-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
hi,
I am requesting that $daemon_pid be added to the --tls-crypt-v2-verify
environment.
FTR: $daemon_pid is currently undocumented in all three manuals.
Thanks.
R
-BEGIN PGP SIGNATURE-
Version: ProtonMail
wsBzBAEBCAAGBQJggeRlACEJEE+XnPZr
Hi,
On 21/04/2021 14:34, Arne Schwabe wrote:
> OpenSSL also allows ARIA-GCM and that works well with our implementation
> While the handpicked list was needed for earlier OpenSSL versions (and
> is still needed for Chacha20-Poly1305), the API nowadays with OpenSSL
> 1.0.2 and 1.1.x works as expect
It is hard to imagine that we still have any supported OS that does
not support non-blocking connect while still supporting non-blocking
sockets in general.
Patch V2: remove epoll.h removal that should have been in other patch.
Signed-off-by: Arne Schwabe
---
src/openvpn/socket.c | 8
This warnings makes make check fail if Werror is exmaple on
LLVM/Clang on macOS for me.
Signed-off-by: Arne Schwabe
---
tests/unit_tests/example_test/test.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/tests/unit_tests/example_test/test.c
b/tests/unit_tests/example_test/test.c
index bc3f
With this change we always build multihome support if the operating
system supports it.
Patch v2: Remove also from config-msvc.h
Signed-off-by: Arne Schwabe
---
config-msvc.h | 1 -
configure.ac | 7 ---
src/openvpn/syshead.h | 2 +-
3 files changed, 1 insertion(+), 9 delet
The direct.h header provides only a handful of functions [1] of which
we only use _wchdir. Directly included the direct.h file where it is
used and remove autoconf magic around it.
[1]
https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2012/as5kw0ze(v=vs.110)?redirected
We have two define that do exactly the same. Also move the check
from configure.ac to syshead.h since it is really only checking
for Windows.
Patch V2: Also remove from config-msvc.h
Signed-off-by: Arne Schwabe
---
config-msvc.h| 3 ---
configure.ac | 8
src/ope
- Remove windows XP/old mingw compat code in socket.c
- Use _WIN32 instead checking for existence of windows.h, winsock2.h
and ws2tcpip.h in autconf
- Remove check for unlink. The last remaining use is a check inside
a Unix socket.
- Even Windows has umask, so remove the check for it
- Move epo
This uses get_key_scan and get_primary key instead the directly
accessing the members of the struct to improve readiability of
the code.
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 3 +--
src/openvpn/push.c | 9 -
src/openvpn/ssl.c| 11 +++
src/open
Since generating data channel does not happen when we have reach the
S_ACTIVE/S_GOT_KEY state anymore like it used to be before NCP, the
state that data channel keys deserves its own state in the state machine.
The changes done by this commit are rather intrusive since they
move the key generation
tls_pre_encrypt mainly performs the task of selecting the primary
encryption key but also performs other minor tasks. To allow only
querying for the key that should be used for encryption extract this
part of the function into its own function.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c |
tls_authentication_status does caching to avoid file I/O more than
every TLS_MULTI_AUTH_STATUS_INTERVAL (10s) per connection. But
counter-intuitively it does not return the cached result but rather
TLS_AUTHENTICATION_UNDEFINED if the cache is not refreshed by the call.
This is workarounded by forc
The usage of the auth_token_state_flags is tied to the authentication.
The other authentication related flags and status are in the
tls_session struct instead of the tls_multi struct. Move
auth_token_state_flags to the right place.
This also changes that auth_token_initial is set when the token is
Previously we relied on checking tls_authentication_status to check
wether to determine if the context auth state is actually valid or not.
This patch eliminates that check by introducing waiting on the
authentication as extra state in the context auth, state machine.
Signed-off-by: Arne Schwabe
This extract the update of a deferred key status into into own
function.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_verify.c | 90 ++--
1 file changed, 58 insertions(+), 32 deletions(-)
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
ind
Your patch has been applied to the master branch.
commit 7890e51aab91b304045a0163462f334b8e5ae8e8
Author: Arne Schwabe
Date: Wed Apr 21 15:43:45 2021 +0200
Fix a number of mingw warnings
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
Message-Id: <20210421134348.1
Hi,
On 22/04/2021 14:39, Arne Schwabe wrote:
>
>>> #ifndef _WIN32
>>> +const char *device = tt->actual_name;
>>
>> This variable is not used in all cases embraced by "ifndef _WIN32".
>> I.e. I think it is not used when any of the following is defined:
>> TARGET_OPENBSD
>> TARGET_NETBSD
>> TA
>> #ifndef _WIN32
>> +const char *device = tt->actual_name;
>
> This variable is not used in all cases embraced by "ifndef _WIN32".
> I.e. I think it is not used when any of the following is defined:
> TARGET_OPENBSD
> TARGET_NETBSD
> TARGET_AIX
>
> Therefore this change would fix *only* t
Hi,
On Thu, Apr 22, 2021 at 10:27:29AM +0200, Gert Doering wrote:
> I have force-pushed 2.4 without that commit (no tags set, so no harm done)
> and applied it to master, where it was intended to go
Well. I tried that (though I should have known better) and neither sf
nor gitlab actually let me,
Hi,
On Thu, Apr 22, 2021 at 08:35:46AM +0200, Gert Doering wrote:
> Your patch has been applied to the release/2.4 branch.
Uh, that was not what I intended to do. But that's what you get for
"try to get things done early in the morning" before coffee works. *sigh*
I have force-pushed 2.4 witho
20 matches
Mail list logo
