[Openvpn-devel] [PATCH] Further removal of des_old.h based calls

Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb Signed-off-by: Adriaan de Jong --- crypto_openssl.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index fdea326..9906479

Re: [Openvpn-devel] [PATCH] Removed obsolete des_cblock and des_keyschedule

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 13:11, Adriaan de Jong wrote: > To allow building on NetBSD. > > Signed-off-by: Adriaan de Jong Applied to master branch on -testing and -stable git trees. Commit 899e9e4c244410b1d26b84db992f137f8bcb5783 kind

Re: [Openvpn-devel] [PATCH] Removed obsolete des_cblock and des_keyschedule

Hi, On Mon, Oct 24, 2011 at 01:11:32PM +0200, Adriaan de Jong wrote: > To allow building on NetBSD. > > Signed-off-by: Adriaan de Jong ACK, but maybe the comment should be a bit more descriptive, like "allow building on NetBSD which does not install anymore" or such.

[Openvpn-devel] [PATCH] Removed obsolete des_cblock and des_keyschedule

To allow building on NetBSD. Signed-off-by: Adriaan de Jong --- crypto_openssl.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index e43d73c..fdea326 100644 --- a/crypto_openssl.c +++ b/crypto_openssl.c @@

Re: [Openvpn-devel] [PATCH 1/3] Got rid of a few magic numbers in ntlm.c

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:46, Adriaan de Jong wrote: > Signed-off-by: Adriaan de Jong --- > crypto_backend.h |6 +++--- crypto_openssl.c |2 +- > crypto_openssl.h |3 +++ crypto_polarssl.c |2 +- > crypto_polarssl.h |2

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 12:39, Adriaan de Jong wrote: > On 10/24/2011 11:50 AM, David Sommerseth wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 24/10/11 10:58, Adriaan de Jong wrote: >>> Unfortunately BF isn't supported in PolarSSL though. >>>

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:50 AM, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:58, Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :) I agree

Re: [Openvpn-devel] [PATCH 2/3] Fixed disabling crypto and SSL

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:46, Adriaan de Jong wrote: > Signed-off-by: Adriaan de Jong --- Makefile.am > | 23 --- configure.ac |2 -- > crypto_openssl.c |4 crypto_polarssl.c |4 >

Re: [Openvpn-devel] [PATCH] When using multihome, create environment variables for target IP and interface on the server

On Mon, 24 Oct 2011 12:07:49 +0200, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 19/09/11 19:19, Davide Brini wrote: > > Signed-off-by: Davide Brini > > > > This patch creates two new environment variables:

Re: [Openvpn-devel] [PATCH] Added missing #ifdef to allow --disable-managent to work again

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 11:39, Adriaan de Jong wrote: > Signed-off-by: Adriaan de Jong Applied to master branch in -testing and -stable trees. commit 7c785a27bfe5267ee4aac12fe6d0a24c42e388d6 Author: Adriaan de Jong

Re: [Openvpn-devel] [PATCH] Added missing #ifdef to allow --disable-managent to work again

Hi, On Mon, Oct 24, 2011 at 11:39:05AM +0200, Adriaan de Jong wrote: > @@ -172,7 +172,10 @@ static inline bool verify_user_pass_enabled(struct > tls_session *session) > { >return (session->opt->auth_user_pass_verify_script > || plugin_defined (session->opt->plugins, >

Re: [Openvpn-devel] [PATCH] When using multihome, create environment variables for target IP and interface on the server

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/09/11 19:19, Davide Brini wrote: > Signed-off-by: Davide Brini > > This patch creates two new environment variables: "multihome_iface" > and "multihome_ip", which contain respectively the interface name and > IP address where

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:58, Adriaan de Jong wrote: > Unfortunately BF isn't supported in PolarSSL though. > > Do you have any other suggestions? I'm open to most ideas other than > "implement blowfish" :) I agree with JJK, that this is probably not a clever

[Openvpn-devel] [PATCH] Added missing #ifdef to allow --disable-managent to work again

Signed-off-by: Adriaan de Jong --- ssl_verify.h |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/ssl_verify.h b/ssl_verify.h index 1eaf639..1809137 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -172,7 +172,10 @@ static inline bool

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:03 AM, Jan Just Keijser wrote: Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :) hmmm then perhaps the default should be changed to AES-128 ? That's an

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :) Adriaan > -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Sent: maandag 24 oktober 2011 10:55 > To: Adriaan de

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

I'd NACK this patch : the default behaviour of OpenVPN should be independent of the SSL implementation. JJK Adriaan de Jong wrote: > Signed-off-by: Adriaan de Jong > --- > options.c |5 + > 1 files changed, 5 insertions(+), 0 deletions(-) > > diff --git a/options.c

[Openvpn-devel] [PATCH 2/3] Fixed disabling crypto and SSL

Signed-off-by: Adriaan de Jong --- Makefile.am | 23 --- configure.ac |2 -- crypto_openssl.c |4 crypto_polarssl.c |4 options.h |2 +- pkcs11_openssl.c |4 ++-- pkcs11_polarssl.c

[Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

Signed-off-by: Adriaan de Jong --- options.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/options.c b/options.c index 39e7a57..d917072 100644 --- a/options.c +++ b/options.c @@ -810,7 +810,12 @@ init_options (struct options *o, const bool

[Openvpn-devel] [PATCH 1/3] Got rid of a few magic numbers in ntlm.c

Signed-off-by: Adriaan de Jong --- crypto_backend.h |6 +++--- crypto_openssl.c |2 +- crypto_openssl.h |3 +++ crypto_polarssl.c |2 +- crypto_polarssl.h |2 ++ ntlm.c| 30 +++--- 6 files changed, 25 insertions(+),

[Openvpn-devel] [PATCH v2] Fix PolarSSL and --pkcs12 option issues

PolarSSL does not support PKCS#12 certificate/key bundles, but had a typo where #ifdef USE_POLARSSL was used, and it should have been #ifndef instead. Also added a few extra exclusions of PKCS#12 messages where appropriate, to avoid confusing users. Signed-off-by: David Sommerseth

Re: [Openvpn-devel] Fix PolarSSL and --pkcs12 option issues

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/10/11 17:33, Nathan Stratton Treadway wrote: > On Sun, Oct 23, 2011 at 12:35:13 +0200, David Sommerseth wrote: >> diff --git a/options.c b/options.c index 39e7a57..4fd6933 100644 --- >> a/options.c +++ b/options.c @@ -559,7 +559,9 @@ static