Acked-by: Gert Doering <g...@greenie.muc.de>
This is 05 without the "comment and whitespace" bits that fix 04.
Stared at code, ran client/server tests (including UDP server).
It should be noted that this adds recognition of P_CONTROL_V1 packets
to tls_pre_decrypt_lite() - but they are handled by the caller the
same way as VERDICT_INVALID, so the effective difference is none
("only accept packets that are P_CONTROL_HARD_RESET_CLIENT_V2/V3").
The "free_tls_pre_decrypt_state()" is actually nothing new, it's all
existing free() calls, just moved to that new function (so, not much
consideration on "what sort of data is manipulated here?").
The comment in ssl.h for tls_pre_decrypt_lite() is missing an
explanation of what "struct tls_pre_decrypt_state *state" is for - but
I guess this will come in a followup patch?
Your patch has been applied to the master branch.
commit b67d670b2dedd9a4d39d927956b385903107f82b
Author: Arne Schwabe
Date: Fri Apr 22 15:40:34 2022 +0200
Extend tls_pre_decrypt_lite to return type of packet and keep state
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20220422134038.3801239-6-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24148.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
