--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -8553,6 +8553,10 @@ add_option(struct options *options,
{
options->imported_protocol_flags |=
CO_USE_TLS_KEY_MATERIAL_EXPORT; }
+else if (streq(p[j], "secure-renog"))
Should be rewritten t
Currently we have only one slot for renegotiation of the session/keys
If a replayed/faked packet is inserted by a malicous attacker, the
legimate peer cannot renegotiate anymore.
This commit introduces dynamic tls-crypt. When both peer support this
feature, both peer create a dynamic tls-crypt key
As discussed on IRC, I have adjusted the commit message to make *me*
understand what this is about, so maybe other readers find it easier
too :-)
Tested on the server test bench, with pre-NCP p2p client and regular
p2mp clients, and renegotiating often (auth-token test bench). No
issues observed.
NAK.
static inline int
link_socket_read_udp_win32(struct link_socket *sock,
struct buffer *buf,
struct link_socket_actual *from)
{
sockethandle_t sh = { .s = sock->sd };
if (sock->info.dco_installed)
2>C:\Users\lev\Projects\openvpn\src
The previous commit 9a516170 forgot to change to allow more than 2 parameters
to auth-gen-token, so you could eitherh ave renewal time or external-auth but
not both. Also fix two instances of misspelled auth-gen-token
Signed-off-by: Arne Schwabe
---
src/openvpn/options.c | 6 +++---
1 file chan
Acked-by: Gert Doering
"That's what I get for testing the core of the patch, and ignoring all
the little details..." - fixes are straightforward. Only compile-tested.
Your patch has been applied to the master branch.
commit 92db3227b682518ff8c5dc691ee15a1641899729
Author: Arne Schwabe
Date:
On Wed, Sep 21, 2022 at 12:49:28PM +0200, Arne Schwabe wrote:
> This ensures that control packets are actually smaller than the maximum
> control channel packet size.
>
> Since OpenVPN will consider a control message packet complete
> when the TLS record is complete, we have to ensure that the SSL
Acked-By: Frank Lichtenheld
Already acked in 1957647252.642516.1652264253...@office.mailbox.org
On Wed, Sep 21, 2022 at 12:49:30PM +0200, Arne Schwabe wrote:
> Patch v4: rebase
>
> Signed-off-by: Arne Schwabe
> ---
> tests/unit_tests/openvpn/Makefile.am | 5 +-
> tests/unit_tests/openv
Hi,
On Mon, Oct 10, 2022 at 3:14 AM Gert Doering wrote:
> We do not permit username changes on renegotiation (= username is
> "locked" after successful initial authentication).
>
> Unfortunately the way this is written this gets in the way of using
> auth-user-pass-optional + pushing "auth-token
Am 19.10.2022 um 01:01 schrieb Selva Nair:
Hi,
On Mon, Oct 10, 2022 at 3:14 AM Gert Doering wrote:
We do not permit username changes on renegotiation (= username is
"locked" after successful initial authentication).
Unfortunately the way this is written this gets in the way of us
10 matches
Mail list logo
