On 23/02/15 17:02, daniel kubec wrote: > ---------- Forwarded message ---------- > From: Daniel Kubec <n...@rtfm.cz> > Date: 23 February 2015 at 16:51 > Subject: Add support for Keying Material Exporter [RFC 5705] > To: openvpn-devel@lists.sourceforge.net > > > Hi David, > > Keying Material Exporter [RFC 5705] Patch rebased to actual master > branch. > > Daniel
Hi, I've finally had time to do some review. Your patches work, but I have a few comments. * openvpn-rfc5705-sample.patch - The client config is missing a 'pull'. I tried running this with a server running in a VM, and the client running outside of the server VM had no IP address or routing configured. Adding 'pull' to the client config solved it. - You've called the plug-in and 'sso'. I'd try to avoid such a vague name, as it may be misunderstood to do something else. I'd suggest using a more related name, for example 'keying-material-exporter-demo'. * openvpn-rfc5705-doc-v3.patch - The 'OpenVPN Configuration' example is missing a leading dash. It now says -keying-material-exporter, but should say --keying-material-exporter. * openvpn-rfc5705-v3.patch The code looks good to me, I share the same comment to the man page as Steffan had too, to also document the upper bound of 4095 bytes. If we can agree on these changes, I'll ensure it gets applied fairly quickly. -- kind regards, David Sommerseth
