[Openvpn-devel] [PATCH v2] Support x509 field list to be username

OpenVPN has the ability to choose different x509 field in case "CN" can't be use used to be unique connected username since commit 935c62be9c0c8a256112df818bfb8470586a23b6. Unfortunately it's not enough in case client has multiple and valid certificates from PKI for different devices (ex. laptop, m

Re: [Openvpn-devel] [PATCH 9/9] Rework NCP compability logic and drop BF-CBC support by default

Am 28.07.20 um 14:27 schrieb Steffan Karger: >> * - peer id >> */ >> -static void >> +static bool >> multi_client_set_protocol_options(struct context *c) >> { >> >> @@ -1807,8 +1807,11 @@ multi_client_set_protocol_options(struct context *c) >> } >> >> /* Select cipher if client

Re: [Openvpn-devel] [PATCH 9/9] Rework NCP compability logic and drop BF-CBC support by default

10x more wee pointers On 28/07/2020 13:27, Steffan Karger wrote: Hi, This is awesome in many ways. Better behaviour, better code and a nice way forward to really get rid of the BF-CBC default cipher. It's also somewhat tricky, so here goes for a review purely based on stare-at-code: On 17-07-

Re: [Openvpn-devel] [PATCH 9/9] Rework NCP compability logic and drop BF-CBC support by default

Hi, This is awesome in many ways. Better behaviour, better code and a nice way forward to really get rid of the BF-CBC default cipher. It's also somewhat tricky, so here goes for a review purely based on stare-at-code: On 17-07-2020 15:47, Arne Schwabe wrote: > This reworks the NCP logic to be m

Re: [Openvpn-devel] [PATCH applied] Re: client-connect: Add deferred support to the client-connect plugin v1 handler

Hi, On Mon, Jul 20, 2020 at 11:30:55AM +0200, Gert Doering wrote: > Testing this with my new "client connect tester" plugin, I discovered > two things: [..] > - second, we read the "option file" ($ENV{client_connect_config_file}) >multiple times on every PUSH_REQUEST - it works, but this is

[Openvpn-devel] [PATCH applied] Re: Fix sequence of events for async plugin v1 handler.

Patch has been applied to the master branch. (I have tested this on the "t_server" test rig, of course :) ) commit 08f3c1cab7367fc8447001db34fd9627d60ba2b2 Author: Gert Doering Date: Mon Jul 27 20:34:35 2020 +0200 Fix sequence of events for async plugin v1 handler. Signed-off-by: Ge

[Openvpn-devel] [PATCH applied] Re: Abort client-connect handler loop after first handler sets 'disable'.

Patch has been applied to the master branch. commit 20b394746a7a351d892bb8c21beb66dd138631d9 Author: Gert Doering Date: Mon Jul 27 20:34:36 2020 +0200 Abort client-connect handler loop after first handler sets 'disable'. Signed-off-by: Gert Doering Acked-by: Arne Schwabe

[Openvpn-devel] [PATCH applied] Re: Gently push users towards --data-ciphers in --show-ciphers output

Your patch has been applied to the master branch. I have not tested anything besides a very basic compile test. Note: sourceforge seems to be messing with your message-ids again - the message-ID that arrived here is what is referenced in the commit, and it very much looks like "not what you sent"