[Openvpn-devel] [XS] Change in openvpn[master]: Fix mbed TLS key exporter functionality in 3.6.x and cmake

2025-03-27 Thread MaxF (Code Review)
Attention is currently required from: flichtenheld, plaisthos. MaxF has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/920?usp=email ) Change subject: Fix mbed TLS key exporter functionality in 3.6.x and cmake .

[Openvpn-devel] [PATCH applied] Re: Do not leave half-initialised key wrap struct when dynamic tls-crypt fails

2025-03-27 Thread Gert Doering
Looking at this with "git show --color-moved=zebra -U20" makes clear that it's just moving around the call that could fail, and if it fails, do not modify anything else that might then become inconsistent. As far as I can see, nothing of this has side effects where order would be important (except

[Openvpn-devel] [S] Change in openvpn[master]: Do not leave half-initialised key wrap struct when dynamic tls-crypt ...

2025-03-27 Thread cron2 (Code Review)
cron2 has uploaded a new patch set (#2) to the change originally created by plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/921?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by MaxF Change subject: Do not leave half-initialised key wrap struct when dynamic

[Openvpn-devel] [S] Change in openvpn[master]: Do not leave half-initialised key wrap struct when dynamic tls-crypt ...

2025-03-27 Thread cron2 (Code Review)
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/921?usp=email ) Change subject: Do not leave half-initialised key wrap struct when dynamic tls-crypt fails .. Do not leave half-initialised key wrap struc

[Openvpn-devel] [S] Change in openvpn[master]: Do not leave half-initialised key wrap struct when dynamic tls-crypt ...

2025-03-27 Thread MaxF (Code Review)
Attention is currently required from: flichtenheld, plaisthos. MaxF has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/921?usp=email ) Change subject: Do not leave half-initialised key wrap struct when dynamic tls-crypt fails

[Openvpn-devel] [PATCH applied] Re: t_server_null_default.rc: Add some tests with --data-ciphers

2025-03-27 Thread Gert Doering
Tests are good :-) - I have not really looked into it in more detail, but this is what the infra is there for, and Samuli knows it best. Your patch has been applied to the master branch. commit 5ad560a9237dedde83b8797aac457fd1e6832b54 Author: Frank Lichtenheld Date: Thu Mar 27 10:47:00 2025 +01

[Openvpn-devel] [S] Change in openvpn[master]: t_server_null_default.rc: Add some tests with --data-ciphers

2025-03-27 Thread cron2 (Code Review)
cron2 has uploaded a new patch set (#3) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/847?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by mattock Change subject: t_server_null_default.rc: Add some tests with --data-

[Openvpn-devel] [L] Change in openvpn[master]: dns: deal with --dhcp-options when --dns is active

2025-03-27 Thread d12fk (Code Review)
Attention is currently required from: d12fk, flichtenheld, plaisthos. Hello flichtenheld, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/904?usp=email to look at the new patch set (#9). The following approvals got outdated and were removed

[Openvpn-devel] [XS] Change in openvpn[master]: Fix incorrect condition for checking password related check

2025-03-27 Thread ordex (Code Review)
Attention is currently required from: flichtenheld, plaisthos. ordex has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/912?usp=email ) Change subject: Fix incorrect condition for checking password related check ...

[Openvpn-devel] [PATCH v2] t_server_null_default.rc: Add some tests with --data-ciphers

2025-03-27 Thread Frank Lichtenheld
Trying to verify some of the negotiation parts. Change-Id: I47d95eee8a00b9878331fd6cd6a7db12665f5537 Signed-off-by: Frank Lichtenheld Acked-by: Samuli Seppänen --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://ge

[Openvpn-devel] [XS] Change in openvpn[master]: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread flichtenheld (Code Review)
Attention is currently required from: flichtenheld, plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/918?usp=email ) Change subject: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ .

[Openvpn-devel] [XL] Change in openvpn[master]: win: implement --dns option support with NRPT

2025-03-27 Thread stipa (Code Review)
Attention is currently required from: d12fk, plaisthos. stipa has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/837?usp=email ) Change subject: win: implement --dns option support with NRPT .. Patch S

[Openvpn-devel] [XS] Change in openvpn[master]: manpage: fix HTML format for --local

2025-03-27 Thread its_Giaan (Code Review)
Attention is currently required from: flichtenheld, plaisthos. Hello plaisthos, flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/922?usp=email to review the following change. Change subject: manpage: fix HTML format for --local ...

[Openvpn-devel] [S] Change in openvpn[master]: t_server_null_default.rc: Add some tests with --data-ciphers

2025-03-27 Thread cron2 (Code Review)
cron2 has submitted this change. ( http://gerrit.openvpn.net/c/openvpn/+/847?usp=email ) Change subject: t_server_null_default.rc: Add some tests with --data-ciphers .. t_server_null_default.rc: Add some tests with --data-cipher

[Openvpn-devel] [XS] Change in openvpn[master]: Disable clang-format for some code parts

2025-03-27 Thread flichtenheld (Code Review)
Attention is currently required from: plaisthos. Hello plaisthos, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/829?usp=email to review the following change. Change subject: Disable clang-format for some code parts ...

[Openvpn-devel] [PATCH v1] Do not leave half-initialised key wrap struct when dynamic tls-crypt fails

2025-03-27 Thread Gert Doering
From: Arne Schwabe In case when key_state_export_keying_material fails we left a half-initialised tls_wrap_reneg structure in the tls_session. Later calls to try to free this structure causes freeing of invalid memory locations. To test: make key_state_export_keying_material return false even t

[Openvpn-devel] [XS] Change in openvpn[master]: manpage: fix HTML format for --local

2025-03-27 Thread mattock (Code Review)
Attention is currently required from: flichtenheld, its_Giaan, plaisthos. mattock has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/922?usp=email ) Change subject: manpage: fix HTML format for --local .

[Openvpn-devel] [XS] Change in openvpn[master]: Fix mbed TLS key exporter functionality in 3.6.x and cmake

2025-03-27 Thread MaxF (Code Review)
Attention is currently required from: flichtenheld, plaisthos. MaxF has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/920?usp=email ) Change subject: Fix mbed TLS key exporter functionality in 3.6.x and cmake .

[Openvpn-devel] [XS] Change in openvpn[master]: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread flichtenheld (Code Review)
Attention is currently required from: flichtenheld. Hello plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/918?usp=email to look at the new patch set (#2). Change subject: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ .

[Openvpn-devel] [XS] Change in openvpn[master]: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread flichtenheld (Code Review)
Attention is currently required from: flichtenheld. Hello plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/918?usp=email to look at the new patch set (#3). Change subject: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ .

[Openvpn-devel] [XS] Change in openvpn[master]: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread cron2 (Code Review)
cron2 has uploaded a new patch set (#4) to the change originally created by flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/918?usp=email ) The following approvals got outdated and were removed: Code-Review+2 by MaxF Change subject: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ .

[Openvpn-devel] [XS] Change in openvpn[master]: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread MaxF (Code Review)
Attention is currently required from: flichtenheld, plaisthos. MaxF has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/918?usp=email ) Change subject: Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+ .

[Openvpn-devel] [PATCH v3] Fix compatibility with mbedTLS 2.28.10+ and 3.6.3+

2025-03-27 Thread Gert Doering
From: Frank Lichtenheld >From release notes: In TLS clients, if mbedtls_ssl_set_hostname() has not been called, mbedtls_ssl_handshake() now fails with MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME if certificate-based authentication of the server is attempted. This is because authenti

[Openvpn-devel] [S] Change in openvpn[master]: t_server_null: add multi-socket testing

2025-03-27 Thread mattock (Code Review)
Attention is currently required from: flichtenheld, plaisthos. Hello flichtenheld, plaisthos, I'd like you to reexamine a change. Please visit http://gerrit.openvpn.net/c/openvpn/+/919?usp=email to look at the new patch set (#2). Change subject: t_server_null: add multi-socket testing ...