Hi David,
David Sommerseth wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/09/10 09:15, Jan Just Keijser wrote:
Yo all,
[...snip...]
I was just browsing through the 2.1.3 source tree and found this in ssl.c:
3379 static bool
3380 push_peer_info(struct buffer *buf, struct tls_session *session)
3381 {
3382 struct gc_arena gc = gc_new ();
3383 bool ret = false;
3384
3385 #ifdef ENABLE_PUSH_PEER_INFO
3386 if (session->opt->push_peer_info) /* write peer info */
3387 {
3388 struct env_set *es = session->opt->es;
3389 struct env_item *e;
3390 struct buffer out = alloc_buf_gc (512*3, &gc);
3391
3392 /* push version */
3393 buf_printf (&out, "IV_VER=%s\n", PACKAGE_VERSION);
3394
3395 /* push platform */
3396 #if defined(TARGET_LINUX)
3397 buf_printf (&out, "IV_PLAT=linux\n");
3398 #elif defined(TARGET_SOLARIS)
this gets called if --push-peer-info is specified . This seems to be new
for 2.1.3 - has anyone tested it?
Good catch ... this is the commit which introduces it. (SVN r5668)
You're right, this is in 2.1.2/2.1.3
commit aaf72974672e4f2af2053247b63ef6f06bdc80c0
Author: James Yonan <ja...@openvpn.net>
Date: Tue Jun 1 07:12:27 2010 +0000
Implemented a key/value auth channel from client to server.
Version 2.1.1i
git-svn-id:
http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@5668
e7ae566f-a301-0410-adde-c780ea21d3b5
<sarcastic>
And according to our normal procedure, this is of course not
documented in the man page.
</sarcastic>
Thanks, JJK for catching this! I don't think many have tested it -
except James. So if you wouldn't mind testing it out and maybe shed
some knowledge about it, that would be great!
just toyed with it for about an hour or so and I can't get it to work -
I even ran
openvpn --cipher none --auth none
to see if I could see the IV_ and UV_ variables fly over the wire and I
don't even see that.
Looks like this is still under development, but it is a nice starting
point for implementing this enhancement (I'd go for a full negotiation
step).
share and enjoy,
JJK
