On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> We are in control of meth->name (we string_alloc() it in RSA_meth_new())
> so we know that we can free() it when it's no longer needed. Yet we have
> to force the value to be non-const to avoid a compiler warning -- due to
> t
Hi,
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including X509. We have to use the defined
> functions to do so.
>
> In x509_verify_ns_cert_type() in particular, this means that we
> cann
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including EVP_PKEY. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the corresponding
>
Hi,
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including RSA. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the corresponding
>
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including DSA. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the corresponding
> func
The NCP (data channel crypto negotiation) code on the client side waits
for an incoming PUSH_REPLY before setting up the data channel crypto
parameters, because the PUSH_REPLY could contain a "cipher xxx" setting.
In the particular case of a empty PUSH_REPLY message, the relevant code
bits was not
On 18-06-17 11:22, Gert Doering wrote:
> The NCP (data channel crypto negotiation) code on the client side waits
> for an incoming PUSH_REPLY before setting up the data channel crypto
> parameters, because the PUSH_REPLY could contain a "cipher xxx" setting.
>
> In the particular case of a empty
Patch has been applied to the master and release/2.4 branch.
commit bd230079d98bfe6aec70b7aedefdffcdbd0e56da (master)
commit e82f7005256f77a63a3191ab7fef67e0cf0a9d02 (release/2.4)
Author: Gert Doering
Date: Sun Jun 18 11:22:44 2017 +0200
Fix edge case with clients failing to set up cipher
Hi,
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including EVP_MD_CTX. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the correspon
Your patch has been applied to the master and release/2.4 branch.
commit c07c0358b553c519ed9d80e2e0a9ba48ca8850e4 (master)
commit 6f5aa04456f29d7084e004c980e219a21a954fa9 (master)
Author: Emmanuel Deloget
Date: Mon Jun 12 15:43:26 2017 +0200
OpenSSL: don't use direct access to the internal
Your patch has been applied to the master and release/2.4 branch.
I have changed the two occurences of "wierd" in comments to "weird",
as requested.
commit 17d1ab90c228b1efbe774357bd3265b2af006899 (master)
commit e78934adade51f79c847dcf0fee26905ebb9044d (release/2.4)
Author: Emmanuel Deloget
D
Your patch has been applied to the master and release/2.4 branch.
commit b8ca5bc3593e539d0735a74b55ed41a792e55033 (master)
commit cc7c9122dc1d9e87d3f9b953b7d3b3db9166c540 (release/2.4)
Author: Emmanuel Deloget
Date: Mon Jun 12 15:43:24 2017 +0200
OpenSSL: don't use direct access to the int
Your patch has been applied to the master and release/2.4 branch.
commit f7780af6f1aaffcbbfb8b4dde0f2af052f84b28a (master)
commit dd1ae0e48d0ce5c715ad6595b21c3cce1f4c8c6b (master)
Author: Emmanuel Deloget
Date: Mon Jun 12 15:43:25 2017 +0200
OpenSSL: don't use direct access to the internal
Makes it easier to test changes to DSA-related code.
Signed-off-by: Steffan Karger
---
sample/sample-keys/gen-sample-keys.sh | 16
1 file changed, 16 insertions(+)
diff --git a/sample/sample-keys/gen-sample-keys.sh
b/sample/sample-keys/gen-sample-keys.sh
index 301cff28..920513
Hi,
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including EVP_CIPHER_CTX. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the corre
Hi,
On 12-06-17 15:43, log...@free.fr wrote:
> From: Emmanuel Deloget
>
> OpenSSL 1.1 does not allow us to directly access the internal of
> any data type, including HMAC_CTX. We have to use the defined
> functions to do so.
>
> Compatibility with OpenSSL 1.0 is kept by defining the correspondi
Your patch has been applied to the master and release/2.4 branch.
I have changed the UTF8 characters in the quoted warning message to
standard ISO characters, though (copy-pasting the warning that clang
throws on FreeBSD). And fixed the dangling comment close.
commit 3fd07c31fe8878dc75e760d151d2
ACK. No code changes to openvpn itself, and it's good to have all
supported cert/key types around for testing.
Tested on FreeBSD, and it generates something that looks like DSA :-)
Generating DSA parameters, 2048 bit long prime
...
Generating a 2048 bit DSA private key
writing new priva
Am 20.05.17 um 14:57 schrieb Steffan Karger:
> Commit 'Migrate to mbed TLS 2.x' (86d8cd68) introduced a bug in mbedtls
> builds where we would calculate the certificate fingerprint over the
> (too-short) 'to-be-signed' length of the certificate, rather than over the
> certificate including the sign
Your patch has been applied to the master and release/2.4 branch.
Changes.rst has been adjusted to put this under the 2.4.3 heading.
commit 21a540f92bf65f39eb92967476eba0bcd2a34ef6 (master)
commit d7b7f93e526a21919ad54ce8cce41c3acc39128d (release/2.4)
Author: Steffan Karger
Date: Sat May 20 14:
Your patch has been applied to the master and release/2.4 branch.
commit 6cbd48a3ead23f004f25943d067fa668efdc580e (master)
commit a5ac1ecf35f35cecbbb89111f914fe95c5560df2 (release/2.4)
Author: Emmanuel Deloget
Date: Mon Jun 12 15:43:28 2017 +0200
OpenSSL: don't use direct access to the int
Your patch has been applied to the master and release/2.4 branch.
I have not changed anything wrt _init()/reset() to not delay getting
this in-tree before the upcoming v2.4.3 release - but if you agree to
Steffan's comment on that, please send a followup patch which can then
go in later.
(Thanks
Your patch has been applied to the master and release/2.4 branch.
I have removed the extra #include lines again, as suggested by Steffan,
and they do not seem to be missing - if they are part of a larger
cleanup (like "move all the includes into a central
place") please re-send as an additional
A malformed TCP header could lead to a one-byte overread when
searching for the MSS option (but as far as we know, with no
adverse consequences).
Change outer loop to always ensure there's one extra byte available
in the buffer examined.
Technically, this would cause OpenVPN to ignore the only si
Am 18.06.17 um 21:41 schrieb Gert Doering:
> A malformed TCP header could lead to a one-byte overread when
> searching for the MSS option (but as far as we know, with no
> adverse consequences).
>
> Change outer loop to always ensure there's one extra byte available
> in the buffer examined.
>
>
Patch has been applied to the master, release/2.4, 2.3 and 2.2 branch.
commit 22046a88342878cf43a9a553c83470eeaf97f000 (master)
commit 529de430ce07d0c3210a4636b1cb4c89cc6c8fc1 (master)
commit 4d343fbe9166e14187775567db00c0a91017df83 (release/2.3)
commit 2cc3583ddbc7ce98d859475422cb4e1c217c8083 (re
Hi,
On Sun, Jun 18, 2017 at 10:35:38PM +0200, Gert Doering wrote:
> Patch has been applied to the master, release/2.4, 2.3 and 2.2 branch.
>
> commit 22046a88342878cf43a9a553c83470eeaf97f000 (master)
> commit 529de430ce07d0c3210a4636b1cb4c89cc6c8fc1 (master)
> commit 4d343fbe9166e14187775567db00c
27 matches
Mail list logo
