| Message ID | 5b489d868a80cf1c3bb6325df28aa79891c824d5-HTML@gerrit.openvpn.net |
|---|---|
| State | Not Applicable |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7300:ed0c:b0:d7:3b0f:3938 with SMTP id oy12csp704034dyb;
Thu, 10 Aug 2023 06:52:31 -0700 (PDT)
X-Google-Smtp-Source:
AGHT+IFn2i+RzSd7m3acHwSP9KDVNtVEpPKmYbi1t5rn6NnLREsFBRY4FiF4EybwEctYe/LfIRsi
X-Received: by 2002:a17:90a:de0f:b0:268:10a3:cea8 with SMTP id
m15-20020a17090ade0f00b0026810a3cea8mr1821556pjv.9.1691675550876;
Thu, 10 Aug 2023 06:52:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691675550; cv=none;
d=google.com; s=arc-20160816;
b=Fa3FiDakSjis16uIsFsg9VmTmRrg3rUogJjxTMnn1yxwfVgbKCy5VJ4JLzfKmU+Bph
OOgzjKFs/5g0dMwSCatvMB0BkLqFAO7HBNpe3AxtZIQLWymWUDyNv/CffDo2e1zclmc9
iQPaubjrzIpjAeiS6KNagAIqC3CKcnxJj7MbzUBTchgyXTOAZwSv9fobqf1sWccrVkVC
wQtXtg867X4PZf5oeawouoaxF8DWBExcs5DHTV3GzunB3BOC7mOplOWZITHApXtZR/OO
//MAFbNGSLvanaprVHJQf7nz8j2efzhI6nompr59+AY+yIMpoUSnxSHDezbQEGrV+M11
A9eQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=lIjtRzoATECl7A/WD68DgcXnW9StZ87qNcVGk/uobzI=;
fh=XUHH3psBF7pnwKR61wKzp3qdqX242Q9j1R+vh1Xo5ao=;
b=TeB+w/k/jbuIXEK7e1jCv/cDBavfmQ8wK3XG/KCZuZ/2EfC1woPHbHtgnmP4rm/xGp
naVy7nlGFU84RjlRtC45C+2H7n9hi2TpfgkeHwTychBTF3KskFra/awO1axuAIAxUp08
ZHrmaXdhFYBEQ4vcWoxz6f0TE9shEluBtljYtv6kd/GRFqb2ryqZMooq2kUPlI5yj2De
I7Off3W3Mo4FRoNNjy1Tywwv1+mMWEKSbjMAXgl3ZAYaLgslUrs4FPDQtWHIHYx+KIYl
LpmlYTzugWPaa4StW2URxFFp9o+DQDMuVfKdQ06YxPQarHWzXm3fFKDlGLl2J1EvCPnn
Rcvw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=kqVdAMpa;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=Bj3598+s;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=G65r9CZz;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
nv11-20020a17090b1b4b00b00269584b6a10si1647653pjb.15.2023.08.10.06.52.30
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Thu, 10 Aug 2023 06:52:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=kqVdAMpa;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=Bj3598+s;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b=G65r9CZz;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com)
by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1qU64k-00028n-Ir;
Thu, 10 Aug 2023 13:51:43 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1qU64j-00026o-PP
for openvpn-devel@lists.sourceforge.net;
Thu, 10 Aug 2023 13:51:42 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=DNZT+mfgOKQyGc4OBjLQTgXxJiHsq91PyzcpWUNZBcs=; b=kqVdAMpay1cTqC/FG1EzvjTG8y
1LuVJDQwlQHkMo00UXG8gZbELwlvwwfkVYHtDKhykYE/pLmXX8ImfNS1r40K5arJaNlnhcgQecl3h
kQ6XU9R6+PW+stjrm7Tq4bDRX7Ub+ka6PWV6phgWKkOzL6yd1bnkob563o20T5ZU3nec=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=DNZT+mfgOKQyGc4OBjLQTgXxJiHsq91PyzcpWUNZBcs=; b=B
j3598+s7hqJJPintzoI2xZoOEqLPxRvWm/q1TqiSehyvs5L4Rei9UaYjLtVU1zbC3c6XcrA8aUYXL
YZfmRTQBh8h6S7mVPj8RaWjkfZZwgWtJAwaUorp+qUDZvT98RTZy0kOb9mEM5RkGEnC7JIwcj6hoS
HD4thgC9MinmK66Y=;
Received: from mail-wm1-f49.google.com ([209.85.128.49])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1qU64e-0004Yk-8H for openvpn-devel@lists.sourceforge.net;
Thu, 10 Aug 2023 13:51:42 +0000
Received: by mail-wm1-f49.google.com with SMTP id
5b1f17b1804b1-3fe4a89e8c4so8139035e9.3
for <openvpn-devel@lists.sourceforge.net>;
Thu, 10 Aug 2023 06:51:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1691675489; x=1692280289;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=DNZT+mfgOKQyGc4OBjLQTgXxJiHsq91PyzcpWUNZBcs=;
b=G65r9CZzy9kjWywqjAuuMKvTZARY5oNy8S5fqEnRABRkEZK/2zQ0Xkx1nuOxwgAfuD
N6eTHVrDu/MBuieoR/8O5DaBpRR0eaIlbkubTzVROxFr1VFc6Iy98WipZJJ7/9C/vW4X
1ORft791FI+VaD0NlAr93tU5S/8HRl9veEzcvuW+d8UpxUlLDiKoQnH/ro58wV5idfCj
7VdoFJAjtsqO8PqyZMxFSrxbiz8Vdg3x/DGDISQkLacNDkJBdIUv8aP3D/m/SVFvyd/P
OW9QbFWOY8XzdJtM2M876oUmNt0b1ytxgmeSUsrK44j7NpARQPlIenavTp+XTYrdPTyP
P8mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1691675489; x=1692280289;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=DNZT+mfgOKQyGc4OBjLQTgXxJiHsq91PyzcpWUNZBcs=;
b=Z2fhr8FlhQnlSJS6imeM63xjCVqE4r6nYi8N7Vfxn79tzJhsj4+Ws3egUv3m/Gjusc
nUlrUSLfkBH8X8WqpOrL+Ayn8eK5Oiz9kRvavmQar8a+k3kHW9aOVzqhcfr2SNaCCaI1
UwRXuHvNamuwNGarF12LFVQw+LfEleX1f1d2B0zR2IQK6JE74EMJzbv2wmua9iZGWd+9
Emlu85f0/10CmfzPfqq/GHniLCHgoDBGFbUBC3XZ4ldauKkYyu6Wa7JtDx9MwLnHEFoE
ouoXxFUfBJOEMZsdF+VVRDFxuWBZYTAs4CXL1DE8+QPn26mRoSeCZTyRj22uhIn+VWeL
iZwA==
X-Gm-Message-State: AOJu0Yw0tlww4Osm3yxp/Dmwa+a3W3dYvEfKbshE1v6RRw5oBtmJ17p/
fUknwZPbwqcY1a+fNNDu3rDQBS7Zp1Q1jFOeEWg=
X-Received: by 2002:a5d:6592:0:b0:314:1270:8fc with SMTP id
q18-20020a5d6592000000b00314127008fcmr2151532wru.0.1691675489487;
Thu, 10 Aug 2023 06:51:29 -0700 (PDT)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
m12-20020a5d4a0c000000b00317e9c05d35sm2268644wrq.85.2023.08.10.06.51.28
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Thu, 10 Aug 2023 06:51:29 -0700 (PDT)
From: "plaisthos (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "plaisthos (Code Review)" <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Thu, 10 Aug 2023 13:51:28 +0000
To: flichtenheld <frank@lichtenheld.com>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7
X-Gerrit-Change-Number: 323
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/323?usp=email>
X-Gerrit-Commit: 9456cad1a00f92addede70303bfeee39df345444
References:
<gerrit.1691675487000.I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7@gerrit.openvpn.net>
Message-ID: <5b489d868a80cf1c3bb6325df28aa79891c824d5-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.0
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: flichtenheld. Hello
flichtenheld, I'd like you to do a code review. Please visit
Content analysis details: (-0.2 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.49 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.128.49 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
X-Headers-End: 1qU64e-0004Yk-8H
Subject: [Openvpn-devel] [S] Change in openvpn[master]: Add warning if a p2p
NCP client connects to a p2mp server
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net,
frank@lichtenheld.com
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============1522546119893598009=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1773850382676156867?=
X-GMAIL-MSGID: =?utf-8?q?1773850382676156867?=
|
| Series |
[Openvpn-devel,S] Change in openvpn[master]: Add warning if a p2p NCP client connects to a p2mp server
|
expand
|
diff --git a/src/openvpn/ssl_ncp.c b/src/openvpn/ssl_ncp.c index dafaef1..aae04e2 100644 --- a/src/openvpn/ssl_ncp.c +++ b/src/openvpn/ssl_ncp.c @@ -24,7 +24,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.c to be able to unit test it. */ @@ -267,6 +267,13 @@ remote_cipher = ""; } + if (extract_iv_proto(peer_info) & IV_PROTO_NCP_P2P) + { + msg(M_WARN, "Note: peer reports running in P2P mode (no --pull/--client" + "option). It will not negotiate ciphers with this server. " + "Expect this connection to fail."); + } + char *tmp_ciphers = string_alloc(server_list, &gc_tmp); const char *token; diff --git a/src/openvpn/ssl_ncp.h b/src/openvpn/ssl_ncp.h index d27ed24..de7a0e4 100644 --- a/src/openvpn/ssl_ncp.h +++ b/src/openvpn/ssl_ncp.h @@ -23,7 +23,7 @@ */ /** - * @file Control Channel SSL/Data dynamic negotion Module + * @file Control Channel SSL/Data dynamic negotiation Module * This file is split from ssl.h to be able to unit test it. */
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/323?usp=email to review the following change. Change subject: Add warning if a p2p NCP client connects to a p2mp server ...................................................................... Add warning if a p2p NCP client connects to a p2mp server Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7 --- M src/openvpn/ssl_ncp.c M src/openvpn/ssl_ncp.h 2 files changed, 9 insertions(+), 2 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/23/323/1