| Message ID | faqABVK6MPd-XEqegwOnFrNPTR3Fts0q4aM_qBeygqdHuxVevbtQdjKUlX6VzMp5CxoOpeT_a2pqS4c7oEts2M_6TpGh1vcb7z7sc6BktlM=@protonmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [Openvpn-devel] Add daemon_pid to --tls-crypt-v2-verify script environment | expand |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Yeah, I forgot to apply and commit -- sorry. I guess I'll send again if this is an acceptable patch and my MTA didn't screw it up ? Please let me know .. thanks ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, 28 April 2021 18:44, tincantech <tincantech@protonmail.com> wrote: > Openvpn process ID (daemon_pid) provides the most secure way for > scripts to verify which process they were called by. > > This patch adds daemon_poid to --tls-crypt-v2-verify environment. > > Tested on Linux and Windows. > > diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c > index 7b5016d3..23d93a6c 100644 > --- a/src/openvpn/tls_crypt.c > +++ b/src/openvpn/tls_crypt.c > @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, > setenv_str(es, "script_type", "tls-crypt-v2-verify"); > setenv_str(es, "metadata_type", metadata_type_str); > setenv_str(es, "metadata_file", tmp_file); > > - setenv_int(es, "daemon_pid", platform_getpid()); > > struct argv argv = argv_new(); > argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script); > > > -- > > git version 2.25.1 > > I hope my MTA has not mangled this patch but I don't currently have access > to an SMTP server port. If it is borken then please ignore this and I'll find > another way. Feel free to send other feedback. eg: NAK + Reason. > > Thanks > R > > == -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgiZ/PACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3hPwgAk3GKzcr76rPTac1/6NMQyP3wnWpXgsmbGCvr5zVcQRbAaSbL FwN+qB01aXx8ic7u1t9xoBA83WA5BOy/Nmecg/MmTK2hWapL954b2dEHubFt j9b1wqXX46Mcg55VSvSC2gc35bZB2wXLiKIAOGFgvmH84m18CCDSePaKywrf izC5B+Ew+M6zacf1IZU64DKJdLX8yzyQt9U3zI1egFj9mK7qzm3lY79zier0 jkDQlijZrp6krAeBqlGmm1sMLERyQrCrJrCdbuEbrMbVPxbJOhYFpT8EWolE ta/OTF94IK2T8ErmNZsA3oSdXSuYriZM6gSxKqiMpSXuNjo3wKzrkg== =57ff -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Looking closer, I can see that it was damaged in transit .. Please let me know if you would be willing to accept my proposed patch and then I will persist to find a way. If you will not accept the addition then please let me know. Thanks R ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, 28 April 2021 18:48, tincantech via Openvpn-devel <openvpn-devel@lists.sourceforge.net> wrote: > Yeah, I forgot to apply and commit -- sorry. > > I guess I'll send again if this is an acceptable patch and my MTA didn't screw it up ? > Please let me know .. thanks > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Wednesday, 28 April 2021 18:44, tincantech tincantech@protonmail.com wrote: > > > Openvpn process ID (daemon_pid) provides the most secure way for > > scripts to verify which process they were called by. > > This patch adds daemon_poid to --tls-crypt-v2-verify environment. > > Tested on Linux and Windows. > > diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c > > index 7b5016d3..23d93a6c 100644 > > --- a/src/openvpn/tls_crypt.c > > +++ b/src/openvpn/tls_crypt.c > > @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, > > setenv_str(es, "script_type", "tls-crypt-v2-verify"); > > setenv_str(es, "metadata_type", metadata_type_str); > > setenv_str(es, "metadata_file", tmp_file); > > > > - setenv_int(es, "daemon_pid", platform_getpid()); > > struct argv argv = argv_new(); > > argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script); > > > > > > -- > > git version 2.25.1 > > I hope my MTA has not mangled this patch but I don't currently have access > > to an SMTP server port. If it is borken then please ignore this and I'll find > > another way. Feel free to send other feedback. eg: NAK + Reason. > > Thanks > > R > > == -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgiaNiACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ2FZwf/VduCykdRxUIXhDX1+owQ1wKB02tuhj/0ABu0GpK9VvyZCOx4 0BKCaZB6VPWhV4sop4AAfm24LeyT80aST/W+PQ2N5bnfHvC5/Lm6anB+ck38 K/6JkehHkyvuVdR1K2LiKdgtW9gAggdPYSn4WbKSlv+Q2HthmVZlg7/ADrZk RsRE6HYO/mNkTaLsuzkWczyH1z6ncAqg8ivZxcnOBfrjSRNJJMHsAzWzT7J7 eitX50FT387SSbiBgP2PiVUnm5XIO/rT/yJhHTM9p8wISzzOfW/5hUovMnvx wP4er/eYwp1/JbErVDbzlpT0r33MQADbVQAxKJpg4l9m0GIzmlHGIw== =0azE -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Not a single comment ? Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, 28 April 2021 19:03, tincantech <tincantech@protonmail.com> wrote: > Looking closer, I can see that it was damaged in transit .. > > Please let me know if you would be willing to accept my proposed patch and then I will persist to find a way. > > If you will not accept the addition then please let me know. > > Thanks > R > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Wednesday, 28 April 2021 18:48, tincantech via Openvpn-devel openvpn-devel@lists.sourceforge.net wrote: > > > Yeah, I forgot to apply and commit -- sorry. > > I guess I'll send again if this is an acceptable patch and my MTA didn't screw it up ? > > Please let me know .. thanks > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > On Wednesday, 28 April 2021 18:44, tincantech tincantech@protonmail.com wrote: > > > > > Openvpn process ID (daemon_pid) provides the most secure way for > > > scripts to verify which process they were called by. > > > This patch adds daemon_poid to --tls-crypt-v2-verify environment. > > > Tested on Linux and Windows. > > > diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c > > > index 7b5016d3..23d93a6c 100644 > > > --- a/src/openvpn/tls_crypt.c > > > +++ b/src/openvpn/tls_crypt.c > > > @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, > > > setenv_str(es, "script_type", "tls-crypt-v2-verify"); > > > setenv_str(es, "metadata_type", metadata_type_str); > > > setenv_str(es, "metadata_file", tmp_file); > > > > > > - setenv_int(es, "daemon_pid", platform_getpid()); > > > struct argv argv = argv_new(); > > > argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script); > > > > > > > > > -- > > > git version 2.25.1 > > > I hope my MTA has not mangled this patch but I don't currently have access > > > to an SMTP server port. If it is borken then please ignore this and I'll find > > > another way. Feel free to send other feedback. eg: NAK + Reason. > > > Thanks > > > R > > > > > > ========================================================================================================================================================================================================================================================= -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgipHgACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ064ggAifsuMtavQAW7fBTiMjr/587lEwrO7CMFJOEhIexbeJN2tl1G tbDG5NSIRxM9Vle2rvpybaStga3Fst9Q6Gi7EDIwVFBfSNWjSeogwA30N35f T0KRWCbveSjiKRsyTS7p9zEv1Dvms0iRX0G+NClsbIJr7Fn7gUtSS2ztvj60 KfXeH1dkv1Q7EJPLC0H7zKcoEagFrYb0bNtG3g7uca5Yb7sEyetA3rKX02Z/ JpqeZN3nZe4Fvx19YOnrc+dZPtKpshws7swg7KQOz07GEEXMXe5BBjgWqQlz RTcHefU8fLaMklprpLsuOvMnOgVwQ0fwbV22IBAT4g7d5++CxCvBSQ== =ReR6 -----END PGP SIGNATURE-----
diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c index 7b5016d3..23d93a6c 100644 --- a/src/openvpn/tls_crypt.c +++ b/src/openvpn/tls_crypt.c @@ -537,6 +537,7 @@ tls_crypt_v2_verify_metadata(const struct tls_wrap_ctx *ctx, setenv_str(es, "script_type", "tls-crypt-v2-verify"); setenv_str(es, "metadata_type", metadata_type_str); setenv_str(es, "metadata_file", tmp_file); + setenv_int(es, "daemon_pid", platform_getpid()); struct argv argv = argv_new(); argv_parse_cmd(&argv, opt->tls_crypt_v2_verify_script);