[Openvpn-devel] [PATCH v2] Allow inlining of --auth-user-pass

username and password on two lines. Signed-off-by: Davide Brini <dave...@gmx.com> Updated patch to current master, removed printing of the username/password. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- doc/openvpn.8| 3 +-- src/openvpn/init.c | 5 ++--

[Openvpn-devel] [PATCH] Allow inlining of --auth-user-pass

username and password on two lines. Signed-off-by: Davide Brini <dave...@gmx.com> Updated patch to current master, removed printing of the username/password. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- doc/openvpn.8| 3 +-- src/openvpn/init.c | 5 ++--

[Openvpn-devel] [PATCH] Support for username-only auth file.

usernames usually don't change and can therefore be "hardcoded" in the config. Signed-off-by: Michal Ludvig <mlud...@logix.net.nz> Reviewed and updated to current master. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- doc/openvpn.8 | 3 +- src/o

Re: [Openvpn-devel] Heartbleed

On 9-4-2014 10:49, Илья Шипицин wrote: > I did not say "nobind protects from everything", but I did mean that > clients with "nobind" are more protected in case of non patched > openssl library shipped with (old) openvpn windows installer. > > > if server is patched (what is rather easy thing

Re: [Openvpn-devel] Support for libsodium?

> -Original Message- > From: Ed W [mailto:li...@wildgooses.com] > Sent: vrijdag 19 april 2013 12:35 > To: Adriaan de Jong > Cc: Gert Doering; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Support for libsodium? > > On 19/04/2013 11:1

Re: [Openvpn-devel] Support for libsodium?

> -Original Message- > From: Ed W [mailto:li...@wildgooses.com] > Sent: vrijdag 19 april 2013 11:50 > To: Adriaan de Jong > Cc: Gert Doering; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Support for libsodium? > > Hi > > I think I'm

Re: [Openvpn-devel] Support for libsodium?

Hi, > From: Gert Doering [mailto:g...@greenie.muc.de] > Sent: donderdag 18 april 2013 22:45 > > Hi, > > On Thu, Apr 18, 2013 at 08:28:42PM +0100, Ed W wrote: > > Hi, given the new abstractions to support PolarSSL, what > > interest/resistance would there be to supporting libsodium? > >

Re: [Openvpn-devel] Updated PolarSSL 1.2 support patch set

Ack from my side on the patch set. I've looked at them and haven't found any issues. > -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: vrijdag 22 maart 2013 9:54 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] Updated

Re: [Openvpn-devel] [PATCH 1/5] PolarSSL-1.2 support

Ack, I think this solves the PolarSSL with/without PKCS11-helper problem. > -Original Message- > From: Steffan Karger [mailto:steffan.kar...@fox-it.com] > Sent: woensdag 20 maart 2013 19:53 > To: Gert Doering > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH

Re: [Openvpn-devel] PolarSSL 1.2 support, while keeping config file compatibility

Ack on patches 1-5! > -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: maandag 18 maart 2013 17:37 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] PolarSSL 1.2 support, while keeping config > file compatibility > > Hi

Re: [Openvpn-devel] option --crl-verify PATH dir

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: dinsdag 5 februari 2013 16:00 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net; Jan Just Keijser; James Yonan > Subject: Re: [Openvpn-devel] option --crl-verify P

Re: [Openvpn-devel] option --crl-verify PATH dir

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > Sent: zondag 3 februari 2013 15:52 > To: Jan Just Keijser > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] option --crl-verify PATH dir > > On 03/02/13 12:02, Jan Just Keijser

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

> -Original Message- > From: steffan.kar...@fox-it.com [mailto:steffan.kar...@fox-it.com] > Sent: donderdag 17 januari 2013 9:23 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > From: Steffan Karger > >

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

> -Original Message- > From: Matthias Andree [mailto:matthias.and...@gmx.de] > Sent: zondag 20 januari 2013 14:09 > To: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support > > Is there any important system where requiring PolarSSL >= 1.2.3

[Openvpn-devel] [PATCH] Fix --show-pkcs11-ids

[PATCH] Fix --show-pkcs11-ids (Bug #239) Broken by 75b49e406430299b187964744f82e50a9035a0d3. Signed-off-by: Joachim Schipper --- src/openvpn/pkcs11.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/pkcs11.c b/src/openvpn/pkcs11.c

[Openvpn-devel] [PATCH] Fixed a bug where PolarSSL gave an error when using an inline file tag.

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- src/openvpn/ssl_polarssl.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c index 6995958..12318b3 100644 --- a/src/openvpn/ssl_polarssl.c +++ b/src/o

Re: [Openvpn-devel] [PATCH] build: support =polarssl-1.1.0

Ah, it was an off-by-one, that's why I missed it. Ack! Adriaan > -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: donderdag 7 juni 2012 11:54 > To: Alon Bar-Lev > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] build: support

Re: [Openvpn-devel] PolarSSL 1.1.0 support?

> -Original Message- > From: Frank de Brabander [mailto:braban...@fox-it.com] > Sent: donderdag 7 juni 2012 11:36 > To: Samuli Seppänen; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support? > > Maybe this should actually be changed to >= 1.1.2, since

Re: [Openvpn-devel] PolarSSL 1.1.0 support?

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 7 juni 2012 11:33 > To: Samuli Seppänen > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] PolarSSL 1.1.0 support? > > On Thu, Jun 7, 2012 at 12:24 PM, Samuli Seppänen

Re: [Openvpn-devel] [PATCH] build: check minimum polarssl version

Looks good! I'll give it a feature ack. I don't see any problems in the autoconf code, but I'm not an expert in that area. So a tentative ack there too. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 21 mei 2012 13:04 > To:

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 16:33 > To: Mendelt Siebenga > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset > > Hello Mendelt, > > Thank you for

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

the simplest solution. > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 9:17 > To: Adriaan de Jong > Cc: Arne Schwabe; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Ch

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

. The management interface is a great tool, completely separating OpenVPN from its management interface. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 8:49 > To: Adriaan de Jong > Cc: Arne Schwabe

Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 10 mei 2012 2:10 > To: Arne Schwabe > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH] Openvpn for Android 4.0 Changeset > > On Thu, May 10, 2012 at 3:01 AM, Arne

Re: [Openvpn-devel] [RFC] Split plugins into their own repositories

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: zondag 6 mei 2012 18:55 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [RFC] Split plugins into their own > repositories > > Hello, > > Now, I also have the courage to ask one more

Re: [Openvpn-devel] [PATCH] Signed-off-by: Jan Just Keijser <janj...@nikhef.nl>

Hi Jan-Just, > -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Adriaan de Jong wrote: > > > > On 02/07/2012 04:13 PM, Jan Just Keijser wrote: > >> > >> +void > >> +tls_ctx_load_ecdh_params (st

Re: [Openvpn-devel] [PATCH] Signed-off-by: Jan Just Keijser <janj...@nikhef.nl>

Hi Janjust, I've finally had the time to take a look at this patch with a colleague who is more familiar with the subject at hand :). Hope this helps. Please see my comments inline. Adriaan On 02/07/2012 04:13 PM, Jan Just Keijser wrote: > Added support for Elliptic curves (ECDSA) + SHA2

[Openvpn-devel] [OpenVPN/openvpn] 6efeaa: Added support for new PolarSSL 1.1 RNG

Branch: refs/heads/master Home: https://github.com/OpenVPN/openvpn Commit: 6efeaa2e4462bc10f395d8aceed363c3e77b35a3 https://github.com/OpenVPN/openvpn/commit/6efeaa2e4462bc10f395d8aceed363c3e77b35a3 Author: Adriaan de Jong <dej...@fox-it.com> Date: 2012-04-27 (Fri, 27 Ap

Re: [Openvpn-devel] openssl ouch

> -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > Sent: donderdag 19 april 2012 15:56 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] openssl ouch > > ouch: > http://www.openssl.org/news/secadv_20120419.txt > > we need to investigate

Re: [Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h

Bar-Lev [mailto:alon.bar...@gmail.com] Sent: zaterdag 14 april 2012 18:58 To: Adriaan de Jong Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h This is strange! As there is nothing in this file that needs

[Openvpn-devel] [PATCH] Ensure sys/un.h autoconf detection includes sys/socket.h

This is required to build an Android binary. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- configure.ac |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 70c51e7..dc5bb43 100644 --- a/configure.ac +++ b/configure.ac @@

Re: [Openvpn-devel] ACK system review finished

ct, > changes to the patchset is for the good of the community, improving the > quality of the work to be committed. Usually the changes during/after > review are minor, and will be reviewed anyway, as author will state > what change and simple diff may be used to delta-review. > > I rea

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

> -Original Message- > From: David Sommerseth [mailto:openvpn.l...@topphemmelig.net] > On 02/04/12 20:50, Alon Bar-Lev wrote: > > On Mon, Apr 2, 2012 at 8:31 PM, Adriaan de Jong <dej...@fox-it.com> > > wrote: > >>> -Original Message- Fr

Re: [Openvpn-devel] [PATCH 2/6] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

nal Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 2 april 2012 11:19 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 2/6] Added a configuration option > to enable prediction resistance in the P

Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: maandag 2 april 2012 12:42 > To: David Sommerseth > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL > 1.1 RNG > > On Mon, Apr 2, 2012 at 1:39

[Openvpn-devel] [PATCH 6/6] Updated README.polarssl with build system changes.

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- README.polarssl |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.polarssl b/README.polarssl index 77a9575..ab7c2d7 100644 --- a/README.polarssl +++ b/README.polarssl @@ -3,11 +3,11 @@ instructions: To

[Openvpn-devel] [PATCH 3/6] Use POLARSSL_CFLAGS instead of POLARSSL_CRYPTO_CFLAGS in configure.ac

Ensured that the used variable name actually matches the one advertised by configure. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- configure.ac |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/configure.ac b/configure.ac index ef34697..70c51e7

[Openvpn-devel] [PATCH 4/6] Removed support for PolarSSL < 1.1

. PolarSSL fixes this potential issue by also using platform entropy. To ensure that OpenVPN is always built against a decent RNG, PolarSSL <1.1 is therefore no longer supported. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- src/openvpn/crypto_polarssl

[Openvpn-devel] [PATCH 5/6] Removed stray "Fox-IT hardening" string.

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- src/openvpn/ssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c index 767bc8e..19512c0 100644 --- a/src/openvpn/ssl.c +++ b/src/openvpn/ssl.c @@ -392,7 +392,7 @@ in

[Openvpn-devel] [PATCH 1/6] Added support for new PolarSSL 1.1 RNG

) Finally, this patch moves to only one instance of the RNG per OpenVPN instance, instead of one per keystate Signed-off-by: Adriaan de Jong <dej...@fox-it.com> Signed-off-by: Eelse-jan Stutvoet <stutv...@fox-it.com> --- src/openvpn/crypto_polar

Re: [Openvpn-devel] [PATCH] cleanup: gc usage

On 04/01/2012 03:46 PM, Alon Bar-Lev wrote: > Cleanup of "Use the garbage collector when retrieving x509 fields" > patch series. > > Discussed at [1]. > > There should be an effort to produce common function prologue > and epilogue, so that cleanups will be done at single point. > > [1]

[Openvpn-devel] [PATCH 1/2] Added support for new PolarSSL 1.1 RNG

) Finally, this patch moves to only one instance of the RNG per OpenVPN instance, instead of one per keystate Signed-off-by: Adriaan de Jong <dej...@fox-it.com> Signed-off-by: Eelse-jan Stutvoet <stutv...@fox-it.com> --- crypto_polar

[Openvpn-devel] [PATCH 2/2] Added a configuration option to enable prediction resistance in the PolarSSL random number generator.

Signed-off-by: Eelse-jan Stutvoet <stutv...@fox-it.com> Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto_polarssl.c |9 + crypto_polarssl.h |7 +++ init.c|6 ++ openvpn.8 | 14 ++ options.c

[Openvpn-devel] [PATCH] Fixed off-by-one in serial length calculation

The serial length was one digit too short, resulting in missing digits at the end of the certificate's stringified serial number. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl_verify_polarssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff

Re: [Openvpn-devel] [PATCH 02/02] Remove calls to OpenSSL when building with --disable-ssl

On 02/28/2012 12:48 PM, David Sommerseth wrote: > On 28/02/12 12:40, Igor Novgorodov wrote: >> On 28.02.2012 15:34, David Sommerseth wrote: >> And when building with SSL support, it won't be called here, but >> in ssl_openssl.c in tls_init_lib() instead. > > Indeed. This looks good. So unless

Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL 1.1.x branch

to:fab...@lettink.de] On Behalf Of Fabian > Knittel > Sent: dinsdag 28 februari 2012 8:40 > To: Igor Novgorodov > Cc: Adriaan de Jong; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 01/02] Add support for PolarSSL > 1.1.x branch > > Hi Igor, >

Re: [Openvpn-devel] [PATCH 00/35] build revolution

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: donderdag 23 februari 2012 21:20 > > Hello Again, > > Now the openvpn-build supports creating nsis installation package, > including singing. Output package is at[1]. > > Notice that all process is done on

Re: [Openvpn-devel] [PATCH 00/35] build revolution

> -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: dinsdag 21 februari 2012 10:02 > > Oh, and I forgot. > Most optional dependencies are now disabled by default. > You should explicitly enable lzo with --enable-lzo > Hi Alon, It's great to see a lot of

Re: [Openvpn-devel] [PATCH 33/35] build: proper crypto detection and usage

I need to delve into this one a little further once I have time. At first glance, a minor nack: OpenSSL 0.9.6 isn't supported anymore, so the autoconf statement and any >= 0.9.7 statements can go. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent:

Re: [Openvpn-devel] [PATCH 02/35] cleanup: crypto_openssl.c: remove support for pre-openssl-0.9.6

Ack, I'll be glad to be rid of some of this cruft. Adriaan > -Original Message- > From: Alon Bar-Lev [mailto:alon.bar...@gmail.com] > Sent: dinsdag 21 februari 2012 2:22 > To: openvpn-devel@lists.sourceforge.net > Cc: Alon Bar-Lev > Subject: [Openvpn-devel] [PATCH 02/35] cleanup:

Re: [Openvpn-devel] Cipher problem on Mac OS X

> -Original Message- > From: Frank de Brabander [mailto:braban...@fox-it.com] > > Hello, > > I have looked into the problem, it seems to be caused by the return > type of cipher_kt_mode() in crypto_backend.h being declared as a bool. > This function is called from init_key_type() of

Re: [Openvpn-devel] Cipher problem on Mac OS X

ph)); return 0; } --- SNIP --- The commands would be: $ gcc -lssl $ ./a.out Thanks, Adriaan de Jong

[Openvpn-devel] [PATCH 3/3] Migrated x509_get_sha1_hash to use the garbage collector

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl_verify.c |7 ++- ssl_verify_backend.h | 11 ++- ssl_verify_openssl.c | 17 - ssl_verify_polarssl.c | 17 +++-- 4 files changed, 11 insertions(+), 41 deletions(-) diff

[Openvpn-devel] [PATCH 1/3] Migrated x509_get_subject to use of the garbage collector

This also cleans up a messy call in pkcs11.c to _openssl_get_subject, as discussed at FOSDEM. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- pkcs11.c | 10 ++ pkcs11_backend.h |8 +++- pkcs11_openssl.c | 16 +++- pkcs11_pola

[Openvpn-devel] [PATCH 0/3] Use the garbage collector when retrieving x509 fields

A number of the x509 functions allocated memory directly, instead of using the default OpenVPN convention: the garbage collector. This is fixed in this series of patches. Adriaan

Re: [Openvpn-devel] OpenVPN and Android 4.0 VPN API

> -Original Message- > From: James Ring [mailto:s...@jdns.org] > Sent: dinsdag 7 februari 2012 23:33 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] OpenVPN and Android 4.0 VPN API > > Hi there, > > I was just wondering if anybody has seen the new Android 4.0 VPN

Re: [Openvpn-devel] Assertion failed at buffer.c:313

> Hi guys > > I experience "Assertion failed at buffer.c:313" on my RHEL5/x64 caused > by: > > commit bee92b479414d12035b0422f81ac5fcfe14fa645 > Author: Adriaan de Jong <dej...@fox-it.com> > Date: Sun Feb 5 12:51:25 2012 +0100 > > Removed sup

Re: [Openvpn-devel] [PATCH 2/2] Removed support for calling gc_malloc with a NULL gc_arena struct

> -Original Message- > From: Jan Just Keijser [mailto:janj...@nikhef.nl] > > I agree with Gert: > I spent most of my train journey yesterday figuring out what the next > assert failure/segfault was , caused by this buffer.c change; > env_set_create is one, log_history_add was also giving

[Openvpn-devel] [PATCH 2/2] Removed support for calling gc_malloc with a NULL gc_arena struct

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- buffer.c | 29 ++--- 1 files changed, 10 insertions(+), 19 deletions(-) diff --git a/buffer.c b/buffer.c index 2f8e4b8..c39bbcb 100644 --- a/buffer.c +++ b/buffer.c @@ -310,28 +310,19 @@ gc_malloc (size_t size

[Openvpn-devel] [PATCH 1/2] Moved out of memory prototype to error.h, as the definition is in error.c

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- buffer.h |4 +--- error.h |3 +++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/buffer.h b/buffer.h index e6113f9..6c79007 100644 --- a/buffer.h +++ b/buffer.h @@ -26,6 +26,7 @@ #define BUFFER_H #include &q

[Openvpn-devel] [PATCH] Minor code cleanup: cleaned up error handling in verify_cert.

Removed done label and cleaned up return values. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl_verify.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl_verify.c b/ssl_verify.c index 326b005..feee124 100644 --- a/ssl_verify.c +++ b/ssl_ve

Re: [Openvpn-devel] Summary of the IRC meeting (19th Jan 2012)

> > PS I'm intending to go to FOSDEM on sunday; which room will you guys > meet in? > Good question... I'm heading to Brussels on Friday evening, and will head over to the beer event in Delerium Tremens as soon as I've settled in to my hotel room. Anyone else heading there? Adriaan

Re: [Openvpn-devel] Problem with alloc_buf_gc function

> -Original Message- > From: Gert Doering [mailto:g...@greenie.muc.de] > > On Mon, Dec 12, 2011 at 09:32:51AM +, Tiran Kaskas wrote: > > Is there a problem connecting a client running 2.1.4 (the one with > polarssl) to a server running 2.0.9? > > Well, the default crypto algorithms

Re: [Openvpn-devel] Suggesting a new patch review approach

> -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: maandag 5 december 2011 11:47 > To: David Sommerseth > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Suggesting a new patch review approach > > > > > > Hi, > > > > We've had a very

Re: [Openvpn-devel] Topics for today's meeting

Just to put in my 2cents on the build options: there is a tool that supports all of those environments (gmake, cygwin, mingw, nmake, visual studio, eclipse, ), and that's CMake. It's widely used, and has a pretty good track record. It can also support automated test environments and

[Openvpn-devel] OpenVPN approved for government use in the Netherlands

was the creation of a secure distribution channel for the hardened OpenVPN version (OpenVPN-NL), which has now been launched at https://openvpn.fox-it.com/ . I'd like to thank everyone in the OpenVPN community for helping throughout the process! Kind Regards, Adriaan de Jong PS. The press release

Re: [Openvpn-devel] [PATCH] Fixed a regression causing VS2008/Python build failure

ACK, my LZO library ends up in a different place for some reason... Adriaan > -Original Message- > From: sam...@openvpn.net [mailto:sam...@openvpn.net] > Sent: woensdag 9 november 2011 10:50 > To: openvpn-devel@lists.sourceforge.net > Subject: [Openvpn-devel] [PATCH] Fixed a regression

[Openvpn-devel] [PATCH 8/8] Fixed a typo when initialising cryptoapi certs

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl_openssl.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/ssl_openssl.c b/ssl_openssl.c index 391968a..b95944c 100644 --- a/ssl_openssl.c +++ b/ssl_openssl.c @@ -339,7 +339,7 @@ tls_ctx_load_cryptoapi(

[Openvpn-devel] [PATCH 7/8] Minor cleanup to enable warning-free Windows build:

- Changed int32_t to size_t - Removed some unused variables - Added missing include files - changed ordering to ensure variable declarations are before asserts Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto.c |3 +-- pkcs11_polarssl.c |1 - ssl_ope

[Openvpn-devel] [PATCH 4/8] Reordered functions to ensure warning-free Windows build

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- plugin.h | 21 ++--- 1 files changed, 10 insertions(+), 11 deletions(-) diff --git a/plugin.h b/plugin.h index 7aacb47..948ab88 100644 --- a/plugin.h +++ b/plugin.h @@ -122,6 +122,16 @@ void plugin_list_open (

[Openvpn-devel] [PATCH 1/8] Moved prng_uninit out of crypto_uninit_lib

Since prng_uninit is SSL-library agnostic, but crypto_uninit_lib isn't, the function was moved up a level. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto.c |1 + crypto_openssl.c |2 -- crypto_polarssl.c |1 - ssl.c |4 ++-- 4 files c

[Openvpn-devel] [PATCH 3/8] Fixed missing comma in plugin.h

Fixed a bug where the wrong value was being passed to plugin_call_ssl, due to a missing comma. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- plugin.h |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/plugin.h b/plugin.h index 8782751..7aacb47

[Openvpn-devel] [PATCH 2/8] Moved CryptoAPI header include to the ssl_openssl.c

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl.c |4 ssl_openssl.c |4 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl.c b/ssl.c index 955a0d1..c26756e 100644 --- a/ssl.c +++ b/ssl.c @@ -62,10 +62,6 @@ #include "ssl_verify.h

[Openvpn-devel] Series of patches to fix Windows builds and other errors

Hi, The following series of patches enables Windows builds and fixes a few bugs to boot. Most of it I'm quite comfortable with. The only unfortunate thing in these patches is switching between OpenSSL and PolarSSL. This currently requires changing two flags instead of one, due to the build

[Openvpn-devel] [PATCH] Further removal of des_old.h based calls

Replaced des_set_key_unchecked and des_ecb_encrypt functions in cipher_des_encrypt_ecb Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto_openssl.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index fdea326..9

[Openvpn-devel] [PATCH] Removed obsolete des_cblock and des_keyschedule

To allow building on NetBSD. Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto_openssl.c |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto_openssl.c b/crypto_openssl.c index e43d73c..fdea326 100644 --- a/crypto_openssl.c +++ b/crypto_ope

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:50 AM, David Sommerseth wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 24/10/11 10:58, Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :

[Openvpn-devel] [PATCH] Added missing #ifdef to allow --disable-managent to work again

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- ssl_verify.h |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/ssl_verify.h b/ssl_verify.h index 1eaf639..1809137 100644 --- a/ssl_verify.h +++ b/ssl_verify.h @@ -172,7 +172,10 @@ static inlin

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

On 10/24/2011 11:03 AM, Jan Just Keijser wrote: Adriaan de Jong wrote: Unfortunately BF isn't supported in PolarSSL though. Do you have any other suggestions? I'm open to most ideas other than "implement blowfish" :) hmmm then perhaps the default should be changed to AES-128

Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

55 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] [PATCH 3/3] Changed default algorithm for > PolarSSL to AES-128, as BF is not supported > > I'd NACK this patch : the default behaviour of OpenVPN should be > independent of the SSL

[Openvpn-devel] [PATCH 2/3] Fixed disabling crypto and SSL

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- Makefile.am | 23 --- configure.ac |2 -- crypto_openssl.c |4 crypto_polarssl.c |4 options.h |2 +- pkcs11_openssl.c |4 ++-- pkcs11_pola

[Openvpn-devel] [PATCH 3/3] Changed default algorithm for PolarSSL to AES-128, as BF is not supported

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- options.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/options.c b/options.c index 39e7a57..d917072 100644 --- a/options.c +++ b/options.c @@ -810,7 +810,12 @@ init_options (struct options *o, cons

[Openvpn-devel] [PATCH 1/3] Got rid of a few magic numbers in ntlm.c

Signed-off-by: Adriaan de Jong <dej...@fox-it.com> --- crypto_backend.h |6 +++--- crypto_openssl.c |2 +- crypto_openssl.h |3 +++ crypto_polarssl.c |2 +- crypto_polarssl.h |2 ++ ntlm.c| 30 +++--- 6 files changed, 25 inse

[Openvpn-devel] PolarSSL 1.0.0 support

Hi everyone, The patch available at https://github.com/andj/openvpn-ssl-refactoring/commit/77b34616e70dcab081b2a2f0f567d1ab8fd25349 moves OpenVPN master from PolarSSL v0.99-pre5 to v1.0.0, the first stable release of PolarSSL. I've kept it on github instead of using git-mail as It exists on top

[Openvpn-devel] Rebased SSL patches

If someone can ack these last few changes, then David can start merging! Kind regards, Adriaan de Jong

Re: [Openvpn-devel] Topics for tomorrow's meeting

Hi Samuli, I'll be around as well this evening. If we have any time I'd like to discuss the next steps for the PolarSSL addition patch, and the as-yet unapproved fixes that follow it. Kind Regards, Adriaan > -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] >

[Openvpn-devel] Minor issue in master git

(I'm not entirely sure what needs to be done here?) Thanks, Adriaan de Jong

Re: [Openvpn-devel] openvpn support for challenge-response otp (user+pass+otp)

> -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > > There's some support for challenge-response authentication in OpenVPN: > > testing.git;a=commit;h=3cf9dd88fd84108eccfcce0ebf44e00f9481cd82>

Re: [Openvpn-devel] Bug: extended x509-username-field broken in git

> -Original Message- > From: Markus Kötter [mailto:koet...@rrzn-hiwi.uni-hannover.de] > > On 07/07/2011 09:06 PM, Adriaan de Jong wrote: > > A fix is included in my SSL separation patch set, in this patch to be > > exact: > > https://github.com/andj/ope

Re: [Openvpn-devel] Bug: extended x509-username-field broken in git

On Wed, Jul 6, 2011 at 6:55 PM, Markus Koetter < koet...@rrzn-hiwi.uni-hannover.de> wrote: > On 07/05/2011 03:15 PM, David Sommerseth wrote: > >> Can you please use git bisect to locate the offending commit? >> > > I figured out this never really worked with openvpn git at all. > During

[Openvpn-devel] [PATCH] Further improvements to plugin support:

-by: Adriaan de Jong <dej...@fox-it.com> --- openvpn-plugin.h | 19 --- plugin.c |4 ++-- plugin.h |6 ++ plugin/examples/log_v3.c |1 + 4 files changed, 17 insertions(+), 13 deletions(-) diff --git a/openvpn-plugin.h b/o

Re: [Openvpn-devel] PolarSSL patches

problem, where if USE_SSL is not defined a dependency to OpenSSL's x509 header still exists for plugins. I've fixed this in a patch that I'll upload and mail soon. Adriaan From: Samuli Seppänen [mailto:sam...@openvpn.net] Sent: woensdag 6 juli 2011 21:21 To: Adriaan de Jong Cc: openvpn-devel

Re: [Openvpn-devel] [PATCH 3/8] Added control channel crypto docs

NTROL/P_ACK is a reliable channel. Each use their > > - * own independent HMAC keys. > > - * (3) Note that when --tls-auth is used, all message types are > > - * protected with an HMAC signature, even the initial packets > > - * of the TLS handshake. This makes it easy for OpenVPN to > > - * throw away bogus packets quickly, without wasting resources > > - * on attempting a TLS handshake which will ultimately fail. > > - */ > > Just beginning to wonder if this big block is moved over to > doxygen/doc_protocol_overview.h? > You're right, the block was moved out to a documentation-only header to improve legibility of the actual source code. I just double checked to see if anything was missing, but it seems complete. (https://github.com/andj/openvpn-ssl-refactoring/blob/4970f1485d4d2117ccb3b1932965809fc51d8efe/doxygen/doc_protocol_overview.h) > [...snip...] > > Generally looks good. Some "typos" here, but this can be fixed in an > additional patch. I'm mostly concerned about the big block which this > patch seems to remove. If it is moved to other files, then it is fine. > > So that this needs to be solved with an additional patch and confirm > that > the documentation taken out of this file is not lost, then I'll give > this > one an ACK. > Thanks! If you think it's necessary I'll change the "should be overwritten with 0s." in a patch, other than that, are you satisfied with the answers? Kind Regards, Adriaan de Jong

[Openvpn-devel] PolarSSL patches

interested parties please have a look and provide me with feedback (through IRC/e-mail?). Thanks! Adriaan de Jong PS. Note that due to limitations in PolarSSL, it is still missing a number of features: * PKCS#12 file support * --capath support - Loading certificate authorities from a directory

Re: [Openvpn-devel] Summary of the IRC meeting (30th June 2011)

> -Original Message- > From: Adriaan de Jong [mailto:dej...@fox-it.com] > Sent: vrijdag 1 juli 2011 17:25 > To: Samuli Seppänen; openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Summary of the IRC meeting (30th June > 2011) > > The github pa

Re: [Openvpn-devel] Summary of the IRC meeting (30th June 2011)

The github page is available at https://github.com/andj/openvpn-ssl-refactoring . Note that the version up there currently is broken :(, as PolarSSL integration is a work in progress. > -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: vrijdag 1 juli 2011

[Openvpn-devel] [Patches] SSL separation patches

to ask :). Enjoy, Adriaan de Jong 4-SSL-separation.tar.gz Description: 4-SSL-separation.tar.gz

Re: [Openvpn-devel] Topics for tomorrow's meeting

> -Original Message- > From: Samuli Seppänen [mailto:sam...@openvpn.net] > Sent: woensdag 29 juni 2011 9:24 > > We're having an IRC meeting today, starting at 18:00 UTC on > #openvpn-de...@irc.freenode.net. Current topic list is here: > >

Re: [Openvpn-devel] [PATCH 0/28] Refactor OpenSSL crypto functions

As a quick bootnote: the numbering of these patches starts at 10, continuing from the previous doxygen patches... Adriaan > -Original Message- > From: Adriaan de Jong [mailto:dej...@fox-it.com] > Sent: vrijdag 24 juni 2011 11:55 > To: openvpn-devel@lists.sourceforge.n

[Openvpn-devel] [PATCH 26/28] Removed stale OpenSSL defines from crypto.h

--- crypto.h | 119 -- crypto_openssl.c |2 + ssl.c|3 + 3 files changed, 5 insertions(+), 119 deletions(-) diff --git a/crypto.h b/crypto.h index dd99598..24ab9fa 100644 --- a/crypto.h +++ b/crypto.h @@ -34,22

  1   2   >