 21:44:18 jamesyonan 28/07/2011 21:44:28 but in the cases where the diffs are more complex, I think we need testing that touches each of the possible auth modes andj 28/07/2011 21:44:32 but I need feedback from you guys too... The only way to get that done is by including the patch in the next alpha, and making sure it gets covered thoroughly 28/07/2011 21:45:10 jamesyonan 28/07/2011 21:45:10 so that means a test case for auth driven by scripts, plugins, management interface, etc. andj 28/07/2011 21:45:56 so, status = ACK, needs testing? and we move on to the next patch? 28/07/2011 21:46:09 jamesyonan 28/07/2011 21:46:10 yes, agreed mattock 28/07/2011 21:46:17 I would say so, and add a Trac ticket "do testing in these areas" next patch 28/07/2011 21:46:21 andj 28/07/2011 21:46:31 phew, I promise that was the nastiest patch in the lot https://github.com/andj/openvpn-ssl-refactoring/commit/71e27b1e282bf8e10724b69fe4cbeac65dee325b 28/07/2011 21:46:31 vpnhelper 28/07/2011 21:46:33 Title: Commit 71e27b1e282bf8e10724b69fe4cbeac65dee325b to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 21:46:36 https://gist.github.com/1111937 vpnhelper 28/07/2011 21:46:37 Title: andj's gist: 1111937 Gist (at gist.github.com) andj 28/07/2011 21:46:42 The gist looks difficult but please look at the first comment 28/07/2011 21:46:56 If I pull it through another check 28/07/2011 21:47:12 only the extra error remains 28/07/2011 21:47:40 So the extract_x509_field_ssl remains the same 28/07/2011 21:48:03 jamesyonan 28/07/2011 21:48:39 so what are the meaningful changes here? andj 28/07/2011 21:48:51 yes, the bug fix I was talking about sec, making another diff 28/07/2011 21:48:52 https://gist.github.com/1111937#file_second.diff 28/07/2011 21:51:08 vpnhelper 28/07/2011 21:51:09 Title: andj's gist: 1111937 Gist (at gist.github.com) andj 28/07/2011 21:51:10 that is more meaningful note that x509_extension is now merged 28/07/2011 21:51:29 fixing the bug on the mailing list the other day 28/07/2011 21:51:52 is that worthy of an ack? 28/07/2011 21:52:19 vpnhelper 28/07/2011 21:53:23 RSS Update - tickets: #150: Verify that PolarSSL refactoring has not affected authentication functions <https://community.openvpn.net/openvpn/ticket/150> andj 28/07/2011 21:53:32 nive nice even 28/07/2011 21:53:34 mattock 28/07/2011 21:53:53 here's the ticket for the earlier patch: https://community.openvpn.net/openvpn/ticket/150 vpnhelper 28/07/2011 21:53:55 Title: #150 (Verify that PolarSSL refactoring has not affected authentication functions) â OpenVPN Community (at community.openvpn.net) jamesyonan 28/07/2011 21:54:03 sure, this is reasonable andj 28/07/2011 21:54:16 cool, next one is small: https://github.com/andj/openvpn-ssl-refactoring/commit/43c6568e72c10838ee851dbd96f400cdac90563d#L1L616 vpnhelper 28/07/2011 21:54:16 Title: Commit 43c6568e72c10838ee851dbd96f400cdac90563d to andj/openvpn-ssl-refactoring - GitHub (at github.com) mattock 28/07/2011 21:54:38 damn vpnHelper was faster than me andj 28/07/2011 21:54:47 yeah is 43c6568e72c10838ee851dbd96f400cdac90563d ok? 28/07/2011 21:56:15 That just cleans up a small issue with an ugly global 28/07/2011 21:56:32 don't know where it came from, but it belongs in the options 28/07/2011 21:56:54 jamesyonan 28/07/2011 21:57:34 yes, this one is fine andj 28/07/2011 21:57:48 https://github.com/andj/openvpn-ssl-refactoring/commit/9213b628af6d93d9c3f067734733323ee79c57f1 vpnhelper 28/07/2011 21:57:49 Title: Commit 9213b628af6d93d9c3f067734733323ee79c57f1 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 21:58:23 Moves the environment setup functions I'll make an extra diff 28/07/2011 21:58:26 the gist https://gist.github.com/1111940 is a bit long 28/07/2011 21:58:41 vpnhelper 28/07/2011 21:58:42 Title: andj's gist: 1111940 Gist (at gist.github.com) jamesyonan 28/07/2011 22:03:02 how much more do we have? I'm almost out of time. andj 28/07/2011 22:03:24 lots, but we can continue next week I guess mattock 28/07/2011 22:03:30 https://community.openvpn.net/openvpn/wiki/PolarSSLintegration#Verificationfunctions vpnhelper 28/07/2011 22:03:33 Title: PolarSSLintegration â OpenVPN Community (at community.openvpn.net) mattock 28/07/2011 22:03:35 quite a few there's no way we can make it today 28/07/2011 22:03:42 andj 28/07/2011 22:03:49 I haven't got time on thursday next week 28/07/2011 22:03:52 can we make it Tuesday? 28/07/2011 22:03:58 mattock 28/07/2011 22:04:04 fine with me jamesyonan? 28/07/2011 22:04:06 17:00 UTC? 28/07/2011 22:04:09 jamesyonan 28/07/2011 22:04:40 I can try to make it Tuesday, but Thursday tends to be better for me andj 28/07/2011 22:05:02 Just for the one week, I'm off for a few days then jamesyonan 28/07/2011 22:05:11 okay andj 28/07/2011 22:05:12 Shall we finish https://gist.github.com/1111940 and call it a day? vpnhelper 28/07/2011 22:05:13 Title: andj's gist: 1111940 Gist (at gist.github.com) mattock 28/07/2011 22:05:41 jamesyonan: is that patch ok? jamesyonan 28/07/2011 22:05:55 what's going on in this patch? andj 28/07/2011 22:05:58 I'm still throwing it through differs, to make it clearer The patch is a pretty straightforward move https://github.com/andj/openvpn-ssl-refactoring/commit/9213b628af6d93d9c3f067734733323ee79c57f1 28/07/2011 22:06:17 vpnhelper 28/07/2011 22:06:18 Title: Commit 9213b628af6d93d9c3f067734733323ee79c57f1 to andj/openvpn-ssl-refactoring - GitHub (at github.com) andj 28/07/2011 22:06:30 it sets up the environment for plugins and scripts I've updated the diff a little 28/07/2011 22:10:09 https://gist.github.com/1111940 28/07/2011 22:10:09 vpnhelper 28/07/2011 22:10:09 Title: andj's gist: 1111940 Gist (at gist.github.com) andj 28/07/2011 22:10:18 shows the differences a little better The serial number generation code gets moved to a separate file 28/07/2011 22:12:26 (openssl-specific) 28/07/2011 22:12:36 and that's the only major difference 28/07/2011 22:13:05 Does that seem ok? 28/07/2011 22:14:13 veryevil 28/07/2011 22:16:02 Damn missed the meeting !meeting 28/07/2011 22:16:04 !meetings 28/07/2011 22:16:08 vpnhelper 28/07/2011 22:16:09 "meetings" is (#1) See https://community.openvpn.net/openvpn/wiki/IrcMeetings, or (#2) OpenVPN developers meetings are usually held on Thursdays @ 18:00 UTC. Ask mattock or dazo for latest info. Meeting agendas and minutes are here: https://community.openvpn.net/openvpn/wiki/IrcMeetings mattock 28/07/2011 22:16:14 jamesyonan: ? veryevil: we're wrapping it up atm 28/07/2011 22:16:34 jamesyonan 28/07/2011 22:16:42 still reading the patch... veryevil 28/07/2011 22:17:20 I was after some help with the Tap-win32 driver and was hoping some one would be on here to help me jamesyonan 28/07/2011 22:18:15 is x509_cert_t an X509_NAME under OpenSSL? mattock 28/07/2011 22:18:31 veryevil: cron2 and jamesyonan can probably help you not atm, though, jamesyonan needs to run and cron2 is not here probably 28/07/2011 22:18:49 andj 28/07/2011 22:18:57 jamesyonan: no, just X509 veryevil 28/07/2011 22:19:36 thats ok I know it is rude of me just to butt in to your meeting andj 28/07/2011 22:19:47 we're almost done working on the last patch 28/07/2011 22:19:51 for today that is 28/07/2011 22:20:01 jamesyonan 28/07/2011 22:20:16 I see what you're doing -- you're changing setenv_x509 to receive a cert rather than just an x509 name andj 28/07/2011 22:20:26 exactly and getting all the enviroment setup in one function 28/07/2011 22:20:56 so less spread out 28/07/2011 22:21:05 which also improves clarity 28/07/2011 22:21:09 jamesyonan 28/07/2011 22:22:28 yes, this patch looks okay andj 28/07/2011 22:22:37 cool, thanks thanks everyone 28/07/2011 22:22:38 mattock 28/07/2011 22:22:44 nice! we made some good progress, especially with the nasty, large auth patch 28/07/2011 22:22:57 andj 28/07/2011 22:23:12 Some family just arrived, so have to run, but really happy with the progress! mattock 28/07/2011 22:23:13 jamesyonan: let me know if you can't attend next Tuesday andj 28/07/2011 22:23:26 wednesday or monday is fine too mattock 28/07/2011 22:23:27 so that we can rearrange the meeting some other day jamesyonan: would those be better? 28/07/2011 22:23:37 andj 28/07/2011 22:23:58 Thanks everyone! will be back in about 30 mins jamesyonan 28/07/2011 22:24:10 Wednesday is better for me mattock 28/07/2011 22:24:54 hmm, actually I have something on wednesday, but I can still prepare and monitor the meeting and edit the patch ACK list afterwards 28/07/2011 22:25:16 so, wednesday it is 28/07/2011 22:25:23 jamesyonan 28/07/2011 22:25:45 take care guys mattock 28/07/2011 22:26:30 you too! bye! 28/07/2011 22:26:31 (I'll send the summary to ml tomorrow evening) 28/07/2011 22:26:40 veryevil: please hang around in this channel and raise your voice when jamesyonan or cron2 is available 28/07/2011 22:27:04 patch ACK status after this meeting: https://community.openvpn.net/openvpn/wiki/PolarSSLintegration 28/07/2011 22:27:31
