Plaintext authentication is not exactly high security, but we might as
well memzero the credentials before leaving the function.
---
src/openvpn/socks.c | 23 ++-
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 36df
Sorry about that! I'll send it again from my personal account later.
-Original Message-
From: Gert Doering [mailto:g...@greenie.muc.de]
Sent: vrijdag 19 maart 2021 18:30
To: Maximilian Fillinger
Cc: openvpn-devel@lists.sourceforge.net
Subject: Re: [Openvpn-devel] [Patch] Wipe Socks5 cred
Hi,
On Fri, Mar 19, 2021 at 04:45:18PM +, Maximilian Fillinger via
Openvpn-devel wrote:
[..]
The patch itself is OK (I think), but actually applying it will mess up the
Author: information in git, because you are sending from a domain that
has DMARC p=reject. So mailman is massacring your F
Socks5 plaintext authentication is not exactly high security, but we
might as well memzero the credentials before leaving the function.
---
src/openvpn/socks.c | 23 ++-
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
in
Hi,
On 19/03/2021 15:19, Arne Schwabe wrote:
> This patch introduces support for verify-hash inlining.
> When inlined, this options now allows to specify multiple fingerprints,
> one per line.
>
> Since this is a new syntax, there is no backwards compatibility to take
> care of, therefore we can
This option allow migration to a non compression server config while
still retraining compatibility with client that have a compression
setting in their config.
For existing setups that used to have comp-lzo no or another
compression setting in their configs it is a difficult to migrate to
a setup
This function is used by both NCP and push, so move it to a more proper
place.
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c| 1 +
src/openvpn/push.c | 18 +-
src/openvpn/push.h | 10 --
src/openvpn/ssl_util.c | 16
src/openvpn/ssl_util
Hi,
Minor change below
On 08/09/2020 17:41, Arne Schwabe wrote:
> Also remove the static key setup example as it is less secure and we
> want to avoid it for new setups as we want to slowly deprecate these.
>
> Signed-off-by: Arne Schwabe
> ---
> Changes.rst | 5
> d
Acked-by: Gert Doering
I've stared at the code changes (look fine) and sanity checked by a
compile on Ubuntu 18/MinGW. According to the IRC discussions, Arne
tested MSVC with "microsoft C" as well, so no need to have that tested
again.
Your patch has been applied to the master branch.
commit
Acked-by: Gert Doering
Thanks. Documentation is always good.
Your patch has been applied to the master branch.
commit 1480903e1c52b3064250672c5221f71f95d8b5a5
Author: Juliusz Sosinowicz
Date: Fri Mar 19 14:43:22 2021 +0100
README.wolfssl Update
Signed-off-by: Juliusz Sosinowicz
This patch introduces support for verify-hash inlining.
When inlined, this options now allows to specify multiple fingerprints,
one per line.
Since this is a new syntax, there is no backwards compatibility to take
care of, therefore we can drop support for SHA1. Inlined fingerprints
are assumed be
From: "Jason A. Donenfeld"
OpenVPN traditionally works around CAs. However many TLS-based protocols also
allow an alternative simpler mode in which rather than verify certificates
against CAs, the certificate itself is hashed and compared against a
pre-known set of acceptable hashes. This is usua
This option allows to pin one or more more peer certificates. It also
prepares for doing TLS authentication without a CA and just
self-signed certificates.
Patch V2: Allow peer-fingerprint to be specified multiple times
to allow multiple peers without needing to use inline
synt
Despite trying to figure out with multiple people what the use case for
this option is, we could not come up with a good one. Checking that only
a specific CA is used can be also done by only using that CA in the --ca
directive.
Although it feels a bit strange to deprecate the option after improvi
Acked-by: Gert Doering
Yeah, thanks for cleaning up behind us, when needed...
Your patch has been applied to the master branch.
commit 9b2e80340d247bc7c73752d542be4d15511eb04e
Author: Lev Stipakov
Date: Fri Mar 19 04:33:17 2021 +0200
Remove compat-lz4 references from VS project files
From: Lev Stipakov
Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer,
but didn't remove references from VS project files.
Signed-off-by: Lev Stipakov
---
src/compat/compat.vcxproj | 3 +--
src/compat/compat.vcxproj.filters | 2 +-
2 files changed, 2 insertions(+), 3
Updates for the wolfSSL README file:
- fix typos
- correct wolfSSL company spelling
- add a point of contact for users having problems using OpenVPN + wolfSSL
Signed-off-by: Juliusz Sosinowicz
---
README.wolfssl | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/RE
Hi,
On Fri, Mar 19, 2021 at 01:36:13PM +0100, Juliusz Sosinowicz wrote:
> Could we get something like
> "For issues with using OpenVPN with wolfSSL, please contact
> supp...@wolfssl.com."
> in the README.wolfssl? This would help streamline comms for users and
> improve user experience. I can pre
Could we get something like
"For issues with using OpenVPN with wolfSSL, please contact
supp...@wolfssl.com."
in the README.wolfssl? This would help streamline comms for users and
improve user experience. I can prepare a patch with this change. Thanks.
Sincerely
Juliusz
On 18/03/2021 14:22, G
When using the LLVM clang compiler instead the MSVC cl.exe but with
the same build environment as MSVC, clang encounters a few errors:
src\openvpn\socket.c(3550,23): warning: assigning to 'CHAR *' (aka 'char *')
from 'uint8_t *' (aka 'unsigned char *') converts between pointers to integer
types
Hi,
This patch currently only applies with "git am -3"
We currently have "verify-hash" that accepts fingerprints as argument.
For consistency I would suggest to either:
1) rename this option to peer-hash; or
2) add an alias for "verify-hash" named "verify-fingerprint", so that we
can then get rid
Hi,
This patch conflicts a bit with current master, but can be applied using
"git am -3".
Intro: it's not easy to understand what "verify-hash" was really meant
for, but I am happy to see it being restructured to actually become
useful :-)
On 08/09/2020 17:41, Arne Schwabe wrote:
> For a new sy
Your patch has been applied to the master branch.
I have amended the commit message to point out what David found out, that
this is related to pkg-config version and not autoconf itself. The patch
itself is unchanged.
I have thrown this branch towards all our buildbots first, and everything
bui
23 matches
Mail list logo
