Menu
▾
▴
[Openvpn-devel] PolarSSL-1.2 support
|
From: Eugene R. <gen...@gm...> - 2013-03-24 23:35:20
|
Dear openvpn-developers, I'm wondering what is the best way to submit patches to the openvpn project. The patch I (er13) added more than a month ago to this ticket https://community.openvpn.net/openvpn/ticket/250 has been completely ignored. Instead the patch submitted directly to this list has been accepted and committed. It's not that my patch is better (btw. I'm not the only author of it, my patch is based on MaxMuster's one), it just it seems that you don't pay enough attention to your own bug-tracking system and some of the patches submitted there simply get lost. I would appreciate it if you could improve yourself in this regard so that the people investing their time don't get disappointed ;-) Thanks! To the PolarSSL-1.2 support itself: I must confess I didn't test it but I believe the new implementation of verify_callback in ssl_verify_callback.c is incorrect ( https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/ssl_verify_polarssl.c#L46). It always returns 0. The error is signaled just by setting *flags to non-zero value. The flags variable is then reused by PolarSSL for the next certificate in the chain. So it might be that the incorrect certificate chain won't get accepted but from reading the code it seems that non-zero flags coupled with zero return value might result in spurious verify error messages for other certificates in the chain. Please correct me if I'm wrong. Best, Gene |