Re: [Openvpn-devel] [PATCH 1/3] Make it explicit that WIndows build requires UNICODE support

Hi, Change makes sense, indeed it was possible to at least try to build iservice in non-UNICODE setup. Which doesn't make much sense since we always build with UNICODE for releases. Built and smoke-tested with MSVC. Haven't noticed any issues. Acked-by: Lev Stipakov __

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, ‐‐‐ Original Message ‐‐‐ On Monday, 24 May 2021 21:43, Arne Schwabe wrote: > Am 24.05.2021 um 16:07 schrieb tincantech via Openvpn-devel: > > > Hi, > > Is this expected ? > > I might to check if it is even a good idea to allow tls-verif

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

Am 24.05.2021 um 16:07 schrieb tincantech via Openvpn-devel: Hi, Is this expected ? I might to check if it is even a good idea to allow tls-verify and other verify options together peer-fingerprint. (You could implement peer-fingerprint with tls-verify as well. Since we haven't published 2

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

> Note: In the logs above, the script is executed *before* Openvpn/Openssl > verification, so exporting error-status to env for script seems unlikely. No so. The script is executed from a callback and the error from openssl is very much in there and should be exported to scripts, imo. This was not

[Openvpn-devel] [PATCH] Do not require CA when peer-fingerprint is used

From: Selva Nair Fix --ca or --ca-path check when --pkcs11-id or --cryptoapicert is used with --peer-fingerprint. The multiple --ca or --capath checks are consolidated into a function Signed-off-by: Selva Nair --- src/openvpn/options.c | 44 ++- 1 file

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I may be wrong but this is the order as it appears to me: ‐‐‐ Original Message ‐‐‐ On Monday, 24 May 2021 18:39, Selva Nair wrote: > > Server log: > > 2021-05-24 14:58:03 us=534606 10.10.201.226:60276 TLS CRYPT V2 VERIFY > > SCRIPT

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, ‐‐‐ Original Message ‐‐‐ On Monday, 24 May 2021 18:39, Selva Nair wrote: > Hi, > > On Mon, May 24, 2021 at 10:09 AM tincantech via Openvpn-devel > openvpn-devel@lists.sourceforge.net wrote: > > > -BEGIN PGP SIGNED MESSAGE- > >

Re: [Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

Hi, On Mon, May 24, 2021 at 10:09 AM tincantech via Openvpn-devel wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi, > > Is this expected ? > > Server log: > > 2021-05-24 14:58:03 us=534606 10.10.201.226:60276 TLS CRYPT V2 VERIFY SCRIPT > OK > 2021-05-24 14:58:03 us=558066 10.1

[Openvpn-devel] --tls-verify runs twice for a single cert in Peer-fingerprint mode

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Is this expected ? Server log: 2021-05-24 14:58:03 us=534606 10.10.201.226:60276 TLS CRYPT V2 VERIFY SCRIPT OK 2021-05-24 14:58:03 us=558066 10.10.201.226:60276 VERIFY KU OK 2021-05-24 14:58:03 us=558105 10.10.201.226:60276 Validating certific