The master branch already has a commit doing almost the same
(9048d50), but since the API for polarssl 1.2 is different, this
could not be cherry-picked back to the 2.3 branch.
This commit:
* adds a number of missing #includes.
* makes a number of implicit casts explicit, to silence gcc
-Wall
Signed-off-by: Steffan Karger
---
src/openvpn/ssl_verify_openssl.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/openvpn/ssl_verify_openssl.c b/src/openvpn/ssl_verify_openssl.c
index 56e1c11..33cd757 100644
--- a/src/openvpn/ssl_verify_openssl.c
+++ b/src/openvpn/ssl_verify_openssl.c
@
Your patch has been applied to the release/2.3 branch.
commit 35b2ffdcf3f48f4a500cb8ad22330ca3454e6149
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sat Oct 25 11:47:49 2014 +0200
ssl_polarssl.c: fix includes and make casts explicit
Signed-off-by: Steffa
ACK.
Your patch has been applied to the release/2.3 branch.
commit 6e469f46e94b2bd0fc1509f2bfbda4d6b5374b14
Author: Steffan Karger
List-Post: openvpn-devel@lists.sourceforge.net
Date: Sat Oct 25 11:54:11 2014 +0200
Remove unused variables from ssl_verify_openssl.c extract_x509_extension()
Hi,
On Sat, Oct 25, 2014 at 12:41:50PM +0200, Gert Doering wrote:
> ACK.
>
> Your patch has been applied to the release/2.3 branch.
... and to master. Given the comment on IRC I wasn't sure if that was only
2.3-specific (like the first patch) or "both branches" (this one :) ).
> commit 6e469f4
Hi,
This patch set improves the logging from the crypto/ssl components. It adds
some debug/logging wrappers to make it easy for developers to add proper
logging, and makes the logging more verbose by reporting the underlying crypto
library errors too.
When errors occur during the TLS handshake
Use the new polar_log_err() and polar_ok() functions introduced in the
previous commit to provide more log/debug output on SSL errors.
Signed-off-by: Steffan Karger
---
src/openvpn/crypto_polarssl.c | 35 ---
src/openvpn/ssl_polarssl.c| 91 ++--
Since key_state_ssl_init() returns void, it *must* succeed. By changing the
'if(a) { success } else ignore' into 'ASSERT(a); success', we make sure we
don't fail (which we in practice don't do, because otherwise we would have
had complaining users with hard to trace errors).
This patch just change
Signed-off-by: Steffan Karger
---
src/openvpn/crypto_polarssl.c | 26 ++
src/openvpn/crypto_polarssl.h | 40
2 files changed, 66 insertions(+)
diff --git a/src/openvpn/crypto_polarssl.c b/src/openvpn/crypto_polarssl.c
index 1a986db
This works towards removing OpenSSL-specific error printing code from
error.c. The crypto_msg() functions provide convenience wrappers, specific
to OpenSSL. Instead of passing the magical 'M_SSLERR' flag to msg(), a
developer now just calls crypto_msg() to get OpenSSL errors dumped to log.
Signed-
Signed-off-by: Steffan Karger
---
src/openvpn/crypto_openssl.c | 30 +++-
src/openvpn/error.c | 29
src/openvpn/error.h | 5 --
src/openvpn/ssl_openssl.c| 107 +++
4 files changed, 75 insertions(+), 96 deletion
Overzealous users using the --tls-cipher option, or users with actual
incompatible crypto libaries often waste quite some time debugging the
"no shared cipher" error from openssl. See e.g. trac ticket #359:
https://community.openvpn.net/openvpn/ticket/359
This change adds a more clear, verb 1 erro
12 matches
Mail list logo