The last version of the patch used the TLS1.2 version
tls_ctx_restrict_ciphers to set the restrictions for both
TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
for TLS1.3.
Also fix minor style problem while I am touching the function
---
src/openvpn/ssl_openssl.c | 6 --
1
Your patch has been applied to the master and release/2.4 branch
(long term compatibility).
I had to fix one minor bit - it prints
For TLS 1.3 and newer (--tls-ciphersuite):
but that option is called "--tls-ciphersuites"...
I am not really able to make sense of it, though. If I try to speci
Hi,
On 12/10/18 02:41, Antonio Quartulli wrote:
> From a high level description of this patchset, please refer to
> "[PATCH 0/4] add netlink support for Linux" sent to the mailing list on
> Apr, 20th 2018.
>
> Changes from v1:
> - introduced opaque context object containing implementation specifi
This patch introduces a new unit test that is not executed
by the cmocka framework, but rather used by a new t_net.sh
bash script.
The idea behind this test is to ensure that invoking sitnl
functions or running iproute commands leads to the same
networking (interface and routing table) state.
To
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the
routing table.
At the moment only iproute2 is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/forward.c | 2 +-
src/openvpn/init.c | 24 ++-
src
By switching to the networking API (for Linux) openvpn will
now use any of the available implementations to handle the tun
interface.
At the moment only iproute2 and sitnl (NetLink) is implemented.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 22 ++--
src/openvpn/init.h
This patch introduces a tiny netlink interface, optimized
for the openvpn use case.
It basically exposes all those operations that are currently
handled by directly calling the /sbin/ip command (or even
ifconfig/route, if configured).
By using netlink, openvpn won't need to spawn new processes
wh
get_default_gateway_ipv6() has always been implemented using
netlink, however, now that we have sitnl, we can re-use the
latter and get rid of the netlink code from route.c.
Signed-off-by: Antonio Quartulli
---
src/openvpn/init.c | 9 +-
src/openvpn/networking_ip.c | 2 +-
src/openv
tun.c and route.c contain all the code used by openvpn
to manage the tun interface and the routing table on all
the supported platforms.
Across the years, this resulted in a longer functions
and series of ifdefs.
This patch introduces a new "networking API" which aims at
creating a simple abstrac
iproute2 is the first user of the new networking API and
its one of the two currently supported functionalities on
Linux (the other being net-tools).
This patch simply copies the current code from tun.c/route.c
to networking_ip.c without introducing any funcional
change to the code.
Signed-off-by
>From a high level description of this patchset, please refer to
"[PATCH 0/4] add netlink support for Linux" sent to the mailing list on
Apr, 20th 2018.
Changes from v1:
- introduced opaque context object containing implementation specific
state;
- fixed env passed to ip command (thanks to opaqu
Acked-by: Gert Doering
Thanks for bearing with me :-) - code looks correct, passes all t_client
tests (which should trigger the increment/decrement code paths). Bonus
points for *removing* a cast ;-))
Your patch has been applied to the master and release/2.4 branch (bugfix).
commit ed31cf2ab71
Your patch has been applied to the master branch.
I haven't fully tested this because it needs "mbedtls in a non-default
location" to break in the first place, which I was too lazy to set up
now. So I trust travis to check this case now :-)
commit b081038c7464f7a916560b4a71ebc83537a84b9d
Author:
Am 10.10.18 um 08:44 schrieb Steffan Karger:
> Commit 674b166 ("Fix build warnings related to get_random()") broke the
> unit tests for mbedtls, because was now included via
> platform.c -> crypto.h -> crypto_backend.h, but the crypto cflags were
> not included for that unit tests.
>
> Since we g
On 11-10-18 13:56, Gert Doering wrote:
> On Thu, Oct 11, 2018 at 01:52:37PM +0200, Steffan Karger wrote:
>>> I know that Steffan likes using size_t for "things that have a size"
>>> but I find it a bit questionable here :-)
>>
>> So the underlying problem is that "further down" used int to store
>>
Hi,
On Thu, Oct 11, 2018 at 01:52:37PM +0200, Steffan Karger wrote:
> > I know that Steffan likes using size_t for "things that have a size"
> > but I find it a bit questionable here :-)
>
> So the underlying problem is that "further down" used int to store
> sizes, but since that just is the way
From: Lev Stipakov
In Visual Studio when unary minus is applied to unsigned,
result is still unsigned. This means that when we use result
as function formal parameter, we pass incorrect value.
Fix by introducing frame_remove_from_extra_frame(),
which makes code semantically more clear and elimin
Hi,
On 11-10-18 13:23, Gert Doering wrote:
> On Thu, Oct 11, 2018 at 01:40:16PM +0300, Lev Stipakov wrote:
>>> Since crypto_overhead and crypto_max_overhead() are both size_t, and
>>> frame_add_to_extra_frame() is declared to take an "unsigned int" now,
>>> this cast should not be necessary.
>>
>>
Hi,
On Thu, Oct 11, 2018 at 01:40:16PM +0300, Lev Stipakov wrote:
> > Since crypto_overhead and crypto_max_overhead() are both size_t, and
> > frame_add_to_extra_frame() is declared to take an "unsigned int" now,
> > this cast should not be necessary.
>
>
> Visual Studio disagrees. Without expli
Hi,
> Since crypto_overhead and crypto_max_overhead() are both size_t, and
> frame_add_to_extra_frame() is declared to take an "unsigned int" now,
> this cast should not be necessary.
Visual Studio disagrees. Without explicit cast I got
> warning C4267: 'function': conversion from 'size_t' to
Acked-by: Gert Doering
This removes (checked by "diff") all non-CBC ciphers from "--show-ciphers"
on mbedTLS builds again (like BLOWFISH-CTR, DES-EDE-ECB), and makes
t_lpback.sh succeed again in "make check". Sorry for not catching this
yesterday already.
Your patch has been applied to the mast
Commit 447997dd refactored the --show-ciphers code, but introduced a bug
in mbedtls builds where non-AEAD/CBC cipher were printed too. Those are
however unsupported (as openvpn will tell you when you try to use them).
This fixes that bug.
Signed-off-by: Steffan Karger
---
src/openvpn/crypto_mb
22 matches
Mail list logo
