[Openvpn-devel] [PATCH] mbedtls: fix typ0 in comment

From: Antonio Quartulli the function used to set the verify callback in mbedTLS is actually called mbedtls_ssl_conf_verify() and it is invoked in key_state_ssl_init(). Fix comment accordingly. Signed-off-by: Antonio Quartulli --- src/openvpn/ssl_verify_mbedtls.h | 6 +++--- 1 file changed, 3

Re: [Openvpn-devel] [PATCH] Added OpenSSL FIPS 2.0 support to OpenVPN

> So I don't think the version is as strict as you say. But it might be > other > distributions have gone through the compliance certification on a > different > version. This is true. Red Hat has gone through the compliance certification on 1.0.2k and their security policy is public https://cs

Re: [Openvpn-devel] [PATCH 09/13] Signed/unsigned warnings of MSVC resolved

Hi, > On Wed, Nov 08, 2017 at 06:46:53PM +, Simon Rozman wrote: > > > The best time to re-factor a function would be when a a new use > > > case needs to change its semantics. Apart from the ill-chosen -err > > > as a return value, currently it returns 0 if automatic metric is in > > > use, m

Re: [Openvpn-devel] [PATCH applied] Re: openvpnserv: Add support for multi-instances

Hi, > I've done a bit of staring at the code as well, and it seems to make sense > (but > thanks to Selva for a thorough review and actually testing this :-) ). > > Given the interaction with EduVPN 2.4, and the fairly well localized changes, > I > agree to Selva's suggestion of having it in 2.4

Re: [Openvpn-devel] [PATCH applied] Re: openvpnserv: Add support for multi-instances

Il 05/12/2017 13:01, Simon Rozman ha scritto: > Hi, > >> I've done a bit of staring at the code as well, and it seems to make sense >> (but >> thanks to Selva for a thorough review and actually testing this :-) ). >> >> Given the interaction with EduVPN 2.4, and the fairly well localized >> chan

Re: [Openvpn-devel] [PATCH applied] Re: openvpnserv: Add support for multi-instances

2017-12-05 16:19 GMT+05:00 Samuli Seppänen : > Il 05/12/2017 13:01, Simon Rozman ha scritto: > > Hi, > > > >> I've done a bit of staring at the code as well, and it seems to make > sense (but > >> thanks to Selva for a thorough review and actually testing this :-) ). > >> > >> Given the interactio

[Openvpn-devel] [PATCH] Add a warning for disabled DHCP media sense on Window

When DHCP media sense configuration is disabled, network applications including DHCP client will not receive information about link status changes and the link seems to be always connected. This lead to the non-renewal DHCP address on OpenVPN connect. DHCP media sense status can by shown with comm

[Openvpn-devel] Topics for the community meeting (Wed, 6th Dec 2017)

NOTE: This meeting starts at 11:30 CET. --- Hi, We're going to have an IRC meeting tomorrow starting at 11:30 CET (10:30 UTC) on #openvpn-meeting irc.freenode.net. You do not have to be logged in to Freenode to join the channel. Current topic list along with basic information is here:

[Openvpn-devel] [PATCH v2 0/1] add engine keys keys

Engine keys are an openssl concept for a key file which can only be understood by an engine (usually because it's been wrapped by the engine itself). We use this for TPM engine keys, so you can either generate them within your TPM or wrap them from existing private keys. Once wrapped, the keys wi

[Openvpn-devel] [PATCH v2 1/1] openssl: add engine method for loading the key

As well as doing crypto acceleration, engines can also be used to load key files. If the engine is set, and the private key loading fails for bio methods, this patch makes openvpn try to get the engine to load the key. If that succeeds, we end up using an engine based key. This can be used with t

Re: [Openvpn-devel] [PATCH v4] reload HTTP proxy credentials when moving to the next connection profile

Hi, On 04-12-17 05:49, Antonio Quartulli wrote: > The HTTP proxy credentials are stored in a static variable that is > possibly initialized before each connection attempt. > > However, the variable is never "released" therefore get_user_pass() > refuses to overwrite its content and leaves it as i

Re: [Openvpn-devel] [PATCH] mbedtls: fix typ0 in comment

On 05-12-17 09:57, Antonio Quartulli wrote: > From: Antonio Quartulli > > the function used to set the verify callback in mbedTLS is > actually called mbedtls_ssl_conf_verify() and it is invoked > in key_state_ssl_init(). > > Fix comment accordingly. > > Signed-off-by: Antonio Quartulli > --

Re: [Openvpn-devel] [PATCH] mbedtls: fix typ0 in comment

How the fuck unsubscribe this, its very annoynng On 05-Dec-2017 2:28 PM, "Antonio Quartulli" wrote: > From: Antonio Quartulli > > the function used to set the verify callback in mbedTLS is > actually called mbedtls_ssl_conf_verify() and it is invoked > in key_state_ssl_init(). > > Fix comment a

[Openvpn-devel] [PATCH] Refactor get_interface_metric to return metric and auto flag separately

From: Selva Nair - Instead of returning metric = 0 when automatic metric is in use return the actual metric and flag automatic metric through a parameter. This makes the function reusable elsewhere. - Ensure return value can be correctly cast to int and return -1 on error. Signed-off-by:

Re: [Openvpn-devel] [PATCH 09/13] Signed/unsigned warnings of MSVC resolved

Hi Simon, On Tue, Dec 5, 2017 at 4:44 AM, Simon Rozman wrote: > Hi, > >> On Wed, Nov 08, 2017 at 06:46:53PM +, Simon Rozman wrote: >> > > The best time to re-factor a function would be when a a new use >> > > case needs to change its semantics. Apart from the ill-chosen -err >> > > as a retu