Attention is currently required from: plaisthos. flichtenheld has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/449?usp=email )
Change subject: Allow the TLS session to send out TLS alerts ...................................................................... Patch Set 1: Code-Review-2 (9 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/449/comment/ce9fb57d_f01b1b19 : PS1, Line 20: Sending out alerts is a slight compromise in security as alerts give superfluous space http://gerrit.openvpn.net/c/openvpn/+/449/comment/8bf6026e_889913be : PS1, Line 22: out. But since all other consumers TLS implementation are already doing this "consumer TLS implementations" http://gerrit.openvpn.net/c/openvpn/+/449/comment/a80886c0_b6d5627c : PS1, Line 23: and TLS implementation (nowadays) are very careful not to leak (sensitive) "implementations" Patchset: PS1: Can't judge the state machine patch really. But the doubts about the shutdown function makes this a NAK either way. File Changes.rst: http://gerrit.openvpn.net/c/openvpn/+/449/comment/9c3faa2e_d4fd7ba3 : PS1, Line 6: OpenVPN 2.7 will send out TLS alerts to peer informing them if the TLS "peers" http://gerrit.openvpn.net/c/openvpn/+/449/comment/fd295cc6_2def6a9b : PS1, Line 10: a timeout when the server just stop responding completely. "stops" File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/449/comment/38284760_a524bebe : PS1, Line 2846: * Shut down an SSL session, so an SSL close notify is sent if there no other "there is" http://gerrit.openvpn.net/c/openvpn/+/449/comment/8e4b3e48_338f6a18 : PS1, Line 2851: do_ssl_shutdown(struct key_state *ks) Why do we need an empty function? Was this supposed to call key_state_ssl_shutdown? File src/openvpn/ssl_backend.h: http://gerrit.openvpn.net/c/openvpn/+/449/comment/fa6d4de4_e2eda72e : PS1, Line 376: * a shutdown altert. alert -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/449?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Gerrit-Change-Number: 449 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: plaisthos <arne-open...@rfc2549.org> Gerrit-Comment-Date: Mon, 20 Nov 2023 11:55:56 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: Yes Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel