[Openvpn-devel] [PATCH 1/2] Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.

2014-04-27 Thread Steffan Karger
hash was cast from char * to unsigned char * at the return of the function. This patch removes the implicit cast by declaring hash as unsigned char * . Signed-off-by: Steffan Karger --- src/openvpn/ssl_verify_openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openv

Re: [Openvpn-devel] [PATCH 1/2] Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.

2014-04-27 Thread Steffan Karger
On 27-04-14 09:55, Steffan Karger wrote: > hash was cast from char * to unsigned char * at the return of the function. > This patch removes the implicit cast by declaring hash as unsigned char * . Ignore the "1/2". This was meant as a separate patch, but git format-patch added the "1/2" without me

[Openvpn-devel] [PATCH 1/2] Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.

2014-04-27 Thread Steffan Karger
This changes the representation of the tls_serial_{n} environment variable from hex to decimal for PolarSSL builds, to match OpenSSL build behaviour. Because hex representation for serials makes sense too, and to ease transition for PolarSSL users, added tls_serial_hex_{n} that exports the serial

[Openvpn-devel] [PATCH 2/2] Fix OCSP_check.sh to also use decimal for stdout verification.

2014-04-27 Thread Steffan Karger
This is an extra fix needed on top of 959d607, which already changes the serial parameter to correctly use decimal representation. Signed-off-by: Steffan Karger --- contrib/OCSP_check/OCSP_check.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/OCSP_check/OCSP_

Re: [Openvpn-devel] socket.c issues when building snapshots on windows...

2014-04-27 Thread Arne Schwabe
On 26.04.2014 23:00, Gert Doering wrote: Hiya, with some arm-twisting, I managed to convince build-snapshot to actually do that (it would prefer to do a git clone, autoconf, tarball, copy tarball, ignore the tarball, fetch 2.3.3 source, extract 2.3.3 and build that, thus never showing compilatio

[Openvpn-devel] [PATCH applied] Re: Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.

2014-04-27 Thread Gert Doering
ACK ("obviously correct") Your patch has been applied to the master and release/2.3 branches. commit d4309c21d9cde43c777985e373242afa78afefa1 (master) commit b36515a7115cec9a0f1c4240a83d4b5d184235f1 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Sun A

[Openvpn-devel] [PATCH applied] Re: Fix OCSP_check.sh to also use decimal for stdout verification.

2014-04-27 Thread Gert Doering
ACK. Your patch has been applied to the master and release/2.3 branches. commit 6ea78cbef6367590567156a20106c620fec224c9 (master) commit 78e1175cc510a98775eb393ec6d1ebf8309019c0 (release/2.3) Author: Steffan Karger List-Post: openvpn-devel@lists.sourceforge.net Date: Sun Apr 27 10:49:21 2014 +

[Openvpn-devel] [PATCH applied] Re: Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.

2014-04-27 Thread Gert Doering
ACK. Tested both OpenSSL and PolarSSL builds on the server side, and certificate reporting is consistent, if differing in uppercase/lowercase: OpenSSL: tls_serial_0=22 tls_serial_1=13617978572412530086 tls_serial_hex_0=16 tls_serial_hex_1=bc:fc:c7:5c:47:87:ad:a6 PolarSSL: tls_serial_0=22 tls_s

[Openvpn-devel] [PATCH applied] Re: More IPv6-related updates to the openvpn man page.

2014-04-27 Thread Gert Doering
Patch has been applied to the master and release/2.3 branches. commit 2a97e69e71d4afb9c32268890e13db19cb73196b (master) commit 268e211b2cf77f88f7ebb69a241337c82b3cc086 (release/2.3) Author: Gert Doering List-Post: openvpn-devel@lists.sourceforge.net Date: Sat Apr 26 13:30:54 2014 +0200 Mo

[Openvpn-devel] [PATCH applied] Re: Fix build system to accept non-system crypto library locations for plugins.

2014-04-27 Thread Gert Doering
ACK. (I had a really nice test case for this, as my "test-compile 2.3 with polar 1.2" tree only builds if the compile flags are honoured...) Your patch has been applied to the master and release/2.3 branches. commit ea31bc680fc83946b2cc8d0c93544a1ab2a01d63 (master) commit c2faef04e61378ef5f11240

Re: [Openvpn-devel] [PATCH 4/4] When tls-version-min is unspecified, revert to original versioning approach.

2014-04-27 Thread Gert Doering
Hi, On Mon, Apr 21, 2014 at 01:10:04AM -0600, James Yonan wrote: > For OpenSSL, this means to use TLSv1_(client|server)_method rather > than SSLv23_(client|server)_method combined with SSL_OP_NO_x flags > for specific TLS versions to disable. > > For PolarSSL, this means to avoid calling ssl_set_

Re: [Openvpn-devel] [PATCH 4/4] When tls-version-min is unspecified, revert to original versioning approach.

2014-04-27 Thread Steffan Karger
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 27-04-14 19:53, Gert Doering wrote: > On Mon, Apr 21, 2014 at 01:10:04AM -0600, James Yonan wrote: The > attached patch is what I intend to commit to release/2.3 *only*, > not to master - as agreed at the IRC meeting. "Please ACK" :-) Sorry

Re: [Openvpn-devel] socket.c issues when building snapshots on windows...

2014-04-27 Thread Gert Doering
Hi, On Sun, Apr 27, 2014 at 11:55:15AM +0200, Arne Schwabe wrote: > The option seems to be supported since Windows Vista. I think we should > add something like this to the windows ifdefs (copied from > http://marc.info/?l=apr-dev&m=121392734329754&w=2): > > +/* Ugly solution - only the Windows