Acked-by: Gert Doering
"Works!"
Fixed whitespace (indent) while at it...
Your patch has been applied to the master branch.
commit e6c86b24dbe8b001dfc8b9e9c4fad95e0f5973d4
Author: Antonio Quartulli
Date: Tue Jul 21 21:55:18 2020 +0200
t_net.sh: drop hard dependency on t_client.rc
Your patch has been applied to the master branch.
I have not actually tested EC functionality in any way, just
made sure it compiles and passes basic (scripted) testing.
commit 8353ae8075fb25d1935258a2f007e024c5e2c43f
Author: Arne Schwabe
Date: Tue Jul 21 17:49:22 2020 +0200
Implement tls
8x fix - 2x suggestion
On 21/07/2020 16:49, Arne Schwabe wrote:
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all grou
Right now t_net.sh depends on t_client.rc in order to source the
RUN_SUDO variable only.
However, t_client.rc is something that a few people only have configured
and thus this would result in t_net.sh almost never executed even if it
just could.
Drop dependency on t_client.rc by falling back to RU
NOW I can finally merge this, since key-method v1 is gone
and this compiles without unresolveds \o/
Stared-at-code, test compiled, ship.
Your patch has been applied to the master branch.
commit ba66faad5608233f792c3679ebade09ff324a4b3
Author: Arne Schwabe
Date: Fri Jul 17 15:47:36 2020 +0200
Hi,
On 21/07/2020 18:38, Arne Schwabe wrote:
> This allows us to skip waiting for the first PUSH_REQUEST message from
> the client to send the response.
>
> This changes the interpretation of IV_PROTO from a scalar to a bitfield
> Since we only have IV_PROTO=2 defined so far and will support DATA
Your patch has been applied to the master branch.
I have run a t_client test on FreeBSD/OpenSSL and Linux/mbedTLS, and
a full server side test. Just to be sure. This is surprisingly large
changes in crypto code... the changes look good, but...!
All tests pass :-)
Test sets succeeded: 1 1a 1b
1x spelling 1x grammar
On 21/07/2020 17:38, Arne Schwabe wrote:
This allows us to skip waiting for the first PUSH_REQUEST message from
the client to send the response.
This changes the interpretation of IV_PROTO from a scalar to a bitfield
Since we only have IV_PROTO=2 defined so far and will s
Hi,
On 21/07/2020 18:39, Gert Doering wrote:
> In here, print & set
>
> if [ -z "$RUN_SUDO" ]
> then
> +echo "$0: no RUN_SUDO=... in t_client.rc or environment, defaulting
> to 'sudo'." >&2
> +echo " if that does not work, set RUN_SUDO= correctly for your
> sy
On 21/07/2020 12:01, Arne Schwabe wrote:
> Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
>
> Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
> v1 op codes and give a good warning message if we encounter
> them in the legal op codes pre-
Hi,
On Fri, Jul 17, 2020 at 06:02:31PM +0200, Antonio Quartulli wrote:
> Right now t_net.sh depends on t_client.rc in order to source the
> RUN_SUDO variable only.
I was about to merge this ("nice and easy") but I think it's just
complicated.
> diff --git a/tests/t_net.sh b/tests/t_net.sh
> inde
This allows us to skip waiting for the first PUSH_REQUEST message from
the client to send the response.
This changes the interpretation of IV_PROTO from a scalar to a bitfield
Since we only have IV_PROTO=2 defined so far and will support DATA_V2
this should not make any problem. This avoid adding
Acked-by: Gert Doering
Another easy one for me to grab :-)
Adjusted Changes.rst context to apply, looked at patch, did a test
build. Agree to the M_FATAL, this is important here to see what is
wrong right away, before having client connects fail.
People will scream at you anyway.
Fixed one gr
Acked-by: Gert Doering
I take the easy ones today :-)
Looked at the diff (looks good), fixed Changes.rst (if I apply
in non-sent-order, context is wrong), test compiled (just to be
sure).
Your patch has been applied to the master branch.
commit 2d5facaa5f6e6ee3dd2f15c2e7f5510939dd445b
Author:
Hi,
On 21/07/2020 17:49, Arne Schwabe wrote:
> By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
> default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
> TLS1.3 key exchange is independent from the signature/key of the
> certificates, so allowing all groups per defaul
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all groups per default is not a sensible
choice anymore and instead a short
Hi,
On Sun, Aug 12, 2018 at 10:51:04AM +0200, Steffan Karger wrote:
> As described in msg <374a7eb7-f539-5231-623b-41f208ed8...@belkam.com> on
> openvpn-devel@lists.sourceforge.net, clients that are compiled with
> --disable-occ (included in --enable-small) won't send an options string.
> Without
On 21/07/2020 15:46, Antonio Quartulli wrote:
> Aren't we calling strsep() twice in a row now?
> Once in the while() condition and once at the end of the cycle?
>
> I think Arne agreed on the issue on IRC, but maybe forgot to fix the patch?
>
>
However, please note that now the patch compile
Hi,
I think a comment in my previous review was overlooked.
On 17/07/2020 15:47, Arne Schwabe wrote:
> @@ -343,6 +348,42 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const
> char *profile)
> }
> }
>
> +void
> +tls_ctx_set_tls_groups(struct tls_root_ctx *ctx, const char *groups)
1x typo
On 21/07/2020 11:01, Arne Schwabe wrote:
Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
v1 op codes and give a good warning message if we encounter
them in the legal op codes p
Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
v1 op codes and give a good warning message if we encounter
them in the legal op codes pre-check.
Patch V3: Add a bit more comments in the ex
21 matches
Mail list logo
