Re: [Openvpn-devel] [PATCH 1/1] Rework mbedtls CRL handling

Hi Max, On 07/04/2021 21:15, Max Fillinger wrote: > This commit fixes the following two issues: > > The config belonging to a mbedtls_ssl_ctx struct is not supposed to be > changed after mbedtls_ssl_setup() has been called. Previously, we > modified the CRL structure in place when a new CRL was

[Openvpn-devel] [PATCH 0/1] CRL issues with mbedtls

This patch fixes the bug I wrote about earlier[0] where the mbedtls version of OpenVPN might not properly reload a CRL when running in a chroot. I've submitted a somewhat hacky patch for it[1]. While looking into it further, I also noticed another unrelated problem: The mbedtls documentation

[Openvpn-devel] [PATCH 1/1] Rework mbedtls CRL handling

This commit fixes the following two issues: The config belonging to a mbedtls_ssl_ctx struct is not supposed to be changed after mbedtls_ssl_setup() has been called. Previously, we modified the CRL structure in place when a new CRL was loaded, but a pointer to this struct appears in configs that

[Openvpn-devel] [PATCH v6] Implement deferred auth for scripts

This patch also refactors the if condition that checks the result of the authentication since that has become quite unreadable. It renames s1/s2 and extracts some parts of the condition into individual variables to make the condition better understandle Patch v2: add refactoring of the if

Re: [Openvpn-devel] [PATCH] Remove --no-replay

Hi, On 26/07/2020 15:31, Arne Schwabe wrote: > Am 26.07.20 um 02:01 schrieb Arne Schwabe: >> Am 17.07.20 um 19:10 schrieb David Sommerseth: >>> The --no-replay feature is considered to be a security weakness, which >>> was also highlighed during the OpenVPN 2.4 security audit [0]. This >>>

Re: [Openvpn-devel] [PATCH 5/5] Remove OpenSSL configure checks

Hi, On 06/04/2021 23:01, Antonio Quartulli wrote: > > I like the new approach a lot. > It definitely helps keeping track of "what compat code do we need? and > for which version?" > > Just one suggestion: > I think it would still be useful to add a comment on the #endif line to > explicitly say

[Openvpn-devel] [PATCH applied] Re: Use EVP_CTRL_AEAD_* instead EVP_CTRL_GCM_*

Lightly client-side tested with OpenSSL 1.0.2 and 1.1.1 Your patch has been applied to the master branch. commit 3fbeeda5cd3cbd0cbb4c039b469685e2a6254daf Author: Arne Schwabe Date: Tue Apr 6 18:25:17 2021 +0200 Use EVP_CTRL_AEAD_* instead EVP_CTRL_GCM_* Signed-off-by: Arne Schwabe

[Openvpn-devel] [PATCH applied] Re: ssl: remove unneeded if block

Acked-by: Gert Doering *Such* a pretty patch! Your patch has been applied to the master branch. commit 8af7c6b2d79b63ef5587ef1bc4ec81834905698e Author: Antonio Quartulli Date: Mon Apr 5 14:28:27 2021 +0200 ssl: remove unneeded if block Signed-off-by: Antonio Quartulli

[Openvpn-devel] Summary of the community meeting (7th April 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 7th April 2021 Time: 11:30 CET (10:30 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] Community meetings in April 2021

Hi, Next community meetings have been scheduled to - Wed 14th April 2021 at 14:00 CET - Wed 21st April 2021 at 14:00 CET - Wed 28th April 2021 at 14:00 CET Please note the change of time (11:30 -> 14:00). The place is #openvpn-meeting IRC channel at Freenode. Meeting agendas and summaries are

[Openvpn-devel] [PATCH applied] Re: Remove check for socket functions and Win XP compatbility code

Acked-by: Gert Doering Since Antonio did all the testing, I can take the blame :-) - we dropped support for Windows XP quite a while ago, and I think also for Vista - the "give me IPv6 routing info!" code new in 2.4 is not available on older Windows versions, but since they are all out of

[Openvpn-devel] [PATCH applied] Re: Remove checks for uint* types that are part of C99

Your patch has been applied to the master branch. I have stared at the patch a bit, and pushed it ot all the buildbots, which are "all green". So that's the oldest stuff I care about... (and since we require a C99 compiler anyway, expecting C99 headers should be reasonable nowadays) commit

[Openvpn-devel] [PATCH applied] Re: Remove a number of checks for functions/headers that are always present

Acked-by: Gert Doering I find these very reasonable changes (like, what, or , these have been around since K day 1...). And Eurephia definitely needs dropping! The buildbot army agrees that these changes are fine :-) Your patch has been applied to the master branch. commit