Ever since the NCPv2 the ncp_get_best_cipher uses the global
options->ncp_enabled option and ignore the tls_session->ncp_enabled
option.
The server side's poor man's NCP is implemented as seeing the list
of supported ciphers from the peer as just one cipher so this special
handling for poor man's
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 4ee4c245..54a23011 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1231,11 +1231,10 @@ lame_duck_must_die(const struct
The simplify the control flow, it makes more sense to generate the
data keys when all the prerequisites for generating the data channel
keys (ncp cipher selection etc) are met instead of delaying it to the
next incoming PUSH_REQUEST message.
This also eliminates the need for the hack introduced by
This is a small refactoring to make both function more readable. It also
eliminates the ret variable in process_incoming_push_msg that now serves
no purpose anymore.
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 113 +
1 file changed, 64 inserti
This clean ups the code and removes the surprising side effects
of preparing a push reply to also select protocol options.
We also remember if we have seen a push request without async
push. This improves reaction time if deferred auth is involved
like managment interface deferred auth. The other
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c | 5 +++--
src/openvpn/ssl.h | 7 ---
2 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 668bcbd9..4ee4c245 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -1988,8 +1988,9 @@ tl
Signed-off-by: Arne Schwabe
---
Changes.rst | 18 ++
src/openvpn/options.c | 5 -
2 files changed, 22 insertions(+), 1 deletion(-)
diff --git a/Changes.rst b/Changes.rst
index 00dd6ed8..2752d29b 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -13,6 +13,24 @@ ChaCha20
This order the states from unauthenticated to authenticated and also
changes the comparison for KS_AUTH_FALSE from != to >
It also add comments and documents part using the state machine
better.
Remove a now obsolete comment and two obsolete ifdefs. While
keeping the ifdef in ssl_verify would sav
Typo
On 09/07/2020 11:15, Arne Schwabe wrote:
This order the states from unauthenticated to authenticated and also
changes the comparison for KS_AUTH_FALSE from != to >
It also add comments and documents part using the state machine
better.
Remove a now obsolete comment and two obsolete ifdefs
Hi,
On 09/07/2020 12:15, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe
> ---
> Changes.rst | 18 ++
> src/openvpn/options.c | 5 -
> 2 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/Changes.rst b/Changes.rst
> index 00dd6ed8..2752d29b 100644
>
typo
On 09/07/2020 11:15, Arne Schwabe wrote:
This clean ups the code and removes the surprising side effects
of preparing a push reply to also select protocol options.
We also remember if we have seen a push request without async
push. This improves reaction time if deferred auth is involved
l
Hi,
thanks for bearing with me and for adding the requested comment. I
believe the status enum is now easier to grasp and to extend.
Code was basically already reviewed ad this revision did not bring any
functional change with it. "It still looks good".
Tested only on the client side and it did
typo x3
On 09/07/2020 11:15, Arne Schwabe wrote:
This order the states from unauthenticated to authenticated and also
changes the comparison for KS_AUTH_FALSE from != to >
It also add comments and documents part using the state machine
better.
Remove a now obsolete comment and two obsolete ifd
possible white-space error ?
On 09/07/2020 11:16, Arne Schwabe wrote:
The simplify the control flow, it makes more sense to generate the
data keys when all the prerequisites for generating the data channel
keys (ncp cipher selection etc) are met instead of delaying it to the
next incoming PUSH_R
Hi,
another nice patch that makes one more step towards having a more
readable code base!
On 09/07/2020 12:15, Arne Schwabe wrote:
> This is a small refactoring to make both function more readable. It also
> eliminates the ret variable in process_incoming_push_msg that now serves
> no purpose any
Acked-by: Gert Doering
Taken the review by Antonio and the subsequent discussion on IRC on
"where should the message go?" - we leave it where it is, because all the
other DEPRECATED OPTIONS warnings are done the same way (except keysize).
Typos fixed, message wrapped slightly differently to avo
Your patch has been applied to the master branch.
I have fixed the typos tincanteksup noticed plus one of my own, and
tested this on the t_server testbed (tcp, udp, normal auth, async-auth
plugin). Happy server, with 2.3, 2.4 and git master client.
While it already got an ACK, a good and thorou
Your patch has been applied to the master branch.
After some discussion on IRC regarding the "const" bit it was decided
to not *add* it to the function call, but to *remove* it from the
function definition of process_incoming_push_msg() (which would
otherwise be done in the 5/8 patch of this seri
Hi,
On Thu, Jul 09, 2020 at 12:15:59PM +0200, Arne Schwabe wrote:
> This clean ups the code and removes the surprising side effects
> of preparing a push reply to also select protocol options.
>
> We also remember if we have seen a push request without async
> push. This improves reaction time if
Hi,
On Thu, Jul 09, 2020 at 12:16:02PM +0200, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/ssl.c | 5 +++--
> src/openvpn/ssl.h | 7 ---
> 2 files changed, 3 insertions(+), 9 deletions(-)
>
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 668bcbd9..4ee4c
Your patch has been applied to the master branch.
I have moved the comment change to 6/8 (to be applied as
soon as we've worked out 4/8 and 5/8) so this can be nicely
applied standalone. "It still compiles", so it is obviously
correct :-)
commit a6571181550f518eda3a63fb89e3a8191199dd24
Author: A
Hi,
On 09/07/2020 12:16, Arne Schwabe wrote:
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/ssl.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 4ee4c245..54a23011 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvp
Your patch has been applied to the master branch.
After some discussion on IRC, Antonio and I have come to the conclusion
that the original code was related to the pre-2.2 threading attempts, and
that "copying 'now' to a new local variable" might have been necessary to
avoid another thread messing
23 matches
Mail list logo
