Hi, On Mon, Mar 25, 2013 at 12:35:12AM +0100, Eugene Rudoy wrote: > Dear openvpn-developers, > > I'm wondering what is the best way to submit patches to the openvpn > project.
Send the patches to the openvpn-devel list, and if you don't hear from us, keep nagging on the list and in #openvpn-devel on freenode. > The patch I (er13) added more than a month ago to this ticket > https://community.openvpn.net/openvpn/ticket/250 has been completely > ignored. Instead the patch submitted directly to this list has been > accepted and committed. It's not that my patch is better (btw. I'm not the > only author of it, my patch is based on MaxMuster's one), it just it seems > that you don't pay enough attention to your own bug-tracking system and > some of the patches submitted there simply get lost. I would appreciate it > if you could improve yourself in this regard so that the people investing > their time don't get disappointed ;-) Thanks! Actually, the PolarSSL 1.2 integration was a bit difficult due to constraints voiced by James Yonan ("no user visible changes"), so the initial set of PolarSSL patches that have been sent to the list in January got rejected at FOSDEM. Indeed, we have not been that good at following up on trac-reported issues - not due to bad will, but due to lack of time. Sorry for that, we're working on improving things (and as said above: if we lose track of something, please remind us on the list and/or the IRC channel). (In this particular case, it would have helped of the Freetz people would have talked to the fox-it people somewhat earlier, before duplicating the effort...) > To the PolarSSL-1.2 support itself: I must confess I didn't test it but I > believe the new implementation of verify_callback in ssl_verify_callback.c > is incorrect ( > https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/ssl_verify_polarssl.c#L46). > It always returns 0. The error is signaled just by setting *flags to > non-zero value. The flags variable is then reused by PolarSSL for the next > certificate in the chain. So it might be that the incorrect certificate > chain won't get accepted but from reading the code it seems that non-zero > flags coupled with zero return value might result in spurious verify error > messages for other certificates in the chain. Please correct me if I'm > wrong. I can't particularily comment on that - Adriaan, Steffan, could you check this, please? gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpiaEmFs4JdX.pgp
Description: PGP signature
