Acked-by: Gert Doering
Thanks. The old one "looked good", but the MIN_MASK would have needed
a shift (indeed) and this way it's more readable anyway.
I have not tested this beyond "it compiles and passes make check".
Your patch has been applied to the master branch.
commit 3037d2bd348eb184ed9
Hi,
On Tue, Nov 02, 2021 at 12:40:50AM -0400, Selva Nair wrote:
> OpenSSL folks have merged their "fix" in the provider interface that I was
> waiting for. It will be in the 3.0.1 patch release. In the meantime, I have
> opened a matching version of this patch set as a PR for OpenVPN for
> comment
Hi
On Fri, Nov 5, 2021 at 12:14 PM Arne Schwabe wrote:
> This put the early initialisation and uninitialisation that needs to
> happen between option parsing and post processing into small methods.
>
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/openvpn.c | 23 ++-
> 1
Hi,
On 05/11/2021 17:20, Gert Doering wrote:
Hi,
On Fri, Nov 05, 2021 at 05:13:02PM +0100, Arne Schwabe wrote:
+static void uninit_early(struct context *c)
+{
+net_ctx_free(&c->net_ctx);
+}
The extra "&" here does not look right. Shouldn't this be
"c->net_ctx" as in "init_early()"?
it
Hi,
On Fri, Nov 05, 2021 at 05:13:02PM +0100, Arne Schwabe wrote:
> +static void uninit_early(struct context *c)
> +{
> +net_ctx_free(&c->net_ctx);
> +}
The extra "&" here does not look right. Shouldn't this be
"c->net_ctx" as in "init_early()"?
gert
--
"If was one thing all people took fo
This put the early initialisation and uninitialisation that needs to
happen between option parsing and post processing into small methods.
Signed-off-by: Arne Schwabe
---
src/openvpn/openvpn.c | 23 ++-
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/src/openvp
(Client-side) tested with 1.1.1 and 3.0.0.
Without options, my sha1 certificates still fail for the 3.0.0 build,
and *with* "tls-cert-profile insecure" it works.
Your patch has been applied to the master branch.
commit 23efeb7a0bd9e0a6d997ae6e77e0e04170da3e67
Author: Arne Schwabe
Date: Fri Oct
I have not done "real" testing, just "compile and make check" on
ossl 3.0.0 - but if you and Arne agree, this is definitely good enough
for me :-)
Your patch has been applied to the master branch.
commit 31e200f807033ac27566bf37a8d9d32820600a83
Author: Selva Nair
Date: Sat Oct 30 14:57:56 202
Acked-by: Gert Doering
"Obviously correct" :-)
Your patch has been applied to the master branch.
commit f1dd638ca6acf35f0913f4e3d66451a70891c3de
Author: Arne Schwabe
Date: Fri Nov 5 15:50:56 2021 +0100
Fix function name in DH error message
Signed-off-by: Arne Schwabe
Acked-b
When we try to make a configuration compatible to a version earlier
than 2.4.0 we probably need to have a --cipher configured since NCP
is not available. In configuration where --cipher is not specified
we default to BF-CBC to support these old clients.
Note that with OpenSSL 3.0 you will also nee
As discussed online, this is really just about OCC initialization,
and that really shouldn't pull in BF-CBC if not requested :-)
I have rewrapped the comment - one overlong line + one short line looked
avoidably silly :-)
Your patch has been applied to the master branch.
commit 056991925633ea27a
Cliend side tested on OpenSSL 1.1.1 and 3.0.0 - thanks for the in-person
explanation about DES and 3DES-with-same-key :-) and for adding a unit
test.
[ RUN ] test_des_encrypt
[ OK ] test_des_encrypt
Your patch has been applied to the master branch.
commit c426a3e77ee5377ca1c6254feabb0
This was noticed by Steffan.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 61cfd7ccf..ab9a8f347 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl
13 matches
Mail list logo
