Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Alon Bar-Lev
On Tue, Jun 19, 2012 at 2:20 AM, Thomas Habets wrote: > Should be noted that the prompt is now "Enter Private Key Password:" > instead of the engine-module generated "SRK authorization:". Right. I can live with this... maybe in future the key names for all kind of keys will be modified... > But

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Thomas Habets
On 18 June 2012 23:40, Alon Bar-Lev wrote: >> Shouldn't it on be the default? > This is a very long argument... weather to allow unsecured > setup by default... [googled a bit for it. I see.] Should be noted that the prompt is now "Enter Private Key Password:" instead of the engine-m

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Alon Bar-Lev
On Tue, Jun 19, 2012 at 1:27 AM, Thomas Habets wrote: > When I specify --enable-password-save to ./configure askpass is able > to read the password from a file. Right, this is the idea, and if you use the management interface you can specify the password via that interface. > Seems despite what

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Thomas Habets
When I specify --enable-password-save to ./configure askpass is able to read the password from a file. Seems despite what the --help says it actually defaults to off. :-( Shouldn't it on be the default? I'm not an OpenSSL ninja, but this looks suspicious: -- if (!ENGINE_init(e)) msg (

Re: [Openvpn-devel] [V2.4 0/4] tun cleanups

2012-06-18 Thread Arne Schwabe
Am 18.06.12 20:42, schrieb Alon Bar-Lev: > On Mon, Jun 18, 2012 at 9:21 PM, Arne Schwabe wrote: >> Am 12.05.12 21:31, schrieb Alon Bar-Lev: >>> Platform independent interface for tun provider. >>> >>> Split the long tun.c into platform specific files using >>> tun_engine interface. >>> >>> Functio

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Alon Bar-Lev
Hello Thomas, Thank you for your comments and help. I've updated the branch based on your work, but with changes... The password is secret, and there is a standard mechanism in openvpn to handle password... So I tried to use it. For the conditionals, I wanted to get rid of the openssl engine cond

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Thomas Habets
I can confirm that it works. I need to specify both engine and engine-pvk in the config though. If "engine" is not specified then ENGINE_load_builtin_engines() is never called. If you had this in mind then I think "engine-pvk" should require "engine". (just putting "engine" in the config file is en

Re: [Openvpn-devel] [V2.4 0/4] tun cleanups

2012-06-18 Thread Alon Bar-Lev
On Mon, Jun 18, 2012 at 9:21 PM, Arne Schwabe wrote: > Am 12.05.12 21:31, schrieb Alon Bar-Lev: >> Platform independent interface for tun provider. >> >> Split the long tun.c into platform specific files using >> tun_engine interface. >> >> Functionality is the same. >> >> Maintenance will be much

[Openvpn-devel] [PATCH 3/6] Remove ENABLE_INLINE_FILES conditionals, this code is always enabled and removing the #ifdef make the code a little bit clearer

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/common.h |2 -- src/openvpn/crypto.c |6 -- src/openvpn/init.c |4 src/openvpn/misc.c |6 -- src/openvpn/options.c | 24 src/openvpn/options.h |6 --

[Openvpn-devel] [PATCH 1/6] Only use tmpdir if tmp_dir is really used.

2012-06-18 Thread Arne Schwabe
This fixes starting openvpn compiled as client only version of systems that have no /tmp (Android). --tmp-dir could only be set if P2MP_SERVER has been enabled too. Signed-off-by: Arne Schwabe --- src/openvpn/options.c |7 +-- src/openvpn/options.h |4 +++- 2 files changed, 8 inser

[Openvpn-devel] [PATCH 2/6] Completely remove ancient IANA port warning.

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/init.c|6 -- src/openvpn/options.c |3 --- src/openvpn/options.h |1 - 3 files changed, 0 insertions(+), 10 deletions(-) diff --git a/src/openvpn/init.c b/src/openvpn/init.c index 61fd2a6..eacb67d 100644 --- a/src/openvpn/init.c ++

[Openvpn-devel] [PATCH 5/6] Fix most of the clang warnings, mostly unused variables and comparisons which were always true

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c |2 -- src/openvpn/mroute.c | 28 src/openvpn/multi.c |7 +-- src/openvpn/options.c|2 -- src/openvpn/route.c |1 - src/openvpn/ss

[Openvpn-devel] [PATCH 6/6] Fix clang warnings for conversion from unsigned<->signed

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/httpdigest.c | 44 ++-- src/openvpn/ntlm.c |8 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/src/openvpn/httpdigest.c b/src/openvpn/httpdigest.c index 78b8344..61d4280 1006

[Openvpn-devel] [PATCH 4/6] Remove ENABLE_CONNECTIONS ifdefs, connections were always on for a long time. Not that ENABLE_MAMAGEMENT_REMOTE was only depending on ENABLE_CONNECTIONS and is removed as w

2012-06-18 Thread Arne Schwabe
Signed-off-by: Arne Schwabe --- src/openvpn/init.c| 12 src/openvpn/manage.c |8 src/openvpn/manage.h |6 -- src/openvpn/options.c | 24 src/openvpn/options.h | 19 --- src/openvpn/syshead.h | 16 +--

[Openvpn-devel] [PATCH 0/6] misc cleanup patches

2012-06-18 Thread Arne Schwabe
A few clean up patches that I have local. Some of these might be useful in a 2.3 release. Arne Schwabe (6): Only use tmpdir if tmp_dir is really used. Completely remove ancient IANA port warning. Remove ENABLE_INLINE_FILES conditionals, this code is always enabled and removing the #ifde

Re: [Openvpn-devel] [V2.4 0/4] tun cleanups

2012-06-18 Thread Arne Schwabe
Am 12.05.12 21:31, schrieb Alon Bar-Lev: > Platform independent interface for tun provider. > > Split the long tun.c into platform specific files using > tun_engine interface. > > Functionality is the same. > > Maintenance will be much easier! new options, like stacking > several interfaces and del

[Openvpn-devel] [PATCH] cleanup: pkcs11.c: resolve wanings

2012-06-18 Thread Alon Bar-Lev
src/openvpn/pkcs11.c:794:2: warning: passing argument 1 of ‘pkcs11h_setPINPromptHook’ from incompatible pointer type Signed-off-by: Alon Bar-Lev --- src/openvpn/pkcs11.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index d

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Alon Bar-Lev
Oh... And I forgot mentioning that the UI method should be solved, using the default is not something that is usable for openvpn. Can you please take care of this? Alon. On Mon, Jun 18, 2012 at 3:25 PM, Alon Bar-Lev wrote: > Hello Thomas, > > I did not have the global variable in mind :) > > I t

Re: [Openvpn-devel] PATCH: SSL Engine support

2012-06-18 Thread Alon Bar-Lev
Hello Thomas, I did not have the global variable in mind :) I thought about your initial suggestion of specific private key engine, and it has value, so I added a new option. I propose the following [1], the problem is that I cannot test this out. While looking on the current engine implementat