[Openvpn-devel] [PATCH v2] Allow inlining of --auth-user-pass

username and password on two lines. Signed-off-by: Davide Brini Updated patch to current master, removed printing of the username/password. Signed-off-by: Adriaan de Jong --- doc/openvpn.8| 3 +-- src/openvpn/init.c | 5 ++-- src/openvpn/misc.c | 2 +- src/openvpn

[Openvpn-devel] [PATCH] Allow inlining of --auth-user-pass

username and password on two lines. Signed-off-by: Davide Brini Updated patch to current master, removed printing of the username/password. Signed-off-by: Adriaan de Jong --- doc/openvpn.8| 3 +-- src/openvpn/init.c | 5 ++-- src/openvpn/misc.c | 2 +- src/openvpn

[Openvpn-devel] [PATCH] Support for username-only auth file.

words usernames usually don't change and can therefore be "hardcoded" in the config. Signed-off-by: Michal Ludvig Reviewed and updated to current master. Signed-off-by: Adriaan de Jong --- doc/openvpn.8 | 3 +- src/openvpn/misc.c| 110 ++-

Re: [Openvpn-devel] Heartbleed

On 9-4-2014 10:49, Илья Шипицин wrote: > I did not say "nobind protects from everything", but I did mean that > clients with "nobind" are more protected in case of non patched > openssl library shipped with (old) openvpn windows installer. > > > if server is patched (what is rather easy thing compa

Re: [Openvpn-devel] Heartbleed

-Original Message- From: Davide Brini [mailto:dave...@gmx.com] Sent: dinsdag 8 april 2014 13:26 To: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] Heartbleed > On Tue, 08 Apr 2014 11:08:59 +0200, Tore Anderson wrote: > > I'm guessing that everyone has seen http://heart

Re: [Openvpn-devel] [PATCH] Always load intermediate certificates from a PKCS#12 file

Hi Heikki, I haven't run the patch, or tried to compile it as I haven't got my dev-setup handy. It looks good though. Featurewise it gets an ack from me, as sending intermediate certs is encouraged in the TLS standard. One minor nit-picky point: there's a bit of whitespace fixing in there with

Re: [Openvpn-devel] Support for libsodium?

> -Original Message- > From: Ed W [mailto:li...@wildgooses.com] > Sent: vrijdag 19 april 2013 12:35 > To: Adriaan de Jong > Cc: Gert Doering; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Support for libsodium? > > On 19/04/2013 11:1

Re: [Openvpn-devel] Support for libsodium?

> -Original Message- > From: Ed W [mailto:li...@wildgooses.com] > Sent: vrijdag 19 april 2013 11:50 > To: Adriaan de Jong > Cc: Gert Doering; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Support for libsodium? > > Hi > > I think I&#x

Re: [Openvpn-devel] Support for libsodium?

Hi, > From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: donderdag 18 april 2013 22:45 > > Hi, > > On Thu, Apr 18, 2013 at 08:28:42PM +0100, Ed W wrote: > > Hi, given the new abstractions to support PolarSSL, what > > interest/resistance would there be to supporting libsodium? > > http

Re: [Openvpn-devel] Updated PolarSSL 1.2 support patch set

Ack from my side on the patch set. I've looked at them and haven't found any issues. > -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: vrijdag 22 maart 2013 9:54 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] Updated Po

Re: [Openvpn-devel] [PATCH 1/5] PolarSSL-1.2 support

Ack, I think this solves the PolarSSL with/without PKCS11-helper problem. > -Original Message- > From: Steffan Karger [mailto:steffan.kar...@fox-it.com] > Sent: woensdag 20 maart 2013 19:53 > To: Gert Doering > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 1

Re: [Openvpn-devel] PolarSSL 1.2 support, while keeping config file compatibility

Ack on patches 1-5! > -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: maandag 18 maart 2013 17:37 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] PolarSSL 1.2 support, while keeping config > file compatibility > > Hi Eve

Re: [Openvpn-devel] option --crl-verify PATH dir

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: dinsdag 5 februari 2013 16:00 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net; Jan Just Keijser; James Yonan > Subject: Re: [Openvpn-devel] option --crl-verify P

Re: [Openvpn-devel] option --crl-verify PATH dir

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: zondag 3 februari 2013 15:52 > To: Jan Just Keijser > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] option --crl-verify PATH dir > > On 03/02/13 12:02, Jan Just Keijser wro

Re: [Openvpn-devel] [PATCH 1/3] Improve PolarSSL key_state_read_{cipher, plain}text messages

> -Original Message- > From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: maandag 21 januari 2013 21:23 > To: Steffan Karger > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 1/3] Improve PolarSSL > key_state_read_{cipher, plain}text messages > > Hi, > >

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

> -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: donderdag 17 januari 2013 9:23 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > From: Steffan Karger > > Add support for PolarSSL-1.2

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

> -Original Message- > From: Matthias Andree [mailto:matthias.and...@gmx.de] > Sent: zondag 20 januari 2013 14:09 > To: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > Is there any important system where requiring PolarSSL >= 1.2.3

[Openvpn-devel] [PATCH] Fix --show-pkcs11-ids

[PATCH] Fix --show-pkcs11-ids (Bug #239) Broken by 75b49e406430299b187964744f82e50a9035a0d3. Signed-off-by: Joachim Schipper --- src/openvpn/pkcs11.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c index 645f1f4..3a15ef6 100644

[Openvpn-devel] [PATCH] Fixed a bug where PolarSSL gave an error when using an inline file tag.

Signed-off-by: Adriaan de Jong --- src/openvpn/ssl_polarssl.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 6995958..12318b3 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c @@ -338,7

Re: [Openvpn-devel] [PATCH] build: support =polarssl-1.1.0

Ah, it was an off-by-one, that's why I missed it. Ack! Adriaan > -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: donderdag 7 juni 2012 11:54 > To: Alon Bar-Lev > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] build: support

Re: [Openvpn-devel] PolarSSL 1.1.0 support?

> -Original Message- > From: Frank de Brabander [mailto:braban...@fox-it.com] > Sent: donderdag 7 juni 2012 11:36 > To: Samuli Seppänen; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support? > > Maybe this should actually be changed to >= 1.1.2, since t

Re: [Openvpn-devel] PolarSSL 1.1.0 support?

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 7 juni 2012 11:33 > To: Samuli Seppänen > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support? > > On Thu, Jun 7, 2012 at 12:24 PM, Samuli Seppänen > wrote:

Re: [Openvpn-devel] [PATCH] build: check minimum polarssl version

Looks good! I'll give it a feature ack. I don't see any problems in the autoconf code, but I'm not an expert in that area. So a tentative ack there too. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 21 mei 2012 13:04 > To: openvpn-devel@

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 16:33 > To: Mendelt Siebenga > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset > > Hello Mendelt, > > Thank you for takin

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: donderdag 10 mei 2012 11:49 > To: Alon Bar-Lev > Cc: Adriaan de Jong; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changes

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

x27;s the simplest solution. > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 9:17 > To: Adriaan de Jong > Cc: Arne Schwabe; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

here. The management interface is a great tool, completely separating OpenVPN from its management interface. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 8:49 > To: Adriaan de Jong > Cc: Arne Sc

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 2:10 > To: Arne Schwabe > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset > > On Thu, May 10, 2012 at 3:01 AM, Arne Schwab

Re: [Openvpn-devel] [RFC] Split plugins into their own repositories

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: zondag 6 mei 2012 18:55 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [RFC] Split plugins into their own > repositories > > Hello, > > Now, I also have the courage to ask one more quest

Re: [Openvpn-devel] [PATCH] Signed-off-by: Jan Just Keijser

Hi Jan-Just, > -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Adriaan de Jong wrote: > > > > On 02/07/2012 04:13 PM, Jan Just Keijser wrote: > >> > >> +void > >> +tls_ctx_load_ecdh_params (st

Re: [Openvpn-devel] [PATCH] Signed-off-by: Jan Just Keijser

Hi Janjust, I've finally had the time to take a look at this patch with a colleague who is more familiar with the subject at hand :). Hope this helps. Please see my comments inline. Adriaan On 02/07/2012 04:13 PM, Jan Just Keijser wrote: > Added support for Elliptic curves (ECDSA) + SHA2 family

[Openvpn-devel] [OpenVPN/openvpn] 6efeaa: Added support for new PolarSSL 1.1 RNG

Branch: refs/heads/master Home: https://github.com/OpenVPN/openvpn Commit: 6efeaa2e4462bc10f395d8aceed363c3e77b35a3 https://github.com/OpenVPN/openvpn/commit/6efeaa2e4462bc10f395d8aceed363c3e77b35a3 Author: Adriaan de Jong Date: 2012-04-27 (Fri, 27 Apr 2012) Changed paths

Re: [Openvpn-devel] openssl ouch

> -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Sent: donderdag 19 april 2012 15:56 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] openssl ouch > > ouch: > http://www.openssl.org/news/secadv_20120419.txt > > we need to investigate whether

Re: [Openvpn-devel] Build failure on "master" when using PolarSSL

The function changed to allow more than 4 bytes of random to be retrieved. The new patches shouldn't have that problem anyway, they use the new PolarSSL 1.1 DRBG instead of a direct call to Havege. Adriaan -Original Message- From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] Sent: zater

Re: [Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h

Bar-Lev [mailto:alon.bar...@gmail.com] Sent: zaterdag 14 april 2012 18:58 To: Adriaan de Jong Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h This is strange! As there is nothing in this file that needs

[Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h

This is required to build an Android binary. Signed-off-by: Adriaan de Jong --- configure.ac |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 70c51e7..dc5bb43 100644 --- a/configure.ac +++ b/configure.ac @@ -363,7 +363,7

Re: [Openvpn-devel] ACK system review finished

as the mission of all developers is improving the project, > changes to the patchset is for the good of the community, improving the > quality of the work to be committed. Usually the changes during/after > review are minor, and will be reviewed anyway, as author will state > what chang

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > On 02/04/12 20:50, Alon Bar-Lev wrote: > > On Mon, Apr 2, 2012 at 8:31 PM, Adriaan de Jong > > wrote: > >>> -Original Message- From: Alon Bar-Lev > >

Re: [Openvpn-devel] [PATCH 2/6] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

-Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 2 april 2012 11:19 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 2/6] Added a configuration option > to enable prediction resistanc

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 2 april 2012 12:42 > To: David Sommerseth > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL > 1.1 RNG > > On Mon, Apr 2, 2012 at 1:39 P

[Openvpn-devel] [PATCH 6/6] Updated README.polarssl with build system changes.

Signed-off-by: Adriaan de Jong --- README.polarssl |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.polarssl b/README.polarssl index 77a9575..ab7c2d7 100644 --- a/README.polarssl +++ b/README.polarssl @@ -3,11 +3,11 @@ instructions: To Build and Install

[Openvpn-devel] [PATCH 3/6] Use POLARSSL_CFLAGS instead of POLARSSL_CRYPTO_CFLAGS in configure.ac

Ensured that the used variable name actually matches the one advertised by configure. Signed-off-by: Adriaan de Jong --- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index ef34697..70c51e7 100644 --- a/configure.ac +++ b

[Openvpn-devel] [PATCH 4/6] Removed support for PolarSSL < 1.1

. PolarSSL fixes this potential issue by also using platform entropy. To ensure that OpenVPN is always built against a decent RNG, PolarSSL <1.1 is therefore no longer supported. Signed-off-by: Adriaan de Jong --- src/openvpn/crypto_polarssl.c | 34 --

[Openvpn-devel] [PATCH 5/6] Removed stray "Fox-IT hardening" string.

Signed-off-by: Adriaan de Jong --- src/openvpn/ssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 767bc8e..19512c0 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -392,7 +392,7 @@ init_ssl (const struct options

[Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

ally RDTSC) Finally, this patch moves to only one instance of the RNG per OpenVPN instance, instead of one per keystate Signed-off-by: Adriaan de Jong Signed-off-by: Eelse-jan Stutvoet --- src/openvpn/crypto_polarssl.c | 84 - src/openvpn/crypto_

[Openvpn-devel] [PATCH 2/6] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

Signed-off-by: Eelse-jan Stutvoet Signed-off-by: Adriaan de Jong --- doc/openvpn.8 | 14 ++ src/openvpn/crypto_polarssl.c |9 + src/openvpn/crypto_polarssl.h |7 +++ src/openvpn/init.c|6 ++ src/openvpn/options.c

Re: [Openvpn-devel] [PATCH] cleanup: gc usage

On 04/01/2012 03:46 PM, Alon Bar-Lev wrote: > Cleanup of "Use the garbage collector when retrieving x509 fields" > patch series. > > Discussed at [1]. > > There should be an effort to produce common function prologue > and epilogue, so that cleanups will be done at single point. > > [1] http://comm

[Openvpn-devel] [PATCH 1/2] Added support for new PolarSSL 1.1 RNG

ally RDTSC) Finally, this patch moves to only one instance of the RNG per OpenVPN instance, instead of one per keystate Signed-off-by: Adriaan de Jong Signed-off-by: Eelse-jan Stutvoet --- crypto_polarssl.c | 84 ++-- crypto_polarss

[Openvpn-devel] [PATCH 2/2] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

Signed-off-by: Eelse-jan Stutvoet Signed-off-by: Adriaan de Jong --- crypto_polarssl.c |9 + crypto_polarssl.h |7 +++ init.c|6 ++ openvpn.8 | 14 ++ options.c | 22 ++ options.h |3

[Openvpn-devel] [PATCH] Fixed off-by-one in serial length calculation

The serial length was one digit too short, resulting in missing digits at the end of the certificate's stringified serial number. Signed-off-by: Adriaan de Jong --- ssl_verify_polarssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ssl_verify_polarss

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

On 02/28/2012 12:48 PM, David Sommerseth wrote: > On 28/02/12 12:40, Igor Novgorodov wrote: >> On 28.02.2012 15:34, David Sommerseth wrote: >> And when building with SSL support, it won't be called here, but >> in ssl_openssl.c in tls_init_lib() instead. > > Indeed. This looks good. So unless

Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

...@lettink.de [mailto:fab...@lettink.de] On Behalf Of Fabian > Knittel > Sent: dinsdag 28 februari 2012 8:40 > To: Igor Novgorodov > Cc: Adriaan de Jong; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL > 1.1.x branch > >

Re: [Openvpn-devel] [PATCH 00/35] build revolution

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 23 februari 2012 21:20 > > Hello Again, > > Now the openvpn-build supports creating nsis installation package, > including singing. Output package is at[1]. > > Notice that all process is done on L

Re: [Openvpn-devel] [PATCH 00/35] build revolution

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: dinsdag 21 februari 2012 11:53 > > Well, most cases a package management system builds the package. > It explicitly enables/disable features, so we are fine with package > management systems. > Now for manual

Re: [Openvpn-devel] [PATCH 00/35] build revolution

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: dinsdag 21 februari 2012 10:02 > > Oh, and I forgot. > Most optional dependencies are now disabled by default. > You should explicitly enable lzo with --enable-lzo > Hi Alon, It's great to see a lot of work

Re: [Openvpn-devel] [PATCH 33/35] build: proper crypto detection and usage

I need to delve into this one a little further once I have time. At first glance, a minor nack: OpenSSL 0.9.6 isn't supported anymore, so the autoconf statement and any >= 0.9.7 statements can go. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: d

Re: [Openvpn-devel] [PATCH 02/35] cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6

Ack, I'll be glad to be rid of some of this cruft. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: dinsdag 21 februari 2012 2:22 > To: openvpn-devel@lists.sourceforge.net > Cc: Alon Bar-Lev > Subject: [Openvpn-devel] [PATCH 02/35] cleanup: crypto_o

Re: [Openvpn-devel] Cipher problem on Mac OS X

> -Original Message- > From: Frank de Brabander [mailto:braban...@fox-it.com] > > Hello, > > I have looked into the problem, it seems to be caused by the return > type of cipher_kt_mode() in crypto_backend.h being declared as a bool. > This function is called from init_key_type() of crypt

Re: [Openvpn-devel] Cipher problem on Mac OS X

u\n", EVP_CIPHER_mode (ciph)); return 0; } --- SNIP --- The commands would be: $ gcc -lssl $ ./a.out Thanks, Adriaan de Jong

[Openvpn-devel] [PATCH 3/3] Migrated x509_get_sha1_hash to use the garbage collector

Signed-off-by: Adriaan de Jong --- ssl_verify.c |7 ++- ssl_verify_backend.h | 11 ++- ssl_verify_openssl.c | 17 - ssl_verify_polarssl.c | 17 +++-- 4 files changed, 11 insertions(+), 41 deletions(-) diff --git a/ssl_verify.c b

[Openvpn-devel] [PATCH 2/3] Migrated x509_get_serial to use the garbage collector

Signed-off-by: Adriaan de Jong --- ssl_verify.c | 28 ++-- ssl_verify_backend.h | 11 ++- ssl_verify_openssl.c | 17 +++-- ssl_verify_polarssl.c | 17 +++-- 4 files changed, 26 insertions(+), 47 deletions(-) diff --git a

[Openvpn-devel] [PATCH 1/3] Migrated x509_get_subject to use of the garbage collector

This also cleans up a messy call in pkcs11.c to _openssl_get_subject, as discussed at FOSDEM. Signed-off-by: Adriaan de Jong --- pkcs11.c | 10 ++ pkcs11_backend.h |8 +++- pkcs11_openssl.c | 16 +++- pkcs11_polarssl.c | 12

[Openvpn-devel] [PATCH 0/3] Use the garbage collector when retrieving x509 fields

A number of the x509 functions allocated memory directly, instead of using the default OpenVPN convention: the garbage collector. This is fixed in this series of patches. Adriaan

Re: [Openvpn-devel] OpenVPN and Android 4.0 VPN API

> -Original Message- > From: James Ring [mailto:s...@jdns.org] > Sent: dinsdag 7 februari 2012 23:33 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] OpenVPN and Android 4.0 VPN API > > Hi there, > > I was just wondering if anybody has seen the new Android 4.0 VPN API.

Re: [Openvpn-devel] Assertion failed at buffer.c:313

at buffer.c:313 > > Hi guys > > I experience "Assertion failed at buffer.c:313" on my RHEL5/x64 caused > by: > > commit bee92b479414d12035b0422f81ac5fcfe14fa645 > Author: Adriaan de Jong > Date: Sun Feb 5 12:51:25 2012 +0100 > > Removed support for

Re: [Openvpn-devel] [PATCH 2/2] Removed support for calling gc_malloc with a NULL gc_arena struct

> -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > > I agree with Gert: > I spent most of my train journey yesterday figuring out what the next > assert failure/segfault was , caused by this buffer.c change; > env_set_create is one, log_history_add was also giving m

[Openvpn-devel] [PATCH 2/2] Removed support for calling gc_malloc with a NULL gc_arena struct

Signed-off-by: Adriaan de Jong --- buffer.c | 29 ++--- 1 files changed, 10 insertions(+), 19 deletions(-) diff --git a/buffer.c b/buffer.c index 2f8e4b8..c39bbcb 100644 --- a/buffer.c +++ b/buffer.c @@ -310,28 +310,19 @@ gc_malloc (size_t size, bool clear, struct

[Openvpn-devel] [PATCH 1/2] Moved out of memory prototype to error.h, as the definition is in error.c

Signed-off-by: Adriaan de Jong --- buffer.h |4 +--- error.h |3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/buffer.h b/buffer.h index e6113f9..6c79007 100644 --- a/buffer.h +++ b/buffer.h @@ -26,6 +26,7 @@ #define BUFFER_H #include "basic.h" +#includ

[Openvpn-devel] [PATCH] Minor code cleanup: cleaned up error handling in verify_cert.

Removed done label and cleaned up return values. Signed-off-by: Adriaan de Jong --- ssl_verify.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl_verify.c b/ssl_verify.c index 326b005..feee124 100644 --- a/ssl_verify.c +++ b/ssl_verify.c @@ -684,14 +684,14

Re: [Openvpn-devel] Summary of the IRC meeting (19th Jan 2012)

> > PS I'm intending to go to FOSDEM on sunday; which room will you guys > meet in? > Good question... I'm heading to Brussels on Friday evening, and will head over to the beer event in Delerium Tremens as soon as I've settled in to my hotel room. Anyone else heading there? Adriaan

Re: [Openvpn-devel] Problem with alloc_buf_gc function

I think Polar even supports 8-bit architectures, but don't quote me on that :). Adriaan > -Original Message- > From: Tiran Kaskas [mailto:tiran.kas...@telit.com] > Sent: woensdag 14 december 2011 9:54 > To: David Sommerseth > Cc: Adriaan de Jong; Gert Do

Re: [Openvpn-devel] Problem with alloc_buf_gc function

> -Original Message- > From: Gert Doering [mailto:g...@greenie.muc.de] > > On Mon, Dec 12, 2011 at 09:32:51AM +, Tiran Kaskas wrote: > > Is there a problem connecting a client running 2.1.4 (the one with > polarssl) to a server running 2.0.9? > > Well, the default crypto algorithms ar

Re: [Openvpn-devel] Suggesting a new patch review approach

> -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: maandag 5 december 2011 11:47 > To: David Sommerseth > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Suggesting a new patch review approach > > > > > > Hi, > > > > We've had a very st

Re: [Openvpn-devel] Topics for today's meeting

Just to put in my 2cents on the build options: there is a tool that supports all of those environments (gmake, cygwin, mingw, nmake, visual studio, eclipse, ), and that's CMake. It's widely used, and has a pretty good track record. It can also support automated test environments and packagin

[Openvpn-devel] OpenVPN approved for government use in the Netherlands

s was the creation of a secure distribution channel for the hardened OpenVPN version (OpenVPN-NL), which has now been launched at https://openvpn.fox-it.com/ . I'd like to thank everyone in the OpenVPN community for helping throughout the process! Kind Regards, Adriaan de Jong PS. The press

Re: [Openvpn-devel] [PATCH] Fixed a regression causing VS2008/Python build failure

ACK, my LZO library ends up in a different place for some reason... Adriaan > -Original Message- > From: sam...@openvpn.net [mailto:sam...@openvpn.net] > Sent: woensdag 9 november 2011 10:50 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH] Fixed a regression c

[Openvpn-devel] [PATCH 8/8] Fixed a typo when initialising cryptoapi certs

Signed-off-by: Adriaan de Jong --- ssl_openssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ssl_openssl.c b/ssl_openssl.c index 391968a..b95944c 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -339,7 +339,7 @@ tls_ctx_load_cryptoapi(struct tls_root_ctx *ctx

[Openvpn-devel] [PATCH 7/8] Minor cleanup to enable warning-free Windows build:

- Changed int32_t to size_t - Removed some unused variables - Added missing include files - changed ordering to ensure variable declarations are before asserts Signed-off-by: Adriaan de Jong --- crypto.c |3 +-- pkcs11_polarssl.c |1 - ssl_openssl.c |6

[Openvpn-devel] [PATCH 6/8] Moved from strsep to strtok, for Windows compatibility

Signed-off-by: Adriaan de Jong --- ssl_polarssl.c | 14 +- 1 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ssl_polarssl.c b/ssl_polarssl.c index 9a8c49c..60d99a8 100644 --- a/ssl_polarssl.c +++ b/ssl_polarssl.c @@ -164,7 +164,7 @@ tls_ctx_set_options (struct

[Openvpn-devel] [PATCH 5/8] Added options to switch between OpenSSL and PolarSSL and PKCS11...

at compile time. Also included the option to enable/disable PKCS11. Signed-off-by: Adriaan de Jong --- win/config.h.in | 18 +++--- win/msvc.mak.in | 18 +++--- win/settings.in | 13 + 3 files changed, 43 insertions(+), 6 deletions(-) diff --git a/win

[Openvpn-devel] [PATCH 4/8] Reordered functions to ensure warning-free Windows build

Signed-off-by: Adriaan de Jong --- plugin.h | 21 ++--- 1 files changed, 10 insertions(+), 11 deletions(-) diff --git a/plugin.h b/plugin.h index 7aacb47..948ab88 100644 --- a/plugin.h +++ b/plugin.h @@ -122,6 +122,16 @@ void plugin_list_open (struct plugin_list *pl, struct

[Openvpn-devel] [PATCH 1/8] Moved prng_uninit out of crypto_uninit_lib

Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't, the function was moved up a level. Signed-off-by: Adriaan de Jong --- crypto.c |1 + crypto_openssl.c |2 -- crypto_polarssl.c |1 - ssl.c |4 ++-- 4 files changed, 3 insertions(

[Openvpn-devel] [PATCH 3/8] Fixed missing comma in plugin.h

Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma. Signed-off-by: Adriaan de Jong --- plugin.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/plugin.h b/plugin.h index 8782751..7aacb47 100644 --- a/plugin.h +++ b/plugin.h

[Openvpn-devel] [PATCH 2/8] Moved CryptoAPI header include to the ssl_openssl.c

Signed-off-by: Adriaan de Jong --- ssl.c |4 ssl_openssl.c |4 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl.c b/ssl.c index 955a0d1..c26756e 100644 --- a/ssl.c +++ b/ssl.c @@ -62,10 +62,6 @@ #include "ssl_verify.h" #include &quo

[Openvpn-devel] Series of patches to fix Windows builds and other errors

Hi, The following series of patches enables Windows builds and fixes a few bugs to boot. Most of it I'm quite comfortable with. The only unfortunate thing in these patches is switching between OpenSSL and PolarSSL. This currently requires changing two flags instead of one, due to the build system

[Openvpn-devel] [PATCH] Further removal of des_old.h based calls

Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb Signed-off-by: Adriaan de Jong --- crypto_openssl.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index fdea326..9906479 100644 --- a

[Openvpn-devel] [PATCH] Removed obsolete des_cblock and des_keyschedule

To allow building on NetBSD. Signed-off-by: Adriaan de Jong --- crypto_openssl.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index e43d73c..fdea326 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@ -642,10 +642,10

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:50 AM, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:58, Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfi

[Openvpn-devel] [PATCH] Added missing #ifdef to allow --disable-managent to work again

Signed-off-by: Adriaan de Jong --- ssl_verify.h |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/ssl_verify.h b/ssl_verify.h index 1eaf639..1809137 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -172,7 +172,10 @@ static inline bool verify_user_pass_enabled(struct

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:03 AM, Jan Just Keijser wrote: Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :) hmmm then perhaps the default should be changed to

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

r 2011 10:55 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for > PolarSSL to AES-128, as BF is not supported > > I'd NACK this patch : the default behaviour of OpenVPN should be > independ

[Openvpn-devel] [PATCH 2/3] Fixed disabling crypto and SSL

Signed-off-by: Adriaan de Jong --- Makefile.am | 23 --- configure.ac |2 -- crypto_openssl.c |4 crypto_polarssl.c |4 options.h |2 +- pkcs11_openssl.c |4 ++-- pkcs11_polarssl.c |4

[Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

Signed-off-by: Adriaan de Jong --- options.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/options.c b/options.c index 39e7a57..d917072 100644 --- a/options.c +++ b/options.c @@ -810,7 +810,12 @@ init_options (struct options *o, const bool init_gc) o

[Openvpn-devel] [PATCH 1/3] Got rid of a few magic numbers in ntlm.c

Signed-off-by: Adriaan de Jong --- crypto_backend.h |6 +++--- crypto_openssl.c |2 +- crypto_openssl.h |3 +++ crypto_polarssl.c |2 +- crypto_polarssl.h |2 ++ ntlm.c| 30 +++--- 6 files changed, 25 insertions(+), 20 deletions

[Openvpn-devel] PolarSSL 1.0.0 support

Hi everyone, The patch available at https://github.com/andj/openvpn-ssl-refactoring/commit/77b34616e70dcab081b2a2f0f567d1ab8fd25349 moves OpenVPN master from PolarSSL v0.99-pre5 to v1.0.0, the first stable release of PolarSSL. I've kept it on github instead of using git-mail as It exists on top o

[Openvpn-devel] Rebased SSL patches

828a7a73a7054cc If someone can ack these last few changes, then David can start merging! Kind regards, Adriaan de Jong

Re: [Openvpn-devel] Topics for tomorrow's meeting

Hi Samuli, I'll be around as well this evening. If we have any time I'd like to discuss the next steps for the PolarSSL addition patch, and the as-yet unapproved fixes that follow it. Kind Regards, Adriaan > -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent:

Re: [Openvpn-devel] [PATCH 0/8] OpenVPN Doxygen patches

y: lines are > intact, and all have the proper credit to Adriaan de Jong. > > So unless there are any objections or Adriaan insists on having his > name as > the patch authors, I will leave it how it is now. Otherwise, I'll need > to > reset the git tree and push out

[Openvpn-devel] Minor issue in master git

files (I'm not entirely sure what needs to be done here?) Thanks, Adriaan de Jong

Re: [Openvpn-devel] openvpn support for challenge-response otp (user+pass+otp)

> -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > > There's some support for challenge-response authentication in OpenVPN: > > testing.git;a=commit;h=3cf9dd88fd84108eccfcce0ebf44e00f9481cd82>

  1   2   >