Re: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment

Wed, 05 May 2021 15:01:53 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, 5 May 2021 08:51, Arne Schwabe <a...@rfc2549.org> wrote:

> > > Could you explain why you need the process ID of the daemon? I am trying
> > > to figure out why that is needed. I also don't understand the secure in
> > > this context. What are you protecting yourself against? You are not
> > > protecting your script being called from a malicious program as that
> > > could lookup the PID of openvpn and just set the daemon_id variable.
> >
> > The reason I am using the process ID is as follows:
> > When --tls-crypt-v2-verify is executed, it saves a file named:
> > $(certificate_serial_number}.${daemon_pid}
> > with data from the TLS-Crypt-V2 key metadata field, which can then
> > be read by the following scripts: --tls-verify and --client-connect.
>
> I can get behind the need of needing something daemon specific when
> running multiple daemon that scripts/plugins need something simple to
> identify a specific daemon. With management and a persistent connection
> that is easier to implicitly assign an ID but for scripts daemon_pid
> seems to be a good fit.
>
> So if we make that a bit clear in the commit message this gets an ACK
> from me.
>

Arne,

thanks for the feedback, I can resubmit with an improved commit message
and corrected email if required.

Thanks
R
-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgkxVyACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ0PGggAtMnaL8kv8Z2xGvqMkSr+TO7kHLWl2OoYP+o+S18NpUpQrLn1
1Yr0t2ZHjdho30l24iMsKGYAgtPwXfmNgNI+tjhb2p7URRNgkfaDDDUiTePL
hfnZnjLdmjlCIurKNnCqFsVKj92C2jQbicLcCH+504a0TeTLGmWaCYQ3/QiE
2I5CUJErNmjXrBRTeS5hB7FLSbYzbAs1AC5dU7uGSxjnhPrT1tx7An/GNAc6
HJMMBhF1if98jvPRntG6zXLTC4nIFPEM73m9oyWyrwXPql0lD8hZJ08OnpxI
YyfsH3KEFc3f6st2pmAen8o31zuDxARpYdhusqiLzqWW0WbCj1lt7A==
=ClM7
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
























					Reply via email to