Your patch has been applied to the master branch.
And I side with Selva "I do not want to see more of these lines in a patch
for a very long time" :-)
commit d2e5412aa48e028c07bc7a3a9447593b711a9e0c
Author: Arne Schwabe
Date: Wed Jun 9 08:15:32 2021 +0200
Silence warning about format str
Hello,
when using the master branch I get the following output on the server
upon renegotiation, when using deferred auth:
2021-06-14 02:15:50 client/10.10.10.2:1194 TLS Error: local/remote TLS
keys are out of sync: [AF_INET6]:::10.10.10.2:1194 (received key id:
6, known key ids: [key#0 stat
Hi,
On 04/06/2021 16:39, Arne Schwabe wrote:
> Previously we relied on checking tls_authentication_status to check
> wether to determine if the context auth state is actually valid or not.
> This patch eliminates that check by introducing waiting on the
> authentication as extra state in the conte
Hi,
On 11/06/2021 11:48, Arne Schwabe wrote:
> Am 11.06.21 um 02:41 schrieb Antonio Quartulli:
>> Hi,
>>
>> On 20/05/2021 17:11, Arne Schwabe wrote:
>>> When not using username and password (i.e. auth-user-pass) it can still make
>>> to provide the client with an auth-token, e.g. for allowing a se
Am 14.06.21 um 02:24 schrieb Antonio Quartulli:
> @Arne, ideas?
>
Yes. When reneg-sec is below 60 or 120 (would need to double check), you
need that value on both server and client since otherwise the timeouts
for changing active keys mismatch as the value is 60s normally but
changes if reneg-sec
Hi,
On 14/06/2021 02:56, Arne Schwabe wrote:
> Am 14.06.21 um 02:24 schrieb Antonio Quartulli:
>> @Arne, ideas?
>>
>
> Yes. When reneg-sec is below 60 or 120 (would need to double check), you
> need that value on both server and client since otherwise the timeouts
> for changing active keys misma
Hi,
On 20/05/2021 17:11, Arne Schwabe wrote:
> This extract the update of a deferred key status into into own
> function.
>
> Patch v2: Do not ignore auth_deferred_expire. Minor format changes.
>
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/ssl_verify.c | 96 ++
Am 14.06.21 um 03:01 schrieb Antonio Quartulli:
> Hi,
>
> On 14/06/2021 02:56, Arne Schwabe wrote:
>> Am 14.06.21 um 02:24 schrieb Antonio Quartulli:
>>> @Arne, ideas?
>>>
>>
>> Yes. When reneg-sec is below 60 or 120 (would need to double check), you
>> need that value on both server and client si
Hi,
On 14/06/2021 03:06, Antonio Quartulli wrote:
> Hi,
>
> On 20/05/2021 17:11, Arne Schwabe wrote:
>> This extract the update of a deferred key status into into own
>> function.
>>
>> Patch v2: Do not ignore auth_deferred_expire. Minor format changes.
>>
>> Signed-off-by: Arne Schwabe
>> ---
>
Hi,
On 14/06/2021 03:07, Arne Schwabe wrote:
> Am 14.06.21 um 03:01 schrieb Antonio Quartulli:
>> Hi,
>>
>> On 14/06/2021 02:56, Arne Schwabe wrote:
>>> Am 14.06.21 um 02:24 schrieb Antonio Quartulli:
@Arne, ideas?
>>>
>>> Yes. When reneg-sec is below 60 or 120 (would need to double chec
Hi,
On 20/05/2021 17:11, Arne Schwabe wrote:
> Since generating data channel keys does not happen when we have reach the
> S_ACTIVE/S_GOT_KEY state anymore like it used to be before NCP, the
> state that data channel keys deserves its own state in the TLS session
> state machine.
>
> The changes
11 matches
Mail list logo
