| Message ID | cd19998d120e1199c299927f9bd6f40a1adafe96-HTML@gerrit.openvpn.net |
|---|---|
| State | Superseded |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:c315:b0:55c:c090:46f0 with SMTP id
jk21csp1061170mab;
Fri, 22 Mar 2024 09:00:40 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCW7YCmG4XRCoFqaEZPASy3EtL8FhXPfFc/G1LTuBcwAPR3fQDXeSYnC35Z065Ue+9uYHSyLH/T3Xg1kcAvbC91EjWOwwQo=
X-Google-Smtp-Source:
AGHT+IEqIfBPT0XLdHul14+rPktlBwshphZgQmeC99hdmZpm2Gq7YowjgLSTmPzPMCO2KN/cl1cI
X-Received: by 2002:a17:902:aa8c:b0:1dd:a3d6:3aff with SMTP id
d12-20020a170902aa8c00b001dda3d63affmr92231plr.3.1711123240340;
Fri, 22 Mar 2024 09:00:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1711123240; cv=none;
d=google.com; s=arc-20160816;
b=TfXrWgi7r7eWfFrjumx4KhXJou+438epLqXlWUlnw8v75+MVg82cMzF8F9xi9ztCIx
Vk+PbmgY7wRmPi5G5DRbYO+/yXS7FEpo6LrX6AVlOVPyjefjnNqrTbWYYAmsyqf8BQFN
h724QdGWFImGQYhXwJ7bt3DV4qcw5IUi39CaxZlFhXhMeXUxVQTKhGuLP9AuWMKe6Fsq
qA9JxR2QT/x43R8Eo21PRtELQZn+wkwYNDpx6FFkVZOezhI58kAhgFFEL2WYeOMeOd/x
BMcDWppOH3GISvZFYymMfyauuIOK2FPoMOq5NNFKpRTOCqlcDUG2JZc4e6XbDp1HEJns
Bo1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=errors-to:cc:reply-to:list-subscribe:list-help:list-post
:list-archive:list-unsubscribe:list-id:precedence:subject:user-agent
:mime-version:message-id:references:auto-submitted:to:date:from
:dkim-signature:dkim-signature:dkim-signature;
bh=nRlZ9K94TQm6SGEY8mdbu4nPChFHJ3oAKWsRBn3XLPs=;
fh=lm0MLPW7DntlrDqRECIiC9JlE1uPxhepE0URYHIf+eE=;
b=EaB4fZD1j+vVhbarEm3NrDG9kam7fkX9Jzc6mpGtc5OHzUSG7Xa1VDF/vwxsX964hy
XvQ0tdaAlegX3NbGXzarzKZmhpe93fTz8/xjOS0JKuq+x6wpGlMZm6Dy8teIIrp4Cj90
W2DEK0IW4eyq9hwuVeaabcAoBNDJfegzSjG/DCihpPVmx17Oh/S2/8lGrWhMMFV0kqJj
EgnMHzDV03ARDboatEirVhrqynLw0w8W3v+wOvqiJgyx4v41RppLVFHaKHE8gxWdehtD
cndtGuFD6rKKyts8jUrD+YngjwUvJ01H6oBKc7CQ5znwynLFTKW/Li4SCtyQZwqfsMH/
mV6A==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=P8tcMwEm;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=JWfblRuV;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b="C8/aV6AK";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
b18-20020a170902b61200b001dd62fbcf75si2046518pls.536.2024.03.22.09.00.40
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 22 Mar 2024 09:00:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=P8tcMwEm;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=JWfblRuV;
dkim=neutral (body hash did not verify) header.i=@openvpn.net
header.s=google header.b="C8/aV6AK";
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=openvpn.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1rnhJb-0004NV-5B;
Fri, 22 Mar 2024 16:00:19 +0000
Received: from [172.30.20.202] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <gerrit@openvpn.net>) id 1rnhJZ-0004NP-PW
for openvpn-devel@lists.sourceforge.net;
Fri, 22 Mar 2024 16:00:18 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Type:Content-Transfer-Encoding:MIME-Version
:Message-ID:Reply-To:References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:
From:Sender:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=ADt9msN7ftTCf+EVPp3fXRVcdNeIAvD3gmyZnrAJ3DU=; b=P8tcMwEmw0DXj+YBW2fBkbKOev
O8DD+8GNotsjdVVRt6UnWfAX8ijS3RRvYeyiljsFUl0qaqRgLRRwGnfetcVHUZ9ZfP3OZ70loMg5b
laSKD+IMvwowSbK4bND8dCFwJ/nYhiel2Ehik7loXULufG7RhlVeTYU9FomkU2C4+2Jw=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Type:Content-Transfer-Encoding:MIME-Version:Message-ID:Reply-To:
References:Subject:List-Unsubscribe:List-Id:Cc:To:Date:From:Sender:Content-ID
:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:
Resent-Cc:Resent-Message-ID:In-Reply-To:List-Help:List-Subscribe:List-Post:
List-Owner:List-Archive; bh=ADt9msN7ftTCf+EVPp3fXRVcdNeIAvD3gmyZnrAJ3DU=; b=J
WfblRuVGp3RvyZcS092vfgSYmw9ZiS+hWxHo6CP+OoZHL8pxVuAeCfhM9xIRySN8L3SNZK4tNEm7Z
IXQzZ+I9gfy2iZVqI+9qXrl7rNCAvDULvamM5IRckQ0ZBX1XxfwJB/UOb5KDTP+Wpgdivo6AzfWDI
G6xcl96qH0rRWtAc=;
Received: from mail-wm1-f45.google.com ([209.85.128.45])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95)
id 1rnhJZ-0003ky-A7 for openvpn-devel@lists.sourceforge.net;
Fri, 22 Mar 2024 16:00:18 +0000
Received: by mail-wm1-f45.google.com with SMTP id
5b1f17b1804b1-41477211086so15222795e9.1
for <openvpn-devel@lists.sourceforge.net>;
Fri, 22 Mar 2024 09:00:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=openvpn.net; s=google; t=1711123205; x=1711728005;
darn=lists.sourceforge.net;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from:from:to:cc
:subject:date:message-id:reply-to;
bh=ADt9msN7ftTCf+EVPp3fXRVcdNeIAvD3gmyZnrAJ3DU=;
b=C8/aV6AKqvgFZ3NTmguE2ntR+eRWm5moOspNBHAe4budskSRbIoamqxHzGvzp4Hf5d
ap4MzZLgPhjRXkbzalJa2ddo0jbvARvxjtZT2Pk1/LZ/U9aRQBdpvkySrJQ/rLyhjbFZ
NyJZbx32xvfBHBsuVH2NOdo/cWNiixYN2NQ6RJM4c9e0H7iYUVowVf20gH0YQac/OPjT
SokUhkGBzCwzuaJP+gAPMol8Ab6R08Oa5enM+hFS+gsLnUgxbiu2I2VGJas/aqoF14TL
PIjZdD3GXkWyv4NonbVuDb8GuAkDVzowCqb0d98UzCvpAMWdH9XAHPCs+0SZ7QIC69ew
hW3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1711123205; x=1711728005;
h=user-agent:content-disposition:content-transfer-encoding
:mime-version:message-id:reply-to:references:subject
:list-unsubscribe:list-id:auto-submitted:cc:to:date:from
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=ADt9msN7ftTCf+EVPp3fXRVcdNeIAvD3gmyZnrAJ3DU=;
b=oMpWkdoXqA5iWEaJNsdspeR7VeCX+IXzzmW7LJdcC3XAipS1jb4jeSxyVSvR0wqU5N
AfNQDauhohHyVq1FLIe1j2sJz4nzG9F+KkpT4b/NciSxAxSrkQxo/linrPW6x6LSJapq
Vf5Y2m5Ui+2vW3erOEFnIhla7wpkJso0w2IZdKNvd7PUzUhApSdbNc8jFt76RHAyXc8M
3YGjAidGPoBpsaA1vDqbC9li5sjkcGtFSKHWqqntORkUskGSw895a9Yq2wgbKuO9edU8
pxwBxOXxWj+i+nH6kxdvOSVf0D65HxLO2AYx3nL6DIJYhu1MNzs10A+lFkYxHd3Wdnt5
I3bA==
X-Gm-Message-State: AOJu0YwiiIpcrdTjf6Vk3h7VW34/tvfjnuMDsjtgzAoD6IeIEbPfo19G
pYFNMGNdhAU2AkXJ89RXB4yigehHpHsj7oLLcv+BrYdPZluHZhEn2WbPdH2svPRUD4rs8QbtL+V
B
X-Received: by 2002:a05:600c:3546:b0:413:2a10:8a29 with SMTP id
i6-20020a05600c354600b004132a108a29mr2801147wmq.13.1711123204932;
Fri, 22 Mar 2024 09:00:04 -0700 (PDT)
Received: from gerrit.openvpn.in
(ec2-18-159-0-78.eu-central-1.compute.amazonaws.com. [18.159.0.78])
by smtp.gmail.com with ESMTPSA id
fs7-20020a05600c3f8700b00414038162e1sm9088575wmb.23.2024.03.22.09.00.03
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Fri, 22 Mar 2024 09:00:03 -0700 (PDT)
From: "plaisthos (Code Review)" <gerrit@openvpn.net>
X-Google-Original-From: "plaisthos (Code Review)" <gerrit@gerrit.openvpn.in>
X-Gerrit-PatchSet: 1
Date: Fri, 22 Mar 2024 16:00:02 +0000
To: flichtenheld <frank@lichtenheld.com>
Auto-Submitted: auto-generated
X-Gerrit-MessageType: newchange
X-Gerrit-Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781
X-Gerrit-Change-Number: 546
X-Gerrit-Project: openvpn
X-Gerrit-ChangeURL: <http://gerrit.openvpn.net/c/openvpn/+/546?usp=email>
X-Gerrit-Commit: 7a6084df579b3c0ddd7d1134bf9b5fe4818d40cb
References:
<gerrit.1711123201000.Ia73d53002f4ba2658af18c17cce1b68f79de5781@gerrit.openvpn.net>
Message-ID: <cd19998d120e1199c299927f9bd6f40a1adafe96-HTML@gerrit.openvpn.net>
MIME-Version: 1.0
User-Agent: Gerrit/3.8.2
X-Spam-Score: -0.2 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-1.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Attention is currently required from: flichtenheld. Hello
flichtenheld, I'd like you to do a code review. Please visit
Content analysis details: (-0.2 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [209.85.128.45 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
-0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.45 listed in wl.mailspike.net]
0.0 WEIRD_PORT URI: Uses non-standard port number for HTTP
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
Colors in HTML
X-Headers-End: 1rnhJZ-0003ky-A7
Subject: [Openvpn-devel] [XS] Change in openvpn[master]: Add bracket in
fingerprint message and do not warn about missing veri...
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Reply-To: arne-openvpn@rfc2549.org, openvpn-devel@lists.sourceforge.net,
frank@lichtenheld.com
Cc: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Content-Type: multipart/mixed; boundary="===============3347446508072539222=="
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1794242762443259008?=
X-GMAIL-MSGID: =?utf-8?q?1794242762443259008?=
X-getmail-filter-classifier: gerrit message type newchange
|
| Series |
[Openvpn-devel,XS] Change in openvpn[master]: Add bracket in fingerprint message and do not warn about missing veri...
|
expand
|
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index f2ce926..a398920 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -3594,7 +3594,8 @@ && !o->tls_verify && o->verify_x509_type == VERIFY_X509_NONE && !(o->ns_cert_type & NS_CERT_CHECK_SERVER) - && !o->remote_cert_eku) + && !o->remote_cert_eku + && !(o->verify_hash_depth ==0 && o->verify_hash)) { msg(M_WARN, "WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info."); } diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index c7d7799..930769b 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -718,8 +718,8 @@ const char *hex_fp = format_hex_ex(BPTR(&cert_fp), BLEN(&cert_fp), 0, 1, ":", &gc); msg(D_TLS_ERRORS, "TLS Error: --tls-verify/--peer-fingerprint" - "certificate hash verification failed. (got " - "fingerprint: %s", hex_fp); + "certificate hash verification failed. (got certificate " + "fingerprint: %s)", hex_fp); goto cleanup; } }
Attention is currently required from: flichtenheld. Hello flichtenheld, I'd like you to do a code review. Please visit http://gerrit.openvpn.net/c/openvpn/+/546?usp=email to review the following change. Change subject: Add bracket in fingerprint message and do not warn about missing verification ...................................................................... Add bracket in fingerprint message and do not warn about missing verification Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 --- M src/openvpn/init.c M src/openvpn/ssl_verify.c 2 files changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.openvpn.net:29418/openvpn refs/changes/46/546/1