Re: [Openvpn-devel] [PATCH v2 3/7] Return cached result in tls_authentication_status

Hi, Something in this patch is not working as expected. I tested with master + this patch. When a client connects and inputs the wrong password, the server goes into a loop: 2021-05-06 00:50:46 10.10.10.2:1194 Delayed exit in 5 seconds 2021-05-06 00:50:46 10.10.10.2:1194 SENT CONTROL [client]:

[Openvpn-devel] [PATCH] forward: get rid of useless declarations for actually static functions

From: Antonio Quartulli A bunch of functions defined in forward.c and declared in forward.h are actually used only in forward.c. For this very reason they don't need to be declared in forward.h at all and can be defined as static. Signed-off-by: Antonio Quartulli --- src/openvpn/forward.c | 5

Re: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, ‐‐‐ Original Message ‐‐‐ On Wednesday, 5 May 2021 08:51, Arne Schwabe wrote: > > > Could you explain why you need the process ID of the daemon? I am trying > > > to figure out why that is needed. I also don't understand the secure in >

[Openvpn-devel] [PATCH applied] Re: Add CRL extractor script for --crl-verify dir mode

Acked-by: Gert Doering We discussed this in the community meeting today, and came to the conclusion that this is a nice and helpful addition. It could be argued that python is somewhat heavy to "run an openssl binary and do something with the result", but it's neither the first nor last python s

[Openvpn-devel] Summary of the community meeting (5th May 2021)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on irc.freenode.net Date: Wed 5th May 2021 Time: 14:00 CET (12:00 UTC) Planned meeting topics for this meeting were here: Your local meetin

Re: [Openvpn-devel] [PATCH] Allow PKCS#11 uri to be used as --cert and --key file names

Hi JJK, On Wed, May 5, 2021 at 4:00 AM Jan Just Keijser wrote: > > Hi Selva, > > On 05/05/21 07:18, selva.n...@gmail.com wrote: > > From: Selva Nair > > > > If either --cert or --key is specified as a PKCS#11 uri, try to > > load the certificate and key from any accessible PKCS#11 device. > > Th

Re: [Openvpn-devel] [PATCH] Allow PKCS#11 uri to be used as --cert and --key file names

Hi Selva, On 05/05/21 07:18, selva.n...@gmail.com wrote: From: Selva Nair If either --cert or --key is specified as a PKCS#11 uri, try to load the certificate and key from any accessible PKCS#11 device. This does not require linking with any pkcs11 library, but needs pkcs11 engine to be availa

Re: [Openvpn-devel] [PATCH] Add daemon_pid to --tls-crypt-v2-verify environment

>> Could you explain why you need the process ID of the daemon? I am trying >> to figure out why that is needed. I also don't understand the secure in >> this context. What are you protecting yourself against? You are not >> protecting your script being called from a malicious program as that >>

[Openvpn-devel] Fwd: Introducing the OpenVPN Data Channel Offload Windows driver

Hello all, I would like to announce a new version of "ovpn-dco-win"-enabled client. Here are some changes from the previous version: 1) MSI based installer. This makes upgrades from existing installations more smooth, since starting from version 2.5 openvpn has switched to MSI. - ovpn-dco-win