Re: [Openvpn-devel] script-security 1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/10 22:58, Jan Just Keijser wrote: [...snip...] | I guess the only platform on which '--script-security 0' can do | something useful is Windows, as the IPAPI calls are "internal", that is, | they do not require an execve() to initialize

Re: [Openvpn-devel] script-security 1

Hi David, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/10 15:53, Jan Just Keijser wrote: hi all, the openvpn 2.1 man page on script-security reads: --script-security level [method] This directive offers policy-level control over OpenVPN's usage of

Re: [Openvpn-devel] PATCH: floating-tls

On 12/02/2010 11:56:56 AM, Samuli Seppänen wrote: > Hi Blaise, > > Actually we discussed the floating-tls patch in last community > meeting: > > > The discussion ends with deciding that the feature be "opt-in", I presume via a compile

Re: [Openvpn-devel] PATCH: floating-tls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/10 18:44, Blaise Gassend wrote: > Hi, > > Didn't hear back from anybody. Is there really no interest at all in > adding floating TLS? > We discussed this patch on the developers meeting last week. We probably forgot to give an explicit

Re: [Openvpn-devel] PATCH: floating-tls

Hi Blaise, Actually we discussed the floating-tls patch in last community meeting: This week's meeting is starting in ~5 minutes on #openvpn-devel at irc.freenode.net - perhaps you could join and discuss floating-tls in detail with the

Re: [Openvpn-devel] PATCH: floating-tls

On 12/02/2010 11:44:27 AM, Blaise Gassend wrote: > Hi, > > Didn't hear back from anybody. Is there really no interest at all in > adding floating TLS? Sounds like a nice feature to me, but I don't know enough to ack the code. Karl Free Software: "You don't pay back, you pay

Re: [Openvpn-devel] script-security 1

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/10 15:53, Jan Just Keijser wrote: > hi all, > > the openvpn 2.1 man page on script-security reads: > > --script-security level [method] > This directive offers policy-level control over OpenVPN's usage of > external programs and

[Openvpn-devel] Topics for today's meeting

Hi, We're having an IRC meeting today, starting at 18:00 UTC on #openvpn-de...@irc.freenode.net. Current topic list is here: If you have any other things you'd like to bring up, respond to this mail, send me mail privately or add

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

On 12/02/2010 12:10 PM, Matthias Andree wrote: > Am 02.12.2010 10:46, schrieb Farkas Levente: >> On 12/02/2010 10:05 AM, Adriaan de Jong wrote: >>> Hi List, >>> >>> We've been working on OpenVPN in preparation for a security evaluation. >>> This entailed documenting OpenVPN at a relatively high

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

Great to hear positive reactions. I'll wait with the rebase to 2.2 until I get a signal from you. To answer your question: patch 3 only adds a backend for PolarSSL, adding a configure option to select the SSL library to use. I'm still working on a few extra features, such as PolarSSL PKCS #11

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

On Thu, 02 Dec 2010 12:10:29 +0100 Matthias Andree wrote: > > most distro switch from openssl to nss. is there any reason you switch > > to polarssl in stead of nss? > > > > What do you base the "most distro" assessment on? > > Are you aware of any website discussing

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

Am 02.12.2010 10:46, schrieb Farkas Levente: > On 12/02/2010 10:05 AM, Adriaan de Jong wrote: >> Hi List, >> >> We've been working on OpenVPN in preparation for a security evaluation. This >> entailed documenting OpenVPN at a relatively high level, removing the >> dependencies on OpenSSL, and

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/12/10 10:05, Adriaan de Jong wrote: > Hi List, > > We've been working on OpenVPN in preparation for a security evaluation. This > entailed documenting OpenVPN at a relatively high level, removing the > dependencies on OpenSSL, and adding

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

We’re hoping that it is a big step towards modularization for both the data channel crypto and control channel negotiation. As the control channel verification code has been separated, it should also be a first step towards modularization of that code. Adriaan From: chantra

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

> PolarSSL was a personal choice for us, mostly due to its simplicity and > multi-platform support. The patch is written in such a way that generic > operations from most libraries should work, as long as a new backend is > written for them. > > Adriaan Hi, This seems to be a step forward

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

PolarSSL was a personal choice for us, mostly due to its simplicity and multi-platform support. The patch is written in such a way that generic operations from most libraries should work, as long as a new backend is written for them. Adriaan > -Original Message- > From: Farkas

Re: [Openvpn-devel] Documentation and alternative SSL backend patches

On 12/02/2010 10:05 AM, Adriaan de Jong wrote: > Hi List, > > We've been working on OpenVPN in preparation for a security evaluation. This > entailed documenting OpenVPN at a relatively high level, removing the > dependencies on OpenSSL, and adding support for a simpler, easier to evaluate >

[Openvpn-devel] Documentation and alternative SSL backend patches

Hi List, We've been working on OpenVPN in preparation for a security evaluation. This entailed documenting OpenVPN at a relatively high level, removing the dependencies on OpenSSL, and adding support for a simpler, easier to evaluate library (PolarSSL). This was done in a series of patches: