[Openvpn-devel] [PATCH applied] Re: mbedtls: fix typ0 in comment

Thanks. Your patch has been applied to the master and release/2.4 branch. commit c68a025a1ca687c19d7ae8599464f768b7525df5 (master) commit 9df9faeb9fec197f27dd2e51580992b55c085dc5 (release/2.4) Author: Antonio Quartulli Date: Tue Dec 5 16:57:11 2017 +0800 mbedtls: fix typ0 in comment

[Openvpn-devel] [PATCH] Fix memory leak in buffer unit tests

buffer_list_push_data does not take ownership of the memory, so just feed it stack data to plug the leak. Signed-off-by: Steffan Karger --- tests/unit_tests/openvpn/test_buffer.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/unit_tests/openvpn/test_buffer.c b/

[Openvpn-devel] [PATCH] Don't throw fatal errors from verify_cert_export_cert()

From: Steffan Karger As with create_temp_file(), this function is called on client connects and should not cause fatal errors when I/O (possibly temporarily) fails. The callers of this function are already fixed in the commit that does the same for create_temp_file(). Signed-off-by: Steffan Kar

[Openvpn-devel] [PATCH 00/10] Client-specific tls-crypt keys (--tls-crypt-v2)

Hi, The following patch set adds support for client-specific tls-crypt keys. For a rationale, description and specification see patch 2/10, which adds all that to doc/tls-crypt-v2.txt. This set is also available as a branch in my github fork: https://github.com/syzzer/openvpn/tree/tls-crypt-v2-p

[Openvpn-devel] [PATCH 04/10] tls-crypt-v2: add unwrap_client_key

Add helper functions to unwrap tls-crypt-v2 client keys. Signed-off-by: Steffan Karger --- src/openvpn/buffer.h | 7 + src/openvpn/tls_crypt.c | 102 tests/unit_tests/openvpn/test_tls_crypt.c | 253 +++--- 3 files chan

[Openvpn-devel] [PATCH 03/10] tls-crypt-v2: generate client keys

As a first step towards a full tls-crypt-v2 implementation, add functionality to generate tls-crypt-v2 client keys. Signed-off-by: Steffan Karger --- doc/openvpn.8| 51 +++ src/openvpn/buffer.c | 63 src/openvpn/buffer.h |

[Openvpn-devel] [PATCH 10/10] tls-crypt-v2: Add script hook to verify metadata

To allow rejecting incoming connections very early in the handshake, add a --tls-crypt-v2-verify option that allows administators to run an external command to verify the metadata from the client key. See doc/tls-crypt-v2.txt for more details. Because of the extra dependencies, this requires addin

[Openvpn-devel] [PATCH 06/10] tls-crypt-v2: implement tls-crypt-v2 handshake

This makes clients send-and-use, and servers receive-unwrap-and-use tls-crypt-v2 client keys, which completes the on-the-wire work. Signed-off-by: Steffan Karger --- src/openvpn/init.c | 39 +- src/openvpn/openvpn.h| 2 + src/openvpn/options.c

[Openvpn-devel] [PATCH 01/10] Add crypto_pem_{encode,decode}()

Needed for tls-crypt-v2, but isolated enough to be reviewed as a separate patch. The encode API allocates memory, because it fits our typical gc-oriented code pattern and the caller does not have to do multiple calls or calculations to determine the required destination buffer size. The decode AP

[Openvpn-devel] [PATCH 02/10] tls-crypt-v2: add specification to doc/

This is a preliminary description of tls-crypt-v2. It should give a good impression about the reasoning and design behind tls-crypt-v2, but might need some polishing and updating. Signed-off-by: Steffan Karger --- doc/tls-crypt-v2.txt | 164 +++ 1

[Openvpn-devel] [PATCH 09/10] Move execve/run_script helper functions to run_command.c

From: Steffan Karger To avoid having to include misc.c - which is a dependency mess - in the tls-crypt unit tests, move the command execution helper functions to a new run_command.c module. While at it, abstract away the script_security global variable. Signed-off-by: Steffan Karger --- src/o

[Openvpn-devel] [PATCH 05/10] tls-crypt-v2: add P_CONTROL_HARD_RESET_CLIENT_V3 opcode

Not used yet, but prepare for sending and receiving tls-crypt-v2 handshake messages. Signed-off-by: Steffan Karger --- src/openvpn/ps.c | 3 ++- src/openvpn/ssl.c| 23 ++- src/openvpn/ssl.h| 5 - src/openvpn/ssl_common.h | 2 ++ 4 files changed,

[Openvpn-devel] [PATCH 07/10] Move env helper functions into their own module/file

To avoid a dependency on misc.c - which is a dependency mess - in the tls-crypt unit tests, split the env_set functionality out into it's own file. Signed-off-by: Antonio Quartulli Signed-off-by: Steffan Karger --- src/openvpn/Makefile.am | 1 + src/openvpn/argv.c

[Openvpn-devel] [PATCH 08/10] Move file-related functions from misc.c to platform.c

To avoid having to include misc.c - which is a dependency mess - in the tls-crypt unit tests, move file-handing related functions to platform.c (which is where other file-related functions already reside). Signed-off-by: Steffan Karger --- src/openvpn/init.c | 2 +- src

Re: [Openvpn-devel] [PATCH] Added OpenSSL FIPS 2.0 support to OpenVPN

I'm curious about the openvpn-devel process related to patch acceptance. Does the fact that the conversation has ended mean the patch is scheduled to be added -- or does it instead mean there is no interest and the patch is being denied? Thanks Jim begin 666 smime.p7s M,( &"2J&2(;W#0$'`J" ,(

Re: [Openvpn-devel] [PATCH] Added OpenSSL FIPS 2.0 support to OpenVPN

Hi, On 08-12-17 13:34, Jim Carroll wrote: > I'm curious about the openvpn-devel process related to patch acceptance. Does > the fact that the conversation has ended mean the patch is scheduled to be > added -- or does it instead mean there is no interest and the patch is being > denied? It mea

Re: [Openvpn-devel] [PATCH] Don't throw fatal errors from verify_cert_export_cert()

Hi, On Fri, Dec 8, 2017 at 5:33 AM, Steffan Karger wrote: > From: Steffan Karger > > As with create_temp_file(), this function is called on client connects and > should not cause fatal errors when I/O (possibly temporarily) fails. > > The callers of this function are already fixed in the commit