Hi,
On Tue, Mar 16, 2021 at 11:26:18PM +, tincanteksup wrote:
> Or the server indicate an initial unrequested PUSH, technically
> this is not a PUSH_REPLY.
Since the message is called "PUSH_REPLY", this is what it is, technically
or otherwise. This is the same message and same code path that
Hi,
Here's the summary of the IRC meeting.
---
COMMUNITY MEETING
Place: #openvpn-meeting on irc.freenode.net
Date: Wed 17th March 2021
Time: 11:30 CET (10:30 UTC)
Planned meeting topics for this meeting were here:
https://community.openvpn.net/openvpn/wiki/Topics-2021-03-17
Your local meet
This structures the code a bit nicer and also prepares for deferred
scripts that needs their own set of files.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl.c| 4 +--
src/openvpn/ssl_common.h | 12 ++--
src/openvpn/ssl_verify.c | 63
src/op
This patch also refactors the if condition that checks the result of
the authentication since that has become quite unreadable. It renames
s1/s2 and extracts some parts of the condition into individual variables
to make the condition better understandle
Patch v2: add refactoring of the if conditio
Am 12.03.21 um 16:06 schrieb Juliusz Sosinowicz:
> In the EVP_DigestSignFinal API, "before the call the siglen parameter should
> contain the length of the sig buffer".
>
> Signed-off-by: Juliusz Sosinowicz
> ---
> src/openvpn/crypto_openssl.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 dele
This unifies save/restoring options that might be changed by a push
from the server. It also removes using the context_1 to store something
that is not related to a SIGHUP lifetime.
Patch v2: rebase on master.
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c| 36 +-
This fixes the issue that if a client reconnects the next connection
entries inherits the keepalive settings that were pushed or set by
the previous entry. Since UDP+PULL entries have an implicit 120s
timeout, this timeout also got applied to a TCP session after an
UDP entry.
Patch v2: rebase on m
We currently delay restoring these options until we actually must
restore them. Since there is no reason to do so apart from the very
minor saving to not have to execute that code when a connection fails,
move them it into the general context_2 initialisation.
Patch V2: rebase on master.
Signed-o
When not using username and password (i.e. auth-user-pass) it can still make
to provide the client with an auth-token, e.g. for allowing a session to
continue after a reconnect without requiring 2FA again.
However, without --auth-user-pass openvpn does not have a username and will
ignore any pushe
Hi all,
On 17/03/2021 17:04, Arne Schwabe wrote:
> When not using username and password (i.e. auth-user-pass) it can still make
> to provide the client with an auth-token, e.g. for allowing a session to
> continue after a reconnect without requiring 2FA again.
>
> However, without --auth-user-pas
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> We currently delay restoring these options until we actually must
> restore them. Since there is no reason to do so apart from the very
> minor saving to not have to execute that code when a connection fails,
> move them it into the general contex
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> This unifies save/restoring options that might be changed by a push
> from the server. It also removes using the context_1 to store something
> that is not related to a SIGHUP lifetime.
>
> Patch v2: rebase on master.
>
> Signed-off-by: Arne Sch
Hi all,
On 17/03/2021 17:00, Arne Schwabe wrote:
> This fixes the issue that if a client reconnects the next connection
> entries inherits the keepalive settings that were pushed or set by
> the previous entry. Since UDP+PULL entries have an implicit 120s
> timeout, this timeout also got applied t
Am 12.03.21 um 16:12 schrieb Juliusz Sosinowicz:
> Hi Arne,
>
> I found that the connecting issue is that
> wolfSSL_CTX_set_min_proto_version will fail when the user (in this case
> OpenVPN) tries to set a protocol version that was not compiled in. I
> modified our configure.ac script when buildin
Hi,
On Wed, Mar 17, 2021 at 06:13:04PM +0100, Arne Schwabe wrote:
> I would consider this an ACK. @Gert do you want a new version with the
> configure.ac fixed?
Since this is a real code change, I'd prefer to have an updated patch
with that change included.
gert
--
"If was one thing all peopl
Hi Arne,
wolfSSL does not support Ed25519 certificates in the compatibility layer.
I added the EKM signaling locally. I can submit the patch with this
modification if you would like me to.
Sincerely
Juliusz
On 17/03/2021 18:13, Arne Schwabe wrote:
Am 12.03.21 um 16:12 schrieb Juliusz Sosino
My apologies. I didn't notice your reply Gert. I will submit an updated
patch.
Sincerely
Juliusz
On 17/03/2021 18:22, Gert Doering wrote:
Hi,
On Wed, Mar 17, 2021 at 06:13:04PM +0100, Arne Schwabe wrote:
I would consider this an ACK. @Gert do you want a new version with the
configure.ac fixe
This patch adds support for wolfSSL in OpenVPN. Support is added by using
wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and
instead the OpenSSL includes point to wolfSSL headers and OpenVPN is linked
against the wolfSSL library. The wolfSSL installation directory is de
Your patch has been applied to the master branch.
Mildly tested on an OpenSSL 1.0.2u box, client side only. Works :-)
commit 476990d41ad78ac4419a3743cdab55c85c41b041
Author: Juliusz Sosinowicz
Date: Fri Mar 12 16:06:29 2021 +0100
EVP_DigestSignFinal siglen parameter correction
Sign
Suppress printing the complete Diffy Hellman parameters file
to the log file when it has been configured as an inline file.
Signed-off-by: Richard Bonhomme
---
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
Hi,
On 17/03/2021 23:34, Richard Bonhomme wrote:
> Suppress printing the complete Diffy Hellman parameters file
> to the log file when it has been configured as an inline file.
>
> Signed-off-by: Richard Bonhomme
This is indeed something that I forgot to change when implementing
19fab1f6cf71715
21 matches
Mail list logo
