[Openvpn-devel] [PATCH v2 0/4] OpenVPN plug-in API version 3

2010-12-10 Thread David Sommerseth
This is the second round of implementing a new plug-in API for OpenVPN. This API uses structs for both passing arguments to and from the plug-in functions. The reason for this approach is to avoid modifying the function API itself to add more information being sent to or from the plug-in function

[Openvpn-devel] [PATCH v2 1/4] Define the new openvpn_plugin_{open, func}_v3() API

2010-12-10 Thread David Sommerseth
This just implements the basic API changes needed for the newer and more flexible plug-in API. Signed-off-by: David Sommerseth --- openvpn-plugin.h | 222 +- plugin.c |6 +- plugin.h |2 + 3 files changed, 227 insertion

[Openvpn-devel] [PATCH v2 4/4] Added a simple plug-in demonstrating the v3 plug-in API.

2010-12-10 Thread David Sommerseth
To build the plug-in, do ./build log_v3 in the plugin/examples directory. This plug-in can be tested by running an OpenVPN server like this: # ./openvpn --plugin plugin/examples/log_v3.so --dev tun \ --server 192.168.240.0 255.255.255.0 --ca sample-keys/ca.crt \ --cert

[Openvpn-devel] [PATCH v2 2/4] Implement the core v3 plug-in function calls.

2010-12-10 Thread David Sommerseth
Let OpenVPN call the openvpn_plugin_open_v3() and openvpn_plugin_func_v3() plug-in functions if they exist in the plug-in. Signed-off-by: David Sommerseth --- plugin.c | 29 +++-- 1 files changed, 27 insertions(+), 2 deletions(-) diff --git a/plugin.c b/plugin.c index

[Openvpn-devel] [PATCH v2 3/4] Extend the v3 plug-in API to send over X509 certificates

2010-12-10 Thread David Sommerseth
The certificates sent to the plug-in API will only happen during the OPENVPN_PLUGIN_TLS_VERIFY phase and will contain a pointer to the OpenSSL X509 certificate data. Signed-off-by: David Sommerseth --- init.c |2 +- misc.c |2 +- multi.c |8 open

Re: [Openvpn-devel] how to limite the bandwidth of every client ?

2010-12-10 Thread hmy
I'm sorry , I will quit this mail list. sorry! 2010/12/9 David Sommerseth > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 09/12/10 09:29, hmy wrote: > > may be I'm wrong ,tc can do that. > > First of all, yes tc can do that. That's the concept of traffic control > and traffic shaping.

Re: [Openvpn-devel] [Patch] OpenVPN OpenSSL Crypto Separation Preview [2/8]

2010-12-10 Thread Peter Stuge
Adriaan de Jong wrote: Content-Description: 02_openssl_crypto_separation.patch.gz > Separate OpenSSL specific code > > diff -r 228dee8676bf Makefile.am > --- a/Makefile.am Wed Aug 11 14:37:00 2010 +0200 > +++ b/Makefile.am Wed Dec 08 11:49:46 2010 +0100 > @@ -74,18 +74,18 @@ > INSTAL

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Peter Stuge
Adriaan de Jong wrote: Content-Description: 07_polarssl_addition.patch.gz > Add PolarSSL support to OpenVPN > +++ b/configure.acWed Dec 08 12:35:42 2010 +0100 > @@ -273,14 +273,16 @@ > ) > > AC_ARG_WITH([ssl-type], > - [ --with-ssl-type=TYPE Build with the given SSL library, TYPE = ope

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Adriaan de Jong
Thanks, I'll change the configure options when I rebase the patches to 2.2 . I'm a little more familiar with cmake, thanks for pointing that out. About the whitespace: it's a tad difficult to split the patches now. Are you sure it wouldn't be acceptable this way? Adriaan > -Original Messa

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Peter Stuge
Adriaan de Jong wrote: > Thanks, I'll change the configure options when I rebase the patches > to 2.2 . I'm a little more familiar with cmake, thanks for pointing > that out. Great. > About the whitespace: it's a tad difficult to split the patches now. Simple with git. Check out how to do an in

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/10 08:38, Adriaan de Jong wrote: > About the whitespace: it's a tad difficult to split the patches now. Are you > sure it wouldn't be acceptable this way? If I'm not entirely mistaken, these patches are based against a 2.1.x release and not

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Adriaan de Jong
> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: vrijdag 10 december 2010 8:56 > To: Adriaan de Jong > Cc: Peter Stuge; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview > [7/8] > > -B

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Peter Stuge
Adriaan de Jong wrote: > > > About the whitespace: it's a tad difficult to split the patches > > > now. Are you sure it wouldn't be acceptable this way? I may have misunderstood this. (I read "now" as "this late", but I guess maybe you meant "this early".) > > I'd suggest that we primarily do co

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Adriaan de Jong
> Adriaan de Jong wrote: > > > > About the whitespace: it's a tad difficult to split the patches > > > > now. Are you sure it wouldn't be acceptable this way? > > Peter Stuge wrote: > I may have misunderstood this. (I read "now" as "this late", but I > guess maybe you meant "this early".) > You re

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Peter Stuge
Adriaan de Jong wrote: > > I'd use git for the patches right away anyway, > > I'm afraid that we started off development based on checked out > sources (quite a long time ago). I'll start rebasing to git as soon > as I've heard that the git tree is stable. By git I don't mean the very latest cont

[Openvpn-devel] Summary of the IRC meeting (9th Dec 2010)

2010-12-10 Thread Samuli Seppänen
Hi, Here's the summary of the previous community meeting. --- COMMUNITY MEETING Place: #openvpn-devel on irc.freenode.net List-Post: openvpn-devel@lists.sourceforge.net Date: Thursday, 9th Dec 2010 Time: 18:00 UTC Planned meeting topics for this meeting were on this page:

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Matthias Andree
Am 10.12.2010 09:44, schrieb Peter Stuge: > Adriaan de Jong wrote: >> > I'd use git for the patches right away anyway, >> >> I'm afraid that we started off development based on checked out >> sources (quite a long time ago). I'll start rebasing to git as soon >> as I've heard that the git tree is

Re: [Openvpn-devel] [Patch] OpenVPN PolarSSL Support Preview [7/8]

2010-12-10 Thread Peter Stuge
Matthias Andree wrote: > > Having the branch in git allows iterating over the commits with > > great ease. > > let's not waste time discussing this over and over I'm sorry I wasted your time. //Peter

Re: [Openvpn-devel] Summary of the IRC meeting (9th Dec 2010)

2010-12-10 Thread Markus Kötter
Hi, Samuli Seppänen wrote: In deeper analysis it was noted that this feature, or using an external CA for OpenVPN certs in general, may be dangerous. Consider the following scenario: - An external root CA (e.g. Verisign) is used for Ope