Re: [Openvpn-devel] Add support for Keying Material Exporter [RFC 5705]

On 02-03-15 01:03, daniel kubec wrote: Greetings Steffan, David and Gert Thank you very much for your comments. 1) log level switched to D_TLS_DEBUG_MED 2) ekm_size removed, ekm_size != 0 condition is used instead. 3) changed to: exported_keying_material 4) minimum set to 16 bytes and maximum

[Openvpn-devel] [PATCH 2/2] polarssl: make sure to always null-terminate the cn

Just a precaution, this could never fail in the current code since in the one place this function is called, the cn is already zero-initialized. Signed-off-by: Steffan Karger --- src/openvpn/ssl_verify_polarssl.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/openvpn

[Openvpn-devel] [PATCH 1/2] Get rid of old OpenSSL workarounds.

We now only support OpenSSL 0.9.8+, so we don't have to work around the bug in 0.9.6b anymore. Also, OBJ_txt2nid() now takes a const char * (instead of a char *), so we no langer have to cast away const. Signed-off-by: Steffan Karger --- src/openvpn/ssl_verify_openssl.c | 4 ++-- 1 file changed

[Openvpn-devel] [PATCH applied] Re: Document the default for tls-cipher.

Your patch has been applied to the master branch. commit 77f464bddcfcc958f10fd3e9c45e1cb46d5206d0 Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Wed Mar 4 15:23:45 2015 +0100 Document the default for tls-cipher. Acked-by: Gert Doering Message-Id: <142

[Openvpn-devel] [PATCH applied] Re: Remove unused function sock_addr_set

Your patch has been applied to the master branch. commit a6ef6c7c3318a4bc8f9a4df8c75c943da43a7662 Author: Arne Schwabe List-Post: openvpn-devel@lists.sourceforge.net Date: Wed Mar 4 15:23:44 2015 +0100 Remove unused function sock_addr_set Acked-by: Gert Doering Message-Id: <142

Re: [Openvpn-devel] [PATCH] Fix CN maximum length

On 05-02-15 23:08, Gert Doering wrote: On Thu, Feb 05, 2015 at 06:15:21PM -0300, Jorge Luiz Silva Peixoto wrote: 64 characters according to some specs, but needs to be 65 to allow NULL termination? I'm speculating here ... so if I'm right I'd appreciate an update to the comment above if it incl

[Openvpn-devel] [PATCH] Fix mssfix default value

Due to this bug, mssfix hasn't been assigned to fragment value and used default value (1450) instead. As a consequence, TCP packets get fragmented, which causes performance penalty. Since dual stack patch https://github.com/OpenVPN/openvpn/commit/23d61c56b9fd218c39ad151b01b7e2d6690e6093 OpenVPN us

[Openvpn-devel] New OpenVPN 2.3.6 Windows installers released

Hi all, New Windows installers were released today, primarily to bundle OpenSSL 1.0.1l which fixes the FREAK vulnerability. All users of the official OpenVPN Windows installers are encouraged to upgrade their systems or to take other measures to mitigate the attacks. More details are available in

[Openvpn-devel] reading from the status file from another pid

Hi Everyone, I've configured openvpn to write the status every 5 seconds to a status file. Looking at the code that when openvpn starts you call open() Then every 5 seconds, the status file is truncated in status_flush. Only when you close openvpn, the file descriptor will be closed again. Hence

[Openvpn-devel] reading from the status file from another pid

Hi Everyone, I've configured openvpn to write the status every 5 seconds to a status file. Looking at the code that when openvpn starts you call open() Then every 5 seconds, the status file is truncated in status_flush. Only when you close openvpn, the file descriptor will be closed again. Hence