Hi,
On Mon, Aug 02, 2021 at 01:55:21PM +0200, Arne Schwabe wrote:
> +static void
> +options_set_backwards_compatible_options(struct options *o)
> +{
> +/* TLS min version is not set */
> +if ((o->ssl_flags & SSLF_TLS_VERSION_MIN_MASK) == 0)
> +{
> +if (!need_compatibility(o, 20
This gets rid of a few #ifdef and also removes the need for
commit a11bea18b1c93 (argv is only initialized after the
early exit check on RT_DEFINED).
v2:
use gc_new(), group gc and argv init in both add_route*() functions
Signed-off-by: Gert Doering
---
src/openvpn/route.c | 40 +++---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
V2 - 13 minor correction ;-)
‐‐‐ Original Message ‐‐‐
On Monday, August 2nd, 2021 at 12:55, Arne Schwabe wrote:
> TLS 1.0 should be allowed anymore in a sensible default configuration. Bump
TLS 1.0 should *not* be allowed
> the d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
12 minor corrections
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday, August 2nd, 2021 at 12:46, Arne Schwabe wrote:
> TLS 1.0 should be allowed anymore in a sensible default configuration. Bump
> the default t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Monday, August 2nd, 2021 at 10:52, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe a...@rfc2549.org
>
> Patch v3: Some minor cleanups in the script (rename CNs, add mor
Mixed udp+tcp configs can not have --explicit-exit-notify in them
today because this option is refused in TCP mode. At the same time,
it was always possible to push the option both in UDP and TCP mode
(with a warning logged in TCP mode, and the option reset to 0).
Do the same thing for local conf
TLS 1.0 should be allowed anymore in a sensible default configuration. Bump
the default to TLS 1.2
Also modify --cipher not to be automatically appended and default
allow-compression to no. This also allows a default configuration to be
compatible with DCO.
Also introduce --compat-mode version to
TLS 1.0 should be allowed anymore in a sensible default configuration. Bump
the default to TLS 1.2
Also modify --cipher not to be automatically appended and default
allow-compression to no. This also allows a default configuration to be
compatible with DCO.
Also introduce --compat-mode version to
Acked-by: Gert Doering
That was an easy one for a change :-)
We should make our mind on all the other includes, though - like
, , - they come via "syshead.h" as
well today, and are included another time in all the test_*.c files.
Did not do windows compilation, but tested Linux and FreeBSD, an
I have stared at the code a bit, and it generally looks good (indent
fixed as instructed).
One observation:
- in options_postprocess_cipher(), we now set "o->enable_ncp_fallback
= true", but *only* if a "cipher foo" is set in the config. If not, we
set the cipher to o->ciphername = "BF-
the unit tests do not compile under Windows since Windows does not
provide a unistd.h header. The header is still included on Unix
platforms via syshead.h
Signed-off-by: Arne Schwabe
---
tests/unit_tests/openvpn/test_argv.c | 1 -
tests/unit_tests/openvpn/test_auth_token.c | 1 -
tests/uni
Signed-off-by: Arne Schwabe
Patch v3: Some minor cleanups in the script (rename CNs, add more comments)
Signed-off-by: Arne Schwabe
---
doc/man-sections/script-options.rst | 3 +
sample/sample-scripts/totpauth.py | 111
2 files changed, 114 insertions(+)
creat
12 matches
Mail list logo
