Hi Steffan
Non-crypto geek here, comments inline.
On 05.05.2017 22:30, Steffan Karger wrote:
> +control channel messages. A typical initial negotiation is about 10 packets
> +in each direction. Assuming both initial negotation and renogatiations are
> +at most 2^16 (65536) packets, and (re)nego
Hi,
On 07-05-17 11:39, Magnus Kroken wrote:
> Non-crypto geek here, comments inline.
>
> On 05.05.2017 22:30, Steffan Karger wrote:
>> +control channel messages. A typical initial negotiation is about 10 packets
>> +in each direction. Assuming both initial negotation and renogatiations are
>> +
If keyUsage was only required to be present, but no specific value was
required, we would omit to free the extracted string. This happens as of
2.4.1, if --remote-cert-tls is used. In that case we leak a bit of
memory on each TLS (re)negotiation.
Signed-off-by: Steffan Karger
---
Changes.rst
Hi,
On 05-05-17 20:08, Ilya Shipitsin wrote:
> Inspired by
> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13032.html
> build options are taken from regular windows installer builds
>
> Signed-off-by: Ilya Shipitsin
> ---
> v2: moved download/build dependencies into functi
Hi,
On 07-05-17 14:03, Antonio Quartulli wrote:
>
>> On 7 May 2017, at 19:56, Antonio Quartulli wrote:
>>
>>> On 4 May 2017, at 06:57, David Sommerseth
>>> wrote:
>>>
>>> On 03/05/17 22:15, Steffan Karger wrote:
> +switch (opt->verify_hash_algo)
> +{
> +case
> On 7 May 2017, at 20:15, Steffan Karger wrote:
>
> Hi,
>
> On 07-05-17 14:03, Antonio Quartulli wrote:
>>
>>> On 7 May 2017, at 19:56, Antonio Quartulli wrote:
>>>
On 4 May 2017, at 06:57, David Sommerseth
wrote:
On 03/05/17 22:15, Steffan Karger wrote:
>> +
>
> On 4 May 2017, at 06:57, David Sommerseth
> wrote:
>
> On 03/05/17 22:15, Steffan Karger wrote:
>>> +switch (opt->verify_hash_algo)
>>> +{
>>> +case MD_SHA1:
>>> +ca_hash = x509_get_sha1_fingerprint(cert, &gc);
>>> +break;
>>> +
>>> +c
> On 7 May 2017, at 19:56, Antonio Quartulli wrote:
>
>>
>> On 4 May 2017, at 06:57, David Sommerseth
>> wrote:
>>
>> On 03/05/17 22:15, Steffan Karger wrote:
+switch (opt->verify_hash_algo)
+{
+case MD_SHA1:
+ca_hash = x509_get_sha1_fi
Hi,
On 04-05-17 01:10, Hristo Venev wrote:
> Only fields known to OpenSSL have a NID. OBJ_txt2obj allows specifying
> fields by numeric OID.
>
> Signed-off-by: Hristo Venev
> ---
> src/openvpn/ssl_verify_openssl.c | 12 ++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff -
On 07/05/17 14:17, Antonio Quartulli wrote:
>
>> On 7 May 2017, at 20:15, Steffan Karger wrote:
>>
>> Hi,
>>
>> On 07-05-17 14:03, Antonio Quartulli wrote:
>>>
[...snip...]
>>> I forgot: the good point of *not* having a default is that when you will
>>> add a new enum value for that
>>> particul
> On 8 May 2017, at 06:05, David Sommerseth
> wrote:
>
> On 07/05/17 14:17, Antonio Quartulli wrote:
>>
>> Agreed. This sounds like a call for a cleanup mission :]
>
> I presume you meant this on a generic level, not this patch explicitly,
> right? If so, I don't need to worry about a v3, as
Hi,
Thanks for the patch exporting base64_encode/decode
A quick question/comment though: quoting from your sample base64.c
On Fri, May 5, 2017 at 5:46 PM, David Sommerseth wrote:
> +/* Which callbacks to intercept. */
> +ret->type_mask =
> +OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_
12 matches
Mail list logo
