From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: OpenVPN cipher negotiation patch set Date: Mon, 18 Mar 2024 16:47:52 +0000 Message-ID: <119CA80C-8DB0-45A9-86F5-11CD225073FC@ipfire.org> In-Reply-To: <6bbc680a-19de-45c9-9f84-db5125464519@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6908066660986342104==" List-Id: --===============6908066660986342104== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, > On 18 Mar 2024, at 11:27, Adolf Belka wrote: >=20 > Hi Erik, >=20 > On 18/03/2024 08:49, ummeegge wrote: >> Good morning Adolf, >> if i know in what chunks you would like to split the diff i can may >> help you to sort things a little. Am currently not sure what should be >> in and what not so i can offer you some explanations according to the >> already written code and you can amend the wanted changes?! >> So you can write me a PM and include the topics which are not clear and >> i can try to give an explanation of the already written code. >=20 > Thanks very much. I think that could be useful. >=20 > However I will wait first as Michael is looking at doing an update related = negotiation as it looks like the latest Mac OS client is failing to connect f= or a similar reason as some forum members using windows have been reporting. Tunnelblick has been updated to 4.0.0 recently and disables a couple of backw= ards-compatible things in OpenSSL (i.e. the legacy provider). It also ships O= penVPN 2.6.9 and there seem to be problems if users have created a specific c= onfiguration. > Once Michael has merged his changes then I can look again at what is still = left as a delta and will then come back to you with my questions. >> My time is a little less but if needed we can try it. > I realise that, so thank you very much and I will try and focus my question= s to you. >=20 > Regards, > Adolf. >> Best, >> Erik >> Am Sonntag, dem 17.03.2024 um 12:35 +0100 schrieb Adolf Belka: >>> Hi Michael, >>>=20 >>> I am afraid I don't have a patch set. It is just a single diff >>> change. >>>=20 >>> I took Erik's original patch set and applied it to the latest >>> ovpnmain.cgi version at that time and then removed some of the items >>> that I decided could wait till later or were not needed. >>>=20 >>> This created a single diff file, which I was able to apply and test >>> out to confirm it did what I expected it to do, which it seemed to >>> do. >>>=20 >>> The next step I then had intended to do was to break that single diff >>> into multiple patches but I found this very difficult to do as I >>> could not easily figure out which bits needed to go together in >>> different patches. Trying to understand all the changes and what each >>> were related to I struggled to make sense of. >>>=20 >>> My next step was therefore going to be to go back to an unmodified >>> ovpnmain.cgi file and make the changes a step at a time, to match >>> what I had previously done and therefore end up with a patch set of >>> small self consistent changes. >>>=20 >>> However to do this I had to go back to the start and figure out which >>> of Erik's changes to apply and what parts of those changes and every >>> time I did something else in IPFire for a week or so I was having to >>> go back to square one in trying to remember what I had been going to >>> do next. >>>=20 >>> The diff patch file I created is at >>>=20 >>> https://git.ipfire.org/?p=3Dpeople/bonnietwin/ipfire-2.x.git;a=3Dcommit;h= =3D4fbf17f4a10fbf2a0ddeae1aa436cf26f6b3a035 >>>=20 >>> Hopefully you can use this as a basis to extract just the bits needed >>> for the cipher negotiation. >>>=20 >>> I will also go back and start again to work on it but focus on it >>> without diverting to anything else, after I have dealt with the wsdd >>> patch modification. >>>=20 >>> Regards, >>>=20 >>> Adolf. >>>=20 >=20 > --=20 > Sent from my laptop --===============6908066660986342104==--