= Introduction =

This page tracks the ACK/NACK/merge status of Adriaan's PolarSSL patches. So far, these patches have been discussed on the mailinglist, as well as a few IRC meetings:

 * [wiki:Topics-2011-07-14 14th July 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4853 summary and full chatlog])
 * [wiki:Topics-2011-07-21 21st July 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4869 summary and full chatlog])
 * [wiki:Topics-2011-07-28 28th July 2011] ([http://article.gmane.org/gmane.network.openvpn.devel/4877 summary and full chatlog])
 * [wiki:Topics-2011-08-03 3rd Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4879 summary and full chatlog])
 * [wiki:Topics-2011-08-11 11th Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4920 summary and full chatlog])
 * [wiki:Topics-2011-08-25 25th Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4951 summary and full chatlog])
 * [wiki:Topics-2011-09-01 1st Sep 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4974 summary and full chatlog])
 * [wiki:Topics-2011-09-08 8th Sep 2011] ([http://article.gmane.org/gmane.network.openvpn.devel/4979 summary and full chatlog])
 * [wiki:Topics-2011-09-29 29th Sep 2011]

= Patches =

== Doxygen ==

Patches are viewable from [http://thread.gmane.org/gmane.network.openvpn.devel/4740 here].

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[http://thread.gmane.org/gmane.network.openvpn.devel/4747 Added Doxygen doxyfile]||dazo||||
||[http://thread.gmane.org/gmane.network.openvpn.devel/4740 Added data channel crypto docs]||dazo||||
||Added control channel crypto docs||jamesyonan||||
||Added compression docs||jamesyonan||||
||Added reliability layer documentation||jamesyonan||||
||Added memory management documentation||jamesyonan||||
||Added data channel fragmentation docs||jamesyonan||||
||Added main/control docs||jamesyonan||||
||[http://thread.gmane.org/gmane.network.openvpn.devel/4740 Moved doxygen-specific files to a separate directory]||dazo||||

In the [http://thread.gmane.org/gmane.network.openvpn.devel/4823 meeting held July 7th], James Yonan gave an ACK to these patches as long as they don't change any functionality.  As far as I could spot, this is true. (dazo)

== OpenSSL crypto separation ==

Patches are viewable from [http://thread.gmane.org/gmane.network.openvpn.devel/4764 here]

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7b829e3d539108545d47241a1a773cd2551de009 Changed configure to accept --with-ssl-type=openssl]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/55760a88d092d511bbe9495984c7b345f981e2ec Refactored to rand_bytes for OpenSSL-independency]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/b957e47e5cbfd98a6e39790059279edf0a9b448f Refactored OpenSSL-specific constants]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/da5221f8d416a05d552dd0e09885ff7d3a677514 Refactored maximum cipher and hmac length constants]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/8ff526f45566d235b066d70150886f96c81b986c Refactored show_available_* functions]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/33efe72a9c1d9d40609ffc24fb20070f42c4018c Refactored SSL_clear_error()]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/dd253d7934e18343193d085dfe6aff97ea104b05#L3R104 Refactored crypto initialisation functions]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/b8368cccf8b7bc448be9b1b73c83c10499473263 Refactored DES key manipulation functions]||dazo,jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/d86e00908abc3f98e90d589daadfc07caac4f2c7 Refactored NTLM DES key generation]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/21e946650fae0b777f7e0f1811213f167fb0648a Refactored message digest type functions]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/9bacf964d13a357c3d9d1b6a14121c3694477a24 Refactored message digest functions]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f331011e2ab7aa59f5493907a2b1d98925fa7f97 Refactored HMAC functions]||dazo||Additional fixes in [https://github.com/andj/openvpn-ssl-refactoring/commit/7f009fd01788dd5787facd953fe260491ac62b44 this] patch.|| 
||[https://github.com/andj/openvpn-ssl-refactoring/commit/5b8f6dbaf96b0b82a50e4b3c9acb4bbe6f5bf968 Refactored cipher key types]||dazo,jamesyonan||ACK when combined with [https://github.com/andj/openvpn-ssl-refactoring/commit/de00fa7e30d7a68528f1ce7338f4f4e83d665090 this] patch.||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/de00fa7e30d7a68528f1ce7338f4f4e83d665090 Fixed an unintentional change in the options calculated key size]||dazo||A fix to [https://github.com/andj/openvpn-ssl-refactoring/commit/5b8f6dbaf96b0b82a50e4b3c9acb4bbe6f5bf968 this] patch||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/05c901305e658d188e2bf5020a425bace935a8a2 Refactored cipher functions]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/81fd3eda9299a19ed5dce7ac89f8638a41dcc2b3 Added PRNG doxygen]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/07b4cdb87c866059dee207a77faf4f76bfb9d43f Refactored: Moved crypto.h inline functions to end of file]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/740f3b58c7fa48dec5db37e6f6d36b0c47e30957 Removed stale OpenSSL defines from crypto.h]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/fe519cd6f0c382e5b75945e8cac9b825a6e3625f Whitespace fixes in ntlm.c]||'''NACK'''||jamesyonan: only changes style||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f7843d14f10c3755c96f28d96ed02eeae20d0e56 Added a check for Openssl or PolarSSL defines]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/89e31cfb9c6c5fd33600a76c77e645c24dd0663b Moved print messages back to generic crypto.c from cipher backends]||dazo||dazo: ''"We need to fix spelling on -> one"''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7f009fd01788dd5787facd953fe260491ac62b44 Moved HMAC prints back to main crypto module]||dazo||Fix to [https://github.com/andj/openvpn-ssl-refactoring/commit/f331011e2ab7aa59f5493907a2b1d98925fa7f97 this] patch.

== SSL library separation ==

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/46e7d0b6ae89634e70686bf48bfcdca07249f829 Refactored: Added stubs for new files]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/ad858d74599484b3f0d4ee16ffa645e098978a1d Refactored SSL initialisation functions]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/d58b991030ff321dd107e81a400a1e2e1a82bfea Refactored TLS_PRF to new hmac and md primitives]||cron,jamesyonan||Also look [https://github.com/andj/openvpn-ssl-refactoring/blob/master/crypto_openssl.c#L747 here]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/84a1af2ca444672ef3dcd9488c49e16b22f7646e Refactored tls_show_available_ciphers]||cron2,jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/4f5b4ca58d2a16d1d0a88701b260da5a24f1bb99 Refactored get_highest_preference_tls_cipher]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7b0aaa1b779aca13c3d4f4ad36d32cf800cfec06 Refactored root SSL context initialisation]||cron2,jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/47031a84fc2d27e03439ff29baa8f66b6f2794bf Refactored new external key code]||cron2,jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/ab64efc6d3d85b901c0b65794a07ecaba046f376 Refactored DH paramater loading]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/9bb4886227f17d9a5f770294d7953555e7554b13 Refactored root TLS option settings]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/b598dc77bb01e900926fe1c897fab3fca87c1499 Refactored PKCS#12 key loading]||cron2,jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/2751963b9860a1a1fc82dec4851b11ddafac031e Refactored PKCS#11 loading]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/6cd93220509346eb2701188cbb8ca6e77451b494 Refactored windows cert loading]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 Refactored load certificate functions]||jamesyonan||dazo: check if ssl.c causes problems when merging to "master"||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/4431a8b7cf89500b81c9c62774ac75c1937297e3 Refactored private key loading code]||dazo||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/2a5f084332fc7a619107513b17b2f4a3dc0c31b2 Refactored external key loading from management]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/b5ceb7049dd57ac8e7fa05d542c479382a4ed1ed Refactored CA and extra certs code]||||dazo: functional ACK, needs style cleanup in separate patch||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/bde5b4f18e82437cdd6ca93cdc6fb78bfedc924b Refactored cipher restriction code]||dazo||ACK with [https://github.com/andj/openvpn-ssl-refactoring/commit/8e6d02204736f36e5f94ab539fcbcf5f5766f060 this patch]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/899913d235502a2a6bd754e368bbe5a782a83911 Rafactored tls_options, key_state, and key_source data structures]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/68adc0eff8f06eef9d98a4bd12eb36bcbfc62164 Refactored initalisation of key_states]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/1f09fbe7a54779a6b359c139400c71cbb53f5ac9 Refactored key_state free code]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7172f01eee7aa5c78af77f560ab8c5a25666614d Refactored print_details]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/72e75b9776e7528a8e36671f8e5337a00aa840ba Refactored key_state read code (including bio_read())]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/fc50119c1fe1b37cebc76913c66854bce103b68f Refactored key_state write functions]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/d1fa6f792b65f38acbe0728387a1f9b214e2be00 Refactored: Moved BIO debug functions to OpenSSL backend]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77 Refactored: removed ks and ks_lame macro for clarity]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/0c332998f43510afed692febadf1a03dcee57ee9 Refactored: minor whitespace fixes in ssl.c]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/360ff2980be50a6d2d8dececa1854807da4a7a1c Refactored: moved write_empty_string function back]||cron2||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/be3d6f97f7596c91fae5e656854dbfed6de80ec6 Refactored Doxygen for tls_multi functions]||cron2||||

== Verification functions ==

'''NOTE:''' Some Github pages have links to "diff of diff" pages. These make it easier to visualize if / how the patch changes functionality.

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/1e3d80aeafa910a21bf9fe4e23c59392ea6fc551 Migrated data structures needed by verification functions to ssl_common.h]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/365d2319d95f4374072a2b6ea49b1b6c472fbb39 Refactored client_config_dir_exclusive function]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/bbe117b0217180718f9d84ed21c149b0d0f035ad Refactored certificate hash lock checks]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/4254b8152e94fdd46015505157a81a3033700202 Refactored common name locking functions]||jamesyonan||ACK when coupled with [https://github.com/andj/openvpn-ssl-refactoring/commit/5c0202f2be6a28b049d878b6b55019b8b1cfa5dc this patch]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/5c0202f2be6a28b049d878b6b55019b8b1cfa5dc Added back checks for ks->authenticated in verify_user_pass]||jamesyonan||Required by [https://github.com/andj/openvpn-ssl-refactoring/commit/4254b8152e94fdd46015505157a81a3033700202 this patch]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c Refactored username and password authentication code]||jamesyonan||ACK, provided it's [ticket:150 tested properly before 2.3 release]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/77aa7ead6e86082045e5423d88df8cb1d6179efd Add some extra comments]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/950b2182d8846d794ca1339b8d20ad7532801c5f Refactored: split verify_callback into two parts]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/22a6039ac3ae6b09650f74c0db65269099f829fe Added function to extract and verify the subject from a certificate]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/71e27b1e282bf8e10724b69fe4cbeac65dee325b Added function to verify and extract the username]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/43c6568e72c10838ee851dbd96f400cdac90563d Refactored: removed global x509_username_field]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/9213b628af6d93d9c3f067734733323ee79c57f1 Refactored: separated environment setup during verification]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/ac7cefae3d05f993ff25d6ed6fd51d37b9d1c803 Refactored: Netscape certificate type verification]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/2731886dcb714be5af04e0ec5f9df9ff273f8401 Refactored key usage verification code]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/fd9c5f659cfe99a2380ce758c1ccc1b9af7e8d01 Refactored EKU verification]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/cf90d5f8cd4976e641fab81ac8054432f38df1ee Refactored tls-remote checking]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/e9a18e013b1dfedc0f21f1d7f7c2e740c0a968cb Refactored tls-verify-plugin code]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/a60b87394334587f9879da2d469d2a4a4c51a826 Refactored tls-verify script code]||jamesyonan||ACK when coupled with [https://github.com/andj/openvpn-ssl-refactoring/commit/fce243108b1c538359b0f33e7e58a884cc2be2b4 this patch]||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/fce243108b1c538359b0f33e7e58a884cc2be2b4 Moved gc_new and gc_free to begin end of function]||jamesyonan||Requirement for [https://github.com/andj/openvpn-ssl-refactoring/commit/a60b87394334587f9879da2d469d2a4a4c51a826 this] patch||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/e4327902ed2af06f2596cdf306f4a0b76b1f0649 Refactored CRL checks]||jamesyonan||"Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly"||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f67d4841c6edc2d9a9383ae6dce3a694a735dad7 Minor cleanup in verify_cert:]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/5b118dd62369b8d9cb2b425a27b8e7e9ba05ef5f Refactored: Moved verify_cert to ssl_verify]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/840d040a2552da07e948732ffba4dd6ed39581c1 Cleaned up ssl.h]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/3d5d5b3649f46bd812c146a731fba295473eeeb8 Refactored: made M_SSL dependent on USE_OPENSSL]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/368b49096911dfa6b4f1cbf651a2df8ac3d5e937 Refactored: renamed X509 functions from verify_*]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/11e94d8da97765571ecf91c512bcc559507e5f3b Separated OpenSSL-specific parts of the PKCS#11 driver]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7c6edbb0e507f8980b83208c43844d6a0bd582ac Modified base64 code in preparation for PolarSSL merge]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/03225fa7939b9bab6f69b50b36af30565692ad51 Final cleanup before PolarSSL addition:]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/d235530fe14ccca5b9ef12bfbbd367c78d069e43 Refactored X509 track feature to be contained within the openssl backend]||jamesyonan||||

== PolarSSL addition ==

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/0ef8d44cc4b9b10f174101cf420af0a5b2150809 Added PolarSSL support:]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/511691b09e2ac739482260267a0a1b97cd870d36 Fixed a missing include in ssl_backend.h]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f43e33e4abb961a85cd67234c57bf16157b4d764 Fixed a bug in the hash generation in ssl_verify_openssl.c]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/0f3bb68db10ce4aa029501092dc36cddd48d41ed Added SHA_DIGEST_SIZE definition]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/8d4360d179cb176803e330e3a947e6c34315b225 Changed PolarSSL crypto backend to support v0.99-pre5]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/a6ce24ef2999fcc73ee1590fdc4518842c228f4e Updated ssl_polarssl.c to work with 0.99-pre5]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/3bff5d3dc0cd62e24269ad8f1cb1588c9e47b433 Fixed a compilation warning for size_t key sizes]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/bc2dbfc7e9cf9d0552374e49750012a444e2a70f Added a warning that the PolarSSL library does not support pkcs12 files.]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/74ca0110269a46607e3211f8d7c6b1d250361d99 Added warning that --capath is not available with PolarSSL]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f79f1556902d1c73416858813cc75594d3d2fdf6 Disable CryptoAPI when not using OpenSSL, and document that fact.]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/09f156a99ac16c1157392818d43b6dd4b898d659 Removed support for management external keys in PolarSSL]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/b28532360c4ddf2d2bec62b5c7b62d2ae05c9ce1 Removed stray X509_free from ssl.c]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/2b018cc88744bf580e62e3a403b58deba267a798 Refactored (and disabled for PolarSSL) support for writing external cert files in scripts]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/60890102b755390e704a74ee2962780480b50c80 Added an extra define to allow building without PKCS#11]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/5f5eca00f31199571450cceee1f4469154bd4d38 Added SSL library to title string]||||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7c18f7cd1ef7e79a489bf116a4ca33c97227dc08 Disabled X.509 track and username selection for PolarSSL]||||||

== Misc cleanup ==

||'''Patch'''||'''Acked-by'''||'''Notes'''||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/4970f1485d4d2117ccb3b1932965809fc51d8efe Hardening: periodically reset the PRNG's nonce value]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/84916b43b6d614291ec765d93f615be30d519bbb Fixes for the plugin system:]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/3f1647d20ff081cefd54ee80cff64c2234f1e48f Further improvements to plugin support:]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/be63e6e86837cec71b35446a164ab158cd986ab1 Got rid of a few magic numbers in ntlm.c]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/de00fa7e30d7a68528f1ce7338f4f4e83d665090 Fixed an unintentional change in the options calculated key size.]||dazo||(See above)||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/89e31cfb9c6c5fd33600a76c77e645c24dd0663b Moved print messages back to generic crypto.c from cipher backends]||dazo||(See above)||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/7f009fd01788dd5787facd953fe260491ac62b44 Moved HMAC prints back to main crypto module]||dazo||(See above)||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/25a2452776e8701ff6f7c59e73d6d3d216bc5048 Fixed a bug in the return value of ssl_verify when pre_verify failed]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/f543aafc52d8885c36ced7bf0eb74919dc6bb75f Unified verification function return values]||jamesyonan||||
||[https://github.com/andj/openvpn-ssl-refactoring/commit/86338fd1c7925ca7c84fe697e123dc158289f02b Fixed a typo: print the subject instead of the serial for verification e..]||jamesyonan||||