This order the states from unauthenticated to authenticated and also
changes the comparison for KS_AUTH_FALSE from != to >
It also add comments and documents part using the state machine
better.
Remove a now obsolete comment and two obsolete ifdefs. While
keeping the ifdef in ssl_verify would sav
Hi,
On 07-07-2020 18:20, Antonio Quartulli wrote:
> On 07/07/2020 14:16, Arne Schwabe wrote:
>> This order the states from unauthenticated to authenticated and also
>> changes the comparison for KS_AUTH_FALSE from != to >
>>
>> Also remove a now obsolete comment and two obsolete ifdefs. While
>> k
Hi,
On Tue, Jul 07, 2020 at 06:14:25PM +0200, Jan Just Keijser wrote:
> > This one works(!), so generally, Win10 accepts this DHCP option - but
> > it seems to want "all domains in one".
> >
> > Can you send a v3?
> >
> not sure if all went well , but here's V3.
Unfortunately not, that one seems
Hi,
On 08/07/2020 09:17, Arne Schwabe wrote:
> This order the states from unauthenticated to authenticated and also
> changes the comparison for KS_AUTH_FALSE from != to >
>
> It also add comments and documents part using the state machine
> better.
>
> Remove a now obsolete comment and two obso
Hi,
As discusses in #openvpn-devel on IRC, this patch breaks interop with
clients that don't pull, but that will be restored in a follow-up
refactoring (before 2.5 rc1). I can live with that, but I think this
should be mentioned in the commit message.
On 07-07-2020 14:16, Arne Schwabe wrote:
> Ev
Hi,
On Tue, Jul 07, 2020 at 02:16:14PM +0200, Arne Schwabe wrote:
> Ever since the NCPv2 the ncp_get_best_cipher uses the global
> options->ncp_enabled option and ignore the tls_session->ncp_enabled
> option.
For the record, this breaks "poor man's NCP" for big packets - tested
with 2.3 client an
Am 08.07.20 um 13:15 schrieb Gert Doering:
> Hi,
>
> On Tue, Jul 07, 2020 at 02:16:14PM +0200, Arne Schwabe wrote:
>> Ever since the NCPv2 the ncp_get_best_cipher uses the global
>> options->ncp_enabled option and ignore the tls_session->ncp_enabled
>> option.
>
> For the record, this breaks "poo
Am 08.07.20 um 12:10 schrieb Steffan Karger:
> Hi,
>
> As discusses in #openvpn-devel on IRC, this patch breaks interop with
> clients that don't pull, but that will be restored in a follow-up
> refactoring (before 2.5 rc1). I can live with that, but I think this
> should be mentioned in the commi
Hi,
On Wed, Jul 08, 2020 at 03:15:49PM +0200, Arne Schwabe wrote:
> +++ b/src/openvpn/ssl.c
> @@ -1986,6 +1986,12 @@ tls_session_update_crypto_params(struct
> tls_session *session,
> options->keysize = 0;
> }
> }
> +else
> +{
> + /* Very hacky workaround and
