Menu
▾
▴
[Openvpn-devel] [M] Change in openvpn[master]: Add option to check tls-crypt-v2 key timestamps
|
From: MaxF (C. Review) <ge...@op...> - 2025-11-05 00:12:00
|
Attention is currently required from: plaisthos. MaxF has posted comments on this change by MaxF. ( http://gerrit.openvpn.net/c/openvpn/+/1304?usp=email ) Change subject: Add option to check tls-crypt-v2 key timestamps ...................................................................... Patch Set 5: (3 comments) File doc/man-sections/tls-options.rst: http://gerrit.openvpn.net/c/openvpn/+/1304/comment/ce9f65dd_da5e5dc5?usp=email : PS4, Line 573: no timestamp. > should add in the description what happen if tls-crypt-v2 client keys are used that don't use the ti […] Not sure what you mean. It says that keys without timestamp are rejected. File src/openvpn/tls_crypt.c: http://gerrit.openvpn.net/c/openvpn/+/1304/comment/6cce571b_0e82e17f?usp=email : PS4, Line 537: msg(M_WARN, "ERROR: Client key doesn't have a timestamp."); > I would go for the bit more formal form here and use "does not" instead of the short form "doesn't" Done http://gerrit.openvpn.net/c/openvpn/+/1304/comment/eb1c0953_574a54a0?usp=email : PS4, Line 541: memcpy(×tamp, metadata + 1, sizeof(int64_t)); > I think we should add a length check here to ensure that the metadata is long enough. Done -- To view, visit http://gerrit.openvpn.net/c/openvpn/+/1304?usp=email To unsubscribe, or for help writing mail filters, visit http://gerrit.openvpn.net/settings?usp=email Gerrit-MessageType: comment Gerrit-Project: openvpn Gerrit-Branch: master Gerrit-Change-Id: I0579d18c784e2ac16973d5553992c28f281a0900 Gerrit-Change-Number: 1304 Gerrit-PatchSet: 5 Gerrit-Owner: MaxF <ma...@ma...> Gerrit-Reviewer: flichtenheld <fr...@li...> Gerrit-Reviewer: plaisthos <arn...@rf...> Gerrit-CC: openvpn-devel <ope...@li...> Gerrit-Attention: plaisthos <arn...@rf...> Gerrit-Comment-Date: Wed, 05 Nov 2025 00:11:50 +0000 Gerrit-HasComments: Yes Gerrit-Has-Labels: No Comment-In-Reply-To: plaisthos <arn...@rf...> |
