Am 04.02.22 um 17:51 schrieb Antonio Quartulli:
Hi,
On 05/11/2021 16:07, Arne Schwabe wrote:
When we try to make a configuration compatible to a version earlier
than 2.4.0 we probably need to have a --cipher configured since NCP
is not available. In configuration where --cipher is not specified
Hi,
On Fri, Feb 04, 2022 at 04:45:04PM +0100, Antonio Quartulli wrote:
> README.IPv6 is quite useless because IPv6 is not a second
> class citizen anymore. Most of the content is "obvious" or explained in
> the manpage along with other details/options.
>
> TODO.IPv6 is old and many implemented th
Hi,
On 05/11/2021 16:07, Arne Schwabe wrote:
When we try to make a configuration compatible to a version earlier
than 2.4.0 we probably need to have a --cipher configured since NCP
is not available. In configuration where --cipher is not specified
we default to BF-CBC to support these old client
Hi,
On 04/02/2022 16:45, Antonio Quartulli wrote:
README.IPv6 is quite useless because IPv6 is not a second
class citizen anymore. Most of the content is "obvious" or explained in
the manpage along with other details/options.
TODO.IPv6 is old and many implemented things are still reported there
README.IPv6 is quite useless because IPv6 is not a second
class citizen anymore. Most of the content is "obvious" or explained in
the manpage along with other details/options.
TODO.IPv6 is old and many implemented things are still reported there
for no clear reason. Prune all useless details and k
Your patch has been applied to the master and release/2.5 branch (bugfix).
I'm fairly sure this particular use case was broken "since ever", but
I'm not backporting this to 2.4 and 2.3 today.
commit cae1a7fcf14e6ded34ab5a1e8842c3034cc89608 (master)
commit 1e573aa9b31d9270bd43d8c5a448314508a3311f
Compiled and slightly tested on Windows/MSVC, works as expected.
Code looks reasonable.
Acked-by: Lev Stipakov
--
-Lev
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--inactive has an optional 2nd parameter specifiying the number of
bytes that need to be sent/received in the given time window. This
was parsed with atoi(), stored in an 32bit int. atoi() overflows at
2Gbyte (signed int), which makes gcc return "0" and MSVC "2^31-1"
for the value reported in the
Basic client tests work, patch looks reasonable (and has an ACK :-) ).
Did not go to the software museum to actually test in FIPS mode.
Your patch has been applied to the master branch.
commit 291e7cd514eb03e6cd7949e5219557710ae8
Author: Antonio Quartulli
Date: Thu Feb 3 20:36:55 2022 +010
Basic client test works, quick glance looks reasonable.
Your patch has been applied to the master branch.
commit 2d822550ad990fbd498523fb1ab62ca19b3bb93c
Author: Antonio Quartulli
Date: Thu Feb 3 20:36:54 2022 +0100
crypto: move validation logic from cipher_get to cipher_valid
Signe
--inactive has an optional 2nd parameter specifiying the number of
bytes that need to be sent/received in the given time window. This
was parsed with atoi(), stored in an 32bit int. atoi() overflows at
2Gbyte (signed int), which makes gcc return "0" and MSVC "2^31-1"
for the value reported in the
On 03/02/2022 20:36, Antonio Quartulli wrote:
Our crypto API already provides a function performing a validity check
on the specified ciphername. The OpenSSL counterpart also checks for the
cipher being FIPS-enabled.
This API is cipher_valid(). Extend it so that it can provide a reason
whenever
On 03/02/2022 20:36, Antonio Quartulli wrote:
With cipher validation performed in cipher_get(), a cipher is never
returned in any case if some check fails.
This prevents OpenVPN from operating on all ciphers provided by the SSL
library, like printing them to the user.
Move the validation logic
13 matches
Mail list logo