From patchwork Wed Jan 3 16:21:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "plaisthos (Code Review)" X-Patchwork-Id: 3547 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2791:b0:100:d2e5:60d with SMTP id hm17csp2670222dyb; Wed, 3 Jan 2024 08:22:03 -0800 (PST) X-Google-Smtp-Source: AGHT+IHj4n1B7CH14gRQip+fYLgewg6bGrn9jYMlCZQHI24NxGJXk2n9k1GUdt6iTrGBdHaMc96i X-Received: by 2002:a17:902:784c:b0:1d3:e503:5b55 with SMTP id e12-20020a170902784c00b001d3e5035b55mr37072348pln.2.1704298923551; Wed, 03 Jan 2024 08:22:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704298923; cv=none; d=google.com; s=arc-20160816; b=mCSofmvRg7FTxq5VrUzzOadibhTcngwpuMxT3e+P+LHm4e6rq2s2hi576U2huONUU5 dIqXnmD8IrDsPfqH06/YbkOA55Cb8mghlw4e6e9+RzejYvlVQWEWkiMctD0hFxHLItO5 7gMyWmsqhWF5wyxOMAUC4xRZMNG9EbfXff0FxW5GaPJVO9R1tyd4VGp0/DQMv88vXaIv 0HSRrrhOTZIPZpnUP9q7DuqvoenSl3HEKoLaUrsBvEN2IrHXBRYz37Cvz8UghzNWHtHU outWvEA3wSp6kNR8FCCCqjWw/0XK1YT3HCvI/uvd3j2vu39838vVKofhwy8neCgLce12 ASPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:cc:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:references:auto-submitted:to:date:from :dkim-signature:dkim-signature:dkim-signature; bh=Na4E67mtSBiXjOwVpQvSKYcGwVW6jfOdpO/nPs7VMXY=; fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=; b=vWAD1KBHf5qrqeqWK9mGw/d3OXaLVTxb4jMt56DLRgheV3ezCZXi2bHYC4vFneC2Lg qnzQsXnGo2ypy4N5ADJ0QLM267K4vCdMTAwo6OvsVGi8FFKVPz9ancKHeyoAjcWscruZ rOEZ9W6+2JHGOZlZx72Y1hKRmj0Lc936g3X0TfgrtwLy1wecxU+22xRKqen4lWCloPLl dIeNpbVKv1qb/og8JIHzPs8Ttm+3rJdg/Gzc8eKjILQbduvJ1yb1Az1/JAbEUXq/qm+H 473lR8Otpjc8GJl7XIa8CCOGfHWluR1J3iFCg9n97sdbBMTeV4N0WoRyczZojp+0XE48 sg5w== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kPtKfrlT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gbJVYKOB; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=hKlPcPjf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id ju10-20020a170903428a00b001cff290413bsi21852657plb.390.2024.01.03.08.22.03 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jan 2024 08:22:03 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=kPtKfrlT; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=gbJVYKOB; dkim=neutral (body hash did not verify) header.i=@openvpn.net header.s=google header.b=hKlPcPjf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rL3zu-0007aW-Qf; Wed, 03 Jan 2024 16:21:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rL3zu-0007aQ-0o for openvpn-devel@lists.sourceforge.net; Wed, 03 Jan 2024 16:21:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version :Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date: From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help: List-Subscribe:List-Post:List-Owner:List-Archive; bh=0R762JvPl4lmRSuDk/wweZQo/pBWE+3sCp8QW7IlUtM=; b=kPtKfrlTZTSlBEVaydAeCvHkT+ ZYE0QUqYoPe6tqLG/ymsLHvHd+AHHpwNITtliXcTp/bEpIGsx7SSVBSqPV4nSD6bl3m010ZYqi7i6 9jtTuMLhlgpaZOuBleqn96R2q2FWx1NLvtBSbn1zzZhd00EHXlFp2wwaGFU4MYVilTCs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To: References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post: List-Owner:List-Archive; bh=0R762JvPl4lmRSuDk/wweZQo/pBWE+3sCp8QW7IlUtM=; b=g bJVYKOBaMurzoNy27R23dndljcrr6u0Mv83evTPnQeoYwjPrtKh+Ez815NRMC0FVwDg26B4Aw/BIH jHenEtRltnd/cnKHNfy8s++Ct9I3QT4Kg2kRRvNSgq3c48fwzoLSibAjpNAF6UCzhd3l7WYfW7ngv VBzjk18zj4gQFfLU=; Received: from mail-wm1-f44.google.com ([209.85.128.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1rL3zj-0002vD-QS for openvpn-devel@lists.sourceforge.net; Wed, 03 Jan 2024 16:21:36 +0000 Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-40d4a7f0c4dso99368235e9.1 for ; Wed, 03 Jan 2024 08:21:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openvpn.net; s=google; t=1704298875; x=1704903675; darn=lists.sourceforge.net; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc :subject:date:message-id:reply-to; bh=0R762JvPl4lmRSuDk/wweZQo/pBWE+3sCp8QW7IlUtM=; b=hKlPcPjfrnkDSjYKxgPzQcUHUMWHnC1l9VsLV7rOg149ttbyoK2FZc9pp+dqcZi3/1 Ge5lIGLNmHuomhFknXQj0nzIncTIey8SkKUgs3Xs4Qs8R2cZxAfhQm8aWUitizcnEPfp vRtr8PIH8EaRGz9w4KRdiJHVfmQwbUSw3H8YK+mJjpMUAfpH5Fz2hZ+pmZwfA8y9K5SO a30Xeqo2kBQhR1tEKMwbJjPwR/Lqs8uMT/0NwKS/nP1vYwVhmXQSkSITfL4JQIavyBHU utBayUvlwWV+5umydtf6b2tI6GSA7zJAtaP/lfGD3h4HIZtmPiZM9FBX3c3XSmCAh0b8 9+RQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704298875; x=1704903675; h=user-agent:content-disposition:content-transfer-encoding :mime-version:message-id:reply-to:references:subject :list-unsubscribe:list-id:auto-submitted:cc:to:date:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=0R762JvPl4lmRSuDk/wweZQo/pBWE+3sCp8QW7IlUtM=; b=hd99ET19sZIF+Ucqn8oIXa7YpHO8ahDlBzZut0a+Th0V2MyNCXWBSdMQSwiPzIsvKZ eKRx9yBoBuirZrJj3IaKtUIU+9ajlRbT0CA4C2IBIY6+x6wYmkGZ6bFDy9arFnKUQRrY b1lLFMCK4fJhgQ2l5koIi2vYhvs1nZKz8F4WSkv/CjghCHeYW4VJ7CdINJVh2MQFXjtd CsH9f1+utWgrLoCqNh+4TE0dBy1pNyer4CNZ42w5GKtpebQFNn12RUWjVcJ7KVfVpkU3 x7tNzFD7vhjyDfjWVrl/NVC8wzAw21bwUk8h2j5iHbJNPGSVve0ZQFHwKOZa8prm3xvG QlyA== X-Gm-Message-State: AOJu0YxhJf2QQRzyuD/+twWsDokWj7aQ+1Ja4uNnP334luHYn3VjHUwA cEgg6vCZR6VewuPClzRVBnuclulK8nTJzvGjkcML8VjXKIw= X-Received: by 2002:a7b:c38c:0:b0:40d:8536:eccf with SMTP id s12-20020a7bc38c000000b0040d8536eccfmr2999391wmj.172.1704298874742; Wed, 03 Jan 2024 08:21:14 -0800 (PST) Received: from gerrit.openvpn.in (ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78]) by smtp.gmail.com with ESMTPSA id g17-20020a05600c4ed100b0040d887fda00sm2785276wmq.26.2024.01.03.08.21.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 03 Jan 2024 08:21:14 -0800 (PST) From: "plaisthos (Code Review)" X-Google-Original-From: "plaisthos (Code Review)" X-Gerrit-PatchSet: 1 Date: Wed, 3 Jan 2024 16:21:13 +0000 To: flichtenheld Auto-Submitted: auto-generated X-Gerrit-MessageType: newchange X-Gerrit-Change-Id: Ida4d22455c51773b6713caf94a4b4fbe136a6ded X-Gerrit-Change-Number: 488 X-Gerrit-Project: openvpn X-Gerrit-ChangeURL: X-Gerrit-Commit: ed4ced51926149da2736c2dbe588729a37637a69 References: Message-ID: <72323e0dab77fa2e2145b8628eccfda92b924980-HTML@gerrit.openvpn.net> MIME-Version: 1.0 User-Agent: Gerrit/3.8.2 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.128.44 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.128.44 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted Colors in HTML -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rL3zj-0002vD-QS Subject: [Openvpn-devel] [XS] Change in openvpn[master]: Clarify that the tls-crypt-v2-verify has a very limited env set X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net, frank@lichtenheld.com Cc: openvpn-devel Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1787086948526234190?= X-GMAIL-MSGID: =?utf-8?q?1787086948526234190?= X-getmail-filter-classifier: gerrit message type newchange Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/488?usp=email to review the following change. Change subject: Clarify that the tls-crypt-v2-verify has a very limited env set ...................................................................... Clarify that the tls-crypt-v2-verify has a very limited env set Change-Id: Ida4d22455c51773b6713caf94a4b4fbe136a6ded Signed-off-by: Arne Schwabe --- M doc/man-sections/tls-options.rst 1 file changed, 2 insertions(+), 1 deletion(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/88/488/1 diff --git a/doc/man-sections/tls-options.rst b/doc/man-sections/tls-options.rst index 4c45b10..aa8858c 100644 --- a/doc/man-sections/tls-options.rst +++ b/doc/man-sections/tls-options.rst @@ -538,7 +538,8 @@ stack (including the notoriously dangerous X.509 and ASN.1 stacks) to the connecting client. - OpenVPN supplies the following environment variables to the command: + OpenVPN supplies the following environment variables to the command (and + only these variables. The normal environment variables are NOT present): * :code:`script_type` is set to :code:`tls-crypt-v2-verify`