Hi David,

David Sommerseth wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 24/09/10 09:15, Jan Just Keijser wrote:
Yo all,
[...snip...]
I was just browsing through the 2.1.3 source tree and found this in ssl.c:

3379 static bool
3380 push_peer_info(struct buffer *buf, struct tls_session *session)
3381 {
3382   struct gc_arena gc = gc_new ();
3383   bool ret = false;
3384
3385 #ifdef ENABLE_PUSH_PEER_INFO
3386   if (session->opt->push_peer_info) /* write peer info */
3387     {
3388       struct env_set *es = session->opt->es;
3389       struct env_item *e;
3390       struct buffer out = alloc_buf_gc (512*3, &gc);
3391
3392       /* push version */
3393       buf_printf (&out, "IV_VER=%s\n", PACKAGE_VERSION);
3394
3395       /* push platform */
3396 #if defined(TARGET_LINUX)
3397       buf_printf (&out, "IV_PLAT=linux\n");
3398 #elif defined(TARGET_SOLARIS)


this gets called if --push-peer-info is specified . This seems to be new
for 2.1.3 - has anyone tested it?

Good catch ... this is the commit which introduces it.  (SVN r5668)
You're right, this is in 2.1.2/2.1.3

commit aaf72974672e4f2af2053247b63ef6f06bdc80c0
Author: James Yonan <ja...@openvpn.net>
Date:   Tue Jun 1 07:12:27 2010 +0000

    Implemented a key/value auth channel from client to server.

    Version 2.1.1i


    git-svn-id:
http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668
e7ae566f-a301-0410-adde-c780ea21d3b5


<sarcastic>
  And according to our normal procedure, this is of course not
  documented in the man page.
</sarcastic>

Thanks, JJK for catching this!  I don't think many have tested it -
except James.  So if you wouldn't mind testing it out and maybe shed
some knowledge about it, that would be great!
just toyed with it for about an hour or so and I can't get it to work - I even ran
 openvpn --cipher none --auth none
to see if I could see the IV_ and UV_ variables fly over the wire and I don't even see that.

Looks like this is still under development, but it is a nice starting point for implementing this enhancement (I'd go for a full negotiation step).

share and enjoy,

JJK


Reply via email to