Am 09.02.24 um 16:51 schrieb Juliusz Sosinowicz:
Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
include/wolfssl directory is included before openvpn/src. include/wolfssl needs to be
included so that openvpn can pick up wolfSSL compatibility headers instead of OpenSSL
Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
include/wolfssl directory is included before openvpn/src. include/wolfssl needs
to be included so that openvpn can pick up wolfSSL compatibility headers
instead of OpenSSL headers without changing the paths.
---
On Fri, Feb 09, 2024 at 04:51:09PM +0100, Juliusz Sosinowicz wrote:
> Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
> include/wolfssl directory is included before openvpn/src. include/wolfssl
> needs to be included so that openvpn can pick up wolfSSL compatibility
>
Hi,
On Fri, Feb 09, 2024 at 04:51:09PM +0100, Juliusz Sosinowicz wrote:
> Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
> include/wolfssl directory is included before openvpn/src. include/wolfssl
> needs to be included so that openvpn can pick up wolfSSL compatibility
>
cron2 has uploaded a new patch set (#10) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/365?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Print SSL peer signature information in handshake
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/365?usp=email )
Change subject: Print SSL peer signature information in handshake debug details
..
Print SSL peer signature information in handshake debug
Tested on the OpenBSD buildbot (some earlier LibreSSL version) and GHA
(different OpenSSL versions). Looks all good. As expected, LibreSSL builds
do not provide the new information (neither does mbedTLS), but OpenSSL
builds do...
2024-02-09 17:09:00 Control Channel: TLSv1.2, cipher TLSv1.2
Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
include/wolfssl directory is included before openvpn/src. include/wolfssl needs
to be included so that openvpn can pick up wolfSSL compatibility headers
instead of OpenSSL headers without changing the paths.
Signed-off-by:
Attention is currently required from: flichtenheld, plaisthos.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/506?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed:
Code-Review+1
Attention is currently required from: flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/506?usp=email )
Change subject: Implement support for AEAD tag at the end
..
Patch Set
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to reexamine a change. Please visit
http://gerrit.openvpn.net/c/openvpn/+/507?usp=email
to look at the new patch set (#3).
The following approvals got outdated and were removed:
Code-Review-1 by
Attention is currently required from: flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/507?usp=email )
Change subject: Implement support for larger packet counter sizes
..
Meeting summary for 7 February 2024:
* *Closed: Adding explicit license for ​openvpn-buildbot*
/It was agreed that for this infrastructure code a permissive BSD-2 license
is good enough. mattock will prepare a PR/
* *New: Pending Buildbot PRs*
From: Arne Schwabe
This is more SSL debug information that most people do not really need
or care about. OpenSSL's own s_client also logs them:
Peer signing digest: SHA256
Peer signature type: ECDSA
The complete message looks like this:
Control Channel: TLSv1.3, cipher TLSv1.3
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/365?usp=email )
Change subject: Print SSL peer signature information in handshake debug details
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/365?usp=email )
Change subject: Print SSL peer signature information in handshake debug details
From: Arne Schwabe
OpenSSL 3.0 introduced a new API for doing key derivation. So this leaves
us now with three different implementation for 1.0.2, 1.1.x and 3.x.
This was initially done to maybe still have a working TLS 1.0 PRF when
using OpenSSL 3.0 in FIPS but it gives the same error as with
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/457?usp=email )
Change subject: Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs
From: Arne Schwabe
Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21
Signed-off-by: Arne Schwabe
Acked-by: Frank Lichtenheld
---
This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.
Gerrit URL:
From: Heiko Hund
In an attempt to better defend against the TunnelCrack attacks, enforce
that no traffic can pass to anything else than the VPN interface when
the 'block-local' flags is given with either --redirect-gateway or
--redirect-private.
Reuse much of the existing --block-outside-dns
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/446?usp=email )
Change subject: Turn dead list test code into unit test
..
Patch Set 5:
21 matches
Mail list logo
