Menu
▾
▴
[Openvpn-devel] [M] Change in openvpn[master]: Add option to check tls-crypt-v2 key timestamps
|
From: plaisthos (C. Review) <ge...@op...> - 2025-10-27 16:19:47
|
Attention is currently required from: MaxF. plaisthos has posted comments on this change by MaxF. ( http://gerrit.openvpn.net/c/openvpn/+/1304?usp=email ) Change subject: Add option to check tls-crypt-v2 key timestamps ...................................................................... Patch Set 4: (4 comments) Patchset: PS4: Looks good but I would like a few minor issues to be addressed File doc/man-sections/tls-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1304/comment/17d09927_5a722c44?usp=email : PS4, Line 573: no timestamp. should add in the description what happen if tls-crypt-v2 client keys are used that don't use the timestamp. File src/openvpn/tls_crypt.c: http://gerrit.openvpn.net/c/openvpn/+/1304/comment/5baff829_139564bf?usp=email : PS4, Line 537: msg(M_WARN, "ERROR: Client key doesn't have a timestamp."); I would go for the bit more formal form here and use "does not" instead of the short form "doesn't" http://gerrit.openvpn.net/c/openvpn/+/1304/comment/7d9d8afb_144c9475?usp=email : PS4, Line 541: memcpy(×tamp, metadata + 1, sizeof(int64_t)); I think we should add a length check here to ensure that the metadata is long enough. -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1304?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0579d18c784e2ac16973d5553992c28f281a0900 Gerrit-Change-Number: 1304 Gerrit-PatchSet: 4 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: MaxF <ma...@ma...> Gerrit-Comment-Date: Mon, 27 Oct 2025 16:19:32 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No |
