[Openvpn-devel] [PATCH] Fix memory leak in SSL_CTX_use_certificate

Commit 98bfeeb4 introduced a memory leak in SSL_CTX_use_certificate by removing the "if(x509) { ... }" bit while not changing the "else if(x) {}" right after to an "if(x) {}". Signed-off-by: Steffan Karger --- src/openvpn/ssl_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[Openvpn-devel] [PATCH] Add support for tls-ciphersuites for TLS 1.3

OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these interfaces are meant to be user facing or not exposed at all and we expose the tls-cipher interface, we should also expose tls-cipherlist. Combining both settings into tls-cipher would add a lot of glue logic that needs to be m

[Openvpn-devel] [PATCH v2] Add message explaining early TLS client hello failure

In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients anymore. Unfortunately, Debian 8 still has OpenVPN 2.3.4, which is TLS 1.0 only without setting tls-version-min. We currently log only OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported prot

[Openvpn-devel] [PATCH] Add message explaining early TLS client hello failure

Am 26.09.18 um 08:52 schrieb Antonio Quartulli: > Hi, > > On 26/09/18 06:19, Arne Schwabe wrote: >> Am 25.09.18 um 16:31 schrieb David Sommerseth: >>> On 25/09/18 14:48, Arne Schwabe wrote: In my tests an OpenSSL 1.1.1 server does not accept TLS 1.0 only clients anymore. Unfortunately, D

[Openvpn-devel] Summary of the community meeting (Wed, 26th Sep 2018)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wednesday 26th Sep 2018 Time: 11:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: The next me

[Openvpn-devel] [PATCH applied] Re: mbedtls: remove dependency on mbedtls pkcs11 module

Cursory review, way too much crypto / too little time for me to say "I understand the changes". But nothing that looks obviously erroneous. Trusting Arne, Steffan and my t_client tests on this :-) Your patch has been applied to the master branch. commit 03c8bfc90fbc63007f62d3ed165942d149225551

[Openvpn-devel] [PATCH applied] Re: mbedtls: make external signing code generic

Tested with a mbedTLS "t_client" run, but no "external key" tests here - trusting Arne and Steffan on this. Cursory review. Your patch has been applied to the master branch. commit 03defa3b29eafc954304532d766aff11712ff9de Author: Steffan Karger Date: Fri Sep 14 11:14:18 2018 +0200 mbedtl

[Openvpn-devel] [PATCH applied] Re: Do not load certificate from tls_ctx_use_external_private_key()

Your patch has been applied to the master branch. I have only done a very cursory sanity check, plus test build (of course, mbedtls + openssl), and fixed one funky indentation artefact (8 spaces plus a tab in the very last change). commit 73513aaa301e9e9413b6156ed263dd27f8fad7fd Author: Steffan