Hi,
On 08/12/17 20:07, Steffan Karger wrote:
> This is a preliminary description of tls-crypt-v2. It should give a good
> impression about the reasoning and design behind tls-crypt-v2, but might
> need some polishing and updating.
>
> Signed-off-by: Steffan Karger
> ---
> doc/tls-crypt-v2.txt
Hi,
On Wed, Mar 7, 2018 at 6:52 PM, David Sommerseth
wrote:
> On 08/03/18 00:22, Selva Nair wrote:
>> Hi,
>>
>> ...some good stuff snipped...
>>
>>>
>>> I'll admit I might see this with a bit too narrow perspective. But how I
>>> have
>>> understood this issue is that OpenVPN 2.x does not behav
On 08/03/18 00:22, Selva Nair wrote:
> Hi,
>
> ...some good stuff snipped...
>
>>
>> I'll admit I might see this with a bit too narrow perspective. But how I
>> have
>> understood this issue is that OpenVPN 2.x does not behave correctly as it
>> doesn't understand *why* the authentication faile
Hi,
...some good stuff snipped...
>
> I'll admit I might see this with a bit too narrow perspective. But how I have
> understood this issue is that OpenVPN 2.x does not behave correctly as it
> doesn't understand *why* the authentication failed. If the client side would
> understand why auth fa
A bit more thorough review this time.
On 05/03/18 16:50, Arne Schwabe wrote:
[...snip...]
>
> This patch changes the client behaviour:
>
> - Treat a failed auth when using an auth-token as a soft error (USR1)
> and clean the auth-token falling back to the original auth method
Conceptually, t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
So I've glared a bit on the code, and it makes sense to me (while not
claiming I fully understand the full timer logic and scheduling).
Smoke tested patch on RHEL7 (client) and Fedora 27 (server) and tested
server code using the openvpn3-linux clien
On 07/03/18 12:52, Arne Schwabe wrote:
>> So, failure due to token expiry that normally happens during a reneg[*]
>> will not trigger AUTH_FAILED and the client will continue trying reneg
>> until the previous TLS session expires (1 hour?). This is a
>> basic limitation of the present implementatio
Hi,
On Wed, Mar 7, 2018 at 6:52 AM, Arne Schwabe wrote:
> Am 06.03.18 um 22:04 schrieb Selva Nair:
>
..
>> I want to stress this point: when the server sends back AUTH_FAILED,
>> the client does behave somewhat sanely, but not otherwise. And on that
>> count this patch appears to be lacking. It
Hi,
On Fri, Dec 08, 2017 at 01:07:47PM +0100, Steffan Karger wrote:
> To avoid a dependency on misc.c - which is a dependency mess - in the
> tls-crypt unit tests, split the env_set functionality out into it's own
> file.
>
> Signed-off-by: Antonio Quartulli
> Signed-off-by: Steffan Karger
*si
Am 07.03.18 um 13:29 schrieb Arne Schwabe:
> V2: Print also curve details, add missing ifdef
> V3: Goto err instead of using M_FATAL, format fixes, use
> EC_GROUP_get_curve_name + OBJ_nid2sn instead of ECPKParameters_print, add
> compat headers for 1.0.2
> V4: Formatting changes and change M_ERR
V2: Print also curve details, add missing ifdef
V3: Goto err instead of using M_FATAL, format fixes, use
EC_GROUP_get_curve_name + OBJ_nid2sn instead of ECPKParameters_print, add
compat headers for 1.0.2
V4: Formatting changes and change M_ERR to M_WARN
---
configure.ac | 2 ++
Am 06.03.18 um 22:04 schrieb Selva Nair:
> Hi,
>
> Based on the commit message this appears to cover all that is wrong
> with current auth-token implementation. I haven't carefully reviewed the
> code or tested it, but some initial remarks that looks relevant.
>
> On Mon, Mar 5, 2018 at 10:50 AM,
Hi.
On Wed, Mar 7, 2018 at 4:25 AM, Steffan Karger
wrote:
>
> Hi,
>
> On 06-03-18 23:16, Jonathan K. Bullard wrote:
> > Can someone clarify which versions of OpenSSL OpenVPN supports (that
> > is, "works with when linked statically")?
> >
> > From what I gather:
> >
> > * OpenVPN 2.3.18 supports
Hi,
On 06-03-18 23:16, Jonathan K. Bullard wrote:
> Can someone clarify which versions of OpenSSL OpenVPN supports (that
> is, "works with when linked statically")?
>
> From what I gather:
>
> * OpenVPN 2.3.18 supports OpenSSL 1.0.2n
> * OpenVPN 2.4.5 supports OpenSSL 1.0.2n and 1.1.0g
> * Op
14 matches
Mail list logo
