On Sun, 2023-01-15 at 16:04 +0100, Gert Doering wrote:
> Hi,
>
> On Sun, Jan 15, 2023 at 08:37:00AM -0500, James Bottomley wrote:
> > The GNU project began in 1982. Static libraries for SYS-V were
> > initially proposed around 1986 and didn't become widespread until
>
On Sun, 2023-01-15 at 16:34 +0100, Arne Schwabe wrote:
> Am 15.01.23 um 16:22 schrieb James Bottomley:
> > On Sun, 2023-01-15 at 15:22 +0100, Arne Schwabe wrote:
[...]
> > > So you are right in the sense that the Apache2 is just
> > > a normal library to link for most
On Sun, 2023-01-15 at 15:22 +0100, Arne Schwabe wrote:
>
> > If that's the source of this issue, then I think there's a
> > misunderstanding about the problem the OpenSSL exception is
> > addressing. The problem was that the OpenSSL licence required
> > additional conditions be imposed on the bina
On Sun, 2023-01-15 at 05:23 +0100, Arne Schwabe wrote:
> > Even if, for the sake of argument, I assume that what you're doing
> > isn't covered by the system library exception, then what you're
> > proposing doesn't fix your problem. Your problem becomes section 2
> > of the GPLv2: you must distri
On Sun, 2023-01-15 at 14:12 +0100, Arne Schwabe wrote:
> Am 15.01.23 um 14:10 schrieb Matthias Andree:
> > Am 15.01.23 um 12:44 schrieb Gert Doering:
> > > Hi,
> > >
> > > On Sat, Jan 14, 2023 at 05:28:09PM -0500, James Bottomley wrote:
> > > > Wh
On Sat, 2023-01-14 at 21:34 +0100, Arne Schwabe wrote:
> Am 14.01.2023 um 20:57 schrieb James Bottomley:
> > On Sat, 2023-01-14 at 18:29 +0100, Arne Schwabe wrote:
> > > Hey,
> > >
> > > This is the first round and will be only to the openvpn-devel
> &g
On Sat, 2023-01-14 at 18:29 +0100, Arne Schwabe wrote:
> Hey,
>
> This is the first round and will be only to the openvpn-devel list.
> After that I will also write to individuals email addresses but I
> want to start with sending this to the devel list.
>
> We are writing to you since you are o
On Sat, 2021-12-11 at 13:58 +0100, Matthias Andree wrote:
> Greetings,
>
> I am seeking clarification on licensing, judging from OpenVPN 2.5.X
> (meaning latest 2.5).
>
> 1. mbedTLS licensing compatibility. AFAICS, mbedTLS is currently
> under dual Apache License 2.0 and GPLv2,
> https://tls.mbe
On Mon, 2020-06-29 at 19:51 +0200, Gert Doering wrote:
> The rules to generate $(builddir)/openssl.cnf from
> $(srcdir)/openssl.cnf.in only worked for GNU Make. BSD make needs
> the rules more explicit, and the target must not have a directory
> specification (fixes commit 542c69c37).
This defini
On Wed, 2020-06-24 at 01:18 +0500, Илья Шипицин wrote:
[...]
> I've added output of log.txt, if you are going to modify "grep"
> magic, can you adopt something like that, please ?
OK, I folded this into the --enable-small correction
James
---8>8>8><8<8
On Tue, 2020-06-23 at 21:26 +0200, Gert Doering wrote:
> Hi,
>
> On Tue, Jun 23, 2020 at 08:47:33PM +0200, Gert Doering wrote:
> > On Tue, Jun 23, 2020 at 11:36:49PM +0500, ??
> > wrote:
> > > Also, I think we should out log.txt in case of failure.
> >
> > Indeed, this would
On Tue, 2020-06-23 at 21:43 +0500, Илья Шипицин wrote:
> as far as I understand, openssl-1.0.2 does not support engines ?
No, it does. Engines were a pre 0.9.8 thing. I support openssl in my
builds for the TPM engine down to 1.0.1
However, the failure:
> Key mismatch not detected
>
> FAIL: ch
openssl.cnf.in', needed
> by 'openssl.cnf'. Stop.
> 3673make[6]: Leaving directory
> '/home/travis/build/OpenVPN/openvpn/openvpn-
> 2.5_git/_build/sub/tests/unit_tests/engine-key'
> 3674
>
> (so now the source file is missing)
>
> Please.
operations and we check for these
in the log to make sure the engine was used to load the key and that
it correctly got the password.
Signed-off-by: James Bottomley
---
v8: Fix openssl.cnf.in build rule for BSD
v7: Hard code .so for dll
v6: add absolute path instead of env variable in
This is the version that should work on Linux, Mac and BSD (famous
last words ...). I've checked it on the Linux platforms (Ubuntu and
OpenSUSE).
James
---
James Bottomley (1):
Add unit tests for engine keys
configure.ac | 2 +
tests/unit_
On Mon, 2020-06-22 at 19:28 +0200, Gert Doering wrote:
> Hi,
>
> On Mon, Jun 22, 2020 at 10:06:44AM -0700, James Bottomley wrote:
> > > [..]
> > > > Right, that's what the patch in the url does: uses .so on both
> > > > mac
> > > > and
On Mon, 2020-06-22 at 18:23 +0200, Gert Doering wrote:
> Hi,
>
> On Sun, Jun 21, 2020 at 08:10:34AM -0700, James Bottomley wrote:
> > > Arne, James, can we converge on something here?
> >
> > Could someone just test the proposed updated v6 patch on a Mac?
>
On Sun, 2020-06-21 at 10:53 +0200, Gert Doering wrote:
> Hi,
>
> On Thu, May 28, 2020 at 03:59:20PM -0700, James Bottomley wrote:
> > Testing engines is problematic, so one of the prerequisites built
> > for the tests is a simple openssl engine that reads a non-standard
>
On Fri, 2020-06-12 at 08:23 +0200, Gert Doering wrote:
> Hi,
>
> On Thu, May 28, 2020 at 04:46:51PM -0700, James Bottomley wrote:
> > diff --git a/tests/unit_tests/openvpn/test_ncp.c
> > b/tests/unit_tests/openvpn/test_ncp.c
> > index 19432410..f58fa2ea 100644
> &g
an include for
openssl/conf.h. You don't need that today because pretty much every
other openssl header includes it, but that may not always have been so.
Does the below patch fix it? If it does, it should probably be folded
into the other patch. It should be safe because openssl/conf.h has
exist
On Sat, 2020-06-06 at 20:16 +0200, Gert Doering wrote:
> Hi,
>
> On Sat, Jun 06, 2020 at 08:22:51AM -0700, James Bottomley wrote:
> > The only remaining problem is the lack of environment variable
> > support
> > in MAC openssl which I'll fix by using the absol
lack of environment variable support
in MAC openssl which I'll fix by using the absolute path. If it works
I think below is the replacement patch.
James
---8>8>8><8<8<8
From: James Bottomley
Subject: [PATCH v7 3/3] Add unit tests for engine keys
Testing engines i
On Fri, 2020-06-05 at 09:28 -0700, James Bottomley wrote:
> On Fri, 2020-06-05 at 13:31 +0200, Arne Schwabe wrote:
> [...]
> > Somehow this turns into a autoconf/automake nightmare:
>
> Heh, got to say autoconf is a bit of a nightmare for its more
> esoteric features bec
On Fri, 2020-06-05 at 13:31 +0200, Arne Schwabe wrote:
[...]
> Somehow this turns into a autoconf/automake nightmare:
Heh, got to say autoconf is a bit of a nightmare for its more esoteric
features because the docs usually don't cover them and you end up
having to take the opinion of the internet,
On Fri, 2020-06-05 at 00:37 +0200, Arne Schwabe wrote:
> Am 29.05.20 um 01:46 schrieb James Bottomley:
> > I'm getting this failure of test_ncp.c
> >
> > [ RUN ] test_check_ncp_ciphers_list
> > [ ERROR ] --- 0x7d67e8 != 0
> > [ LINE ] --- test_n
I'm getting this failure of test_ncp.c
[ RUN ] test_check_ncp_ciphers_list
[ ERROR ] --- 0x7d67e8 != 0
[ LINE ] --- test_ncp.c:65: error: Failure!
[ FAILED ] test_check_ncp_ciphers_list
I'm building under openssl-1.1.0i
The problem seems to be openssl uses a mixed case name for the
operations and we check for these
in the log to make sure the engine was used to load the key and that
it correctly got the password.
Signed-off-by: James Bottomley
---
v5: do not hard code dynamic library extension into openssl.cnf (MacOS)
v4: add OPENSSL_config(NULL) so debian checks will work
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
v2: add better configuration guarding
v4: - use crypto_msg() instead of raw openssl prints
- remove ENGINE_init/finish(). Openvpn already initializes the engine
so doing a second
configuration file with the OPENSSL_CONF environment
variable.
Signed-off-by: James Bottomley
---
src/openvpn/crypto_openssl.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4ac77fde..fd57edd2 100644
--- a/src/openvpn
mismatch between the certificate and
the key after the key has been loaded rather than going on to bring up
an openvpn loop, but I think that's sufficient to test out the engine
patch fully.
---
James Bottomley (3):
openssl: add engine method for loading the key
crypto_openssl: add initia
On Mon, 2020-05-25 at 14:52 +0200, Arne Schwabe wrote:
> Am 25.05.20 um 08:04 schrieb Gert Doering:
> > Hi,
> >
> > I see the granularity of your patch set as "not right":
> >
> > On Sun, May 24, 2020 at 01:33:22PM -0700, James Bottomley wrote:
> >
On Mon, 2020-05-25 at 08:04 +0200, Gert Doering wrote:
> Hi,
>
> I see the granularity of your patch set as "not right":
>
> On Sun, May 24, 2020 at 01:33:22PM -0700, James Bottomley wrote:
> > Testing engines is problematic, so one of the prerequisites built
&g
operations and we check for these
in the log to make sure the engine was used to load the key and that
it correctly got the password.
Signed-off-by: James Bottomley
---
v5: do not hard code dynamic library extension into openssl.cnf (MacOS)
v4: add OPENSSL_config(NULL) so debian checks will work
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
v2: add better configuration guarding
v4: - use crypto_msg() instead of raw openssl prints
- remove ENGINE_init/finish(). Openvpn already initializes the engine
so doing a second
te and
the key after the key has been loaded rather than going on to bring up
an openvpn loop, but I think that's sufficient to test out the engine
patch fully.
---
James Bottomley (2):
openssl: add engine method for loading the key
Add unit tests for e
te and
the key after the key has been loaded rather than going on to bring up
an openvpn loop, but I think that's sufficient to test out the engine
patch fully.
---
James Bottomley (2):
openssl: add engine method for loading the key
Add unit tests for e
On Fri, 2020-02-14 at 18:33 +0500, Илья Шипицин wrote:
> пт, 14 февр. 2020 г. в 18:05, James Bottomley <
> james.bottom...@hansenpartnership.com>:
>
> > On Thu, 2020-02-13 at 19:18 +0100, Arne Schwabe wrote:
> > > Am 10.02.18 um 23:50 schrieb James Bottoml
On Thu, 2020-02-13 at 19:18 +0100, Arne Schwabe wrote:
> Am 10.02.18 um 23:50 schrieb James Bottomley:
> > Testing engines is problematic, so one of the prerequisites built
> > for the tests is a simple openssl engine that reads a non-standard
> > PEM guarded key. The test i
operations and we check for these
in the log to make sure the engine was used to load the key and that
it correctly got the password.
Signed-off-by: James Bottomley
---
v4: add OPENSSL_config(NULL) so debian checks will work
v3: added this patch
---
configure.ac
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
v2: add better configuration guarding
v4: - use crypto_msg() instead of raw openssl prints
- remove ENGINE_init/finish(). Openvpn already initializes the engine
so doing a second
ather than going on to bring up
an openvpn loop, but I think that's sufficient to test out the engine
patch fully.
James Bottomley (2):
openssl: add engine method for loading the key
Add unit tests for engine keys
configure.ac | 2 +
src/openvpn/c
On Mon, 2018-01-29 at 08:43 +0100, Arne Schwabe wrote:
> Am 26.01.18 um 21:30 schrieb James Bottomley:
> >
> > As well as doing crypto acceleration, engines can also be used to
> > load key files. If the engine is set, and the private key loading
> > fails for bi
operations and we check for these
in the log to make sure the engine was used to load the key and that
it correctly got the password.
Signed-off-by: James Bottomley
---
configure.ac | 2 +
tests/unit_tests/Makefile.am | 6 +-
tests
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
v2: add better configuration guarding
---
src/openvpn/crypto_openssl.c | 55
src/openvpn/crypto_openssl.h | 12 ++
src/openvpn
ather than going on to bring up
an openvpn loop, but I think that's sufficient to test out the engine
patch fully.
James Bottomley (2):
openssl: add engine method for loading the key
Add unit tests for engine keys
configure.ac | 2 +
src/openvpn/c
On Tue, 2018-01-16 at 00:07 +0100, Emmanuel Deloget wrote:
> While the number of required changes were quite small (and have no
> impact on openvpn), this was quite a journey. I guess some of the
> merits should go to RSA, Microsoft and Intel, for their incredible
> effort in building comprehensive
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
v2: add better configuration guarding
---
src/openvpn/crypto_openssl.c | 55
src/openvpn/crypto_openssl.h | 12 ++
src/openvpn
fails.
James Bottomley (1):
openssl: add engine method for loading the key
src/openvpn/crypto_openssl.c | 55
src/openvpn/crypto_openssl.h | 12 ++
src/openvpn/ssl_openssl.c| 6 -
3 files changed, 72 insertions(+), 1 deletion(-)
--
2
On Wed, 2017-11-08 at 13:27 +0100, David Sommerseth wrote:
> I need to spend a bit more time to fully grasp the UI get/set calls
> and the related implementation. But what is done in regards to
> password retrieving in ui_read() makes sense to me.
How to use UI methods is (unsurprisingly) badly d
On Sun, 2017-10-29 at 17:03 -0400, Selva wrote:
> Hi,
>
> On Sun, Oct 29, 2017 at 12:04 PM, James Bottomley hansenpartnership.com> wrote:
>
> >
> > On Sun, 2017-10-29 at 16:24 +0100, Gert Doering wrote:
> > >
> > > Hi,
> > >
> >
On Sun, 2017-10-29 at 16:24 +0100, Gert Doering wrote:
> Hi,
>
> On Sat, Oct 28, 2017 at 01:02:27PM +0100, James Bottomley wrote:
> >
> > Engine keys are an openssl concept for a key file which can only be
> > understood by an engine (usually because it's been
On Sun, 2017-10-29 at 23:15 +0800, Antonio Quartulli wrote:
> James,
>
> could you please resend a full patch, so to have a better overview of
> the whole change?
Sure thing. It's below.
James
---
From d55d6f50cd156ac8e5cdead1b5c03569885158f6 Mon Sep 17 00:00:00 2001
From
In openssl 1.1, ENGINE_cleanup became a #define instead of a function
(because it's no longer needed as engines are self cleaning). Update
the autoconf.ac script to check for ENGINE_cleanup as a declaration to
avoid falsely underfinig HAVE_OPENSSL_ENGINE in openssl 1.1+
Signed-off-by:
On Sun, 2017-10-29 at 17:34 +0500, Илья Шипицин wrote:
> 2017-10-28 17:03 GMT+05:00 James Bottomley <
> james.bottom...@hansenpartnership.com>:
>
> >
> > As well as doing crypto acceleration, engines can also be used to
> > load
> > key files. If the eng
the openssl tpm engines to make openvpn use a
TPM wrapped key file.
Signed-off-by: James Bottomley
---
src/openvpn/crypto_backend.h | 13
src/openvpn/crypto_openssl.c | 49
src/openvpn/ssl_openssl.c| 6 +-
3 files changed, 67
fails.
James
---
James Bottomley (1):
openssl: add engine method for loading the key
src/openvpn/crypto_backend.h | 13
src/openvpn/crypto_openssl.c | 49
src/openvpn/ssl_openssl.c| 6 +-
3 files changed, 67 insertions(+), 1 del
56 matches
Mail list logo
