Attention is currently required from: flichtenheld. plaisthos has posted comments on this change. ( http://gerrit.openvpn.net/c/openvpn/+/449?usp=email )
Change subject: Allow the TLS session to send out TLS alerts ...................................................................... Patch Set 1: (8 comments) Commit Message: http://gerrit.openvpn.net/c/openvpn/+/449/comment/e66f6133_04b1cc5d : PS1, Line 20: Sending out alerts is a slight compromise in security as alerts give > superfluous space Done http://gerrit.openvpn.net/c/openvpn/+/449/comment/d04c679a_cc1ae3ed : PS1, Line 22: out. But since all other consumers TLS implementation are already doing this > "consumer TLS implementations" Done http://gerrit.openvpn.net/c/openvpn/+/449/comment/8660b029_d3b05646 : PS1, Line 23: and TLS implementation (nowadays) are very careful not to leak (sensitive) > "implementations" Done File Changes.rst: http://gerrit.openvpn.net/c/openvpn/+/449/comment/9f072ad8_eab0e86f : PS1, Line 6: OpenVPN 2.7 will send out TLS alerts to peer informing them if the TLS > "peers" Done http://gerrit.openvpn.net/c/openvpn/+/449/comment/568b8456_4669a9a3 : PS1, Line 10: a timeout when the server just stop responding completely. > "stops" Done File src/openvpn/ssl.c: http://gerrit.openvpn.net/c/openvpn/+/449/comment/a39b7fdf_e1dbd71f : PS1, Line 2846: * Shut down an SSL session, so an SSL close notify is sent if there no other > "there is" Done http://gerrit.openvpn.net/c/openvpn/+/449/comment/8e57006f_630e475d : PS1, Line 2851: do_ssl_shutdown(struct key_state *ks) > Why do we need an empty function? Was this supposed to call > key_state_ssl_shutdown? Yes. That is accidentally leftover code from an earlier version. I decided on the key_state_ssl_shutdown name as that aligns more with similar functions in existing code File src/openvpn/ssl_backend.h: http://gerrit.openvpn.net/c/openvpn/+/449/comment/6cfd1f28_022bf406 : PS1, Line 376: * a shutdown altert. > alert Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/449?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Gerrit-Change-Number: 449 Gerrit-PatchSet: 1 Gerrit-Owner: plaisthos <arne-open...@rfc2549.org> Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com> Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net> Gerrit-Attention: flichtenheld <fr...@lichtenheld.com> Gerrit-Comment-Date: Mon, 20 Nov 2023 13:02:18 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: flichtenheld <fr...@lichtenheld.com> Gerrit-MessageType: comment
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
