= Introduction = This page tracks the ACK/NACK/merge status of Adriaan's PolarSSL patches. So far, these patches have been discussed on the mailinglist, as well as a few IRC meetings: * [wiki:Topics-2011-07-14 14th July 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4853 summary and full chatlog]) * [wiki:Topics-2011-07-21 21st July 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4869 summary and full chatlog]) * [wiki:Topics-2011-07-28 28th July 2011] ([http://article.gmane.org/gmane.network.openvpn.devel/4877 summary and full chatlog]) * [wiki:Topics-2011-08-03 3rd Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4879 summary and full chatlog]) * [wiki:Topics-2011-08-11 11th Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4920 summary and full chatlog]) * [wiki:Topics-2011-08-25 25th Aug 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4951 summary and full chatlog]) * [wiki:Topics-2011-09-01 1st Sep 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/4974 summary and full chatlog]) * [wiki:Topics-2011-09-08 8th Sep 2011] ([http://article.gmane.org/gmane.network.openvpn.devel/4979 summary and full chatlog]) * [wiki:Topics-2011-09-29 29th Sep 2011] ([http://thread.gmane.org/gmane.network.openvpn.devel/5016 Summary and full chatlog]) * [wiki:Topics-2011-10-06 6th Oct 2011]. = Patches = == Doxygen == Patches are viewable from [http://thread.gmane.org/gmane.network.openvpn.devel/4740 here]. ||'''Patch'''||'''Acked-by'''||'''Notes'''|| ||[http://thread.gmane.org/gmane.network.openvpn.devel/4747 Added Doxygen doxyfile]||dazo|||| ||[http://thread.gmane.org/gmane.network.openvpn.devel/4740 Added data channel crypto docs]||dazo|||| ||Added control channel crypto docs||jamesyonan|||| ||Added compression docs||jamesyonan|||| ||Added reliability layer documentation||jamesyonan|||| ||Added memory management documentation||jamesyonan|||| ||Added data channel fragmentation docs||jamesyonan|||| ||Added main/control docs||jamesyonan|||| ||[http://thread.gmane.org/gmane.network.openvpn.devel/4740 Moved doxygen-specific files to a separate directory]||dazo|||| In the [http://thread.gmane.org/gmane.network.openvpn.devel/4823 meeting held July 7th], James Yonan gave an ACK to these patches as long as they don't change any functionality. As far as I could spot, this is true. (dazo) == OpenSSL crypto separation == Patches are viewable from [http://thread.gmane.org/gmane.network.openvpn.devel/4764 here] ||'''Patch'''||'''Acked-by'''||'''Notes'''||'''Upstream commit'''|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7b829e3d539108545d47241a1a773cd2551de009 Changed configure to accept --with-ssl-type=openssl]||dazo||||0a18017472edb52c5535bc814c2aceaa2b562222|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/55760a88d092d511bbe9495984c7b345f981e2ec Refactored to rand_bytes for OpenSSL-independency]||dazo||||6825182b8137c036afcdc0e48397c0ea5ffc2404|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/b957e47e5cbfd98a6e39790059279edf0a9b448f Refactored OpenSSL-specific constants]||dazo||||b5738e5b858274785eff30edb4748e3f641e0b1c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/da5221f8d416a05d552dd0e09885ff7d3a677514 Refactored maximum cipher and hmac length constants]||dazo||||23ee3563de28820919fe83f8f5b7289dc4ed42ae|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/8ff526f45566d235b066d70150886f96c81b986c Refactored show_available_* functions]||dazo||||7151f3f78ea49e3ce98619884aa4e2aa57cb90fb|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/33efe72a9c1d9d40609ffc24fb20070f42c4018c Refactored SSL_clear_error()]||dazo||||330715f0abec92dad434f3ca38557e5cff03f2a3|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/dd253d7934e18343193d085dfe6aff97ea104b05#L3R104 Refactored crypto initialisation functions]||dazo||||b01cb9ef6b7ed5769f925fc96b6eb534c794203f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/b8368cccf8b7bc448be9b1b73c83c10499473263 Refactored DES key manipulation functions]||dazo,jamesyonan||||183c3d190b12df6c0e9023e5a60f3aa2d3d66140 ||[https://github.com/andj/openvpn-ssl-refactoring/commit/d86e00908abc3f98e90d589daadfc07caac4f2c7 Refactored NTLM DES key generation]||dazo||||4a5a6033f95369a2d94e2dafff1d702f82f118ba|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/21e946650fae0b777f7e0f1811213f167fb0648a Refactored message digest type functions]||dazo||||902f674ef4170fd10cf47f216632e51214db6966|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/9bacf964d13a357c3d9d1b6a14121c3694477a24 Refactored message digest functions]||dazo||||d5f4461779899dc13be3fc7d41e0f0ac308ffa73|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f331011e2ab7aa59f5493907a2b1d98925fa7f97 Refactored HMAC functions]||dazo||Additional fixes in [https://github.com/andj/openvpn-ssl-refactoring/commit/7f009fd01788dd5787facd953fe260491ac62b44 Moved HMAC prints back to main crypto module]||e8c950f12dfd6187f084fb06b6fe6e57c030bdad|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/5b8f6dbaf96b0b82a50e4b3c9acb4bbe6f5bf968 Refactored cipher key types]||dazo,jamesyonan||ACK when combined with [https://github.com/andj/openvpn-ssl-refactoring/commit/de00fa7e30d7a68528f1ce7338f4f4e83d665090 Fixed an unintentional change in the options calculated key size].||670f9dd91aed7ac435b79c0e28e49fa7c256642c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/05c901305e658d188e2bf5020a425bace935a8a2 Refactored cipher functions]||dazo||||485c5f76a15e7f9950a3ee3126dbf50f66f9ef82|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/81fd3eda9299a19ed5dce7ac89f8638a41dcc2b3 Added PRNG doxygen]||dazo||||279a308eed40d756cf6644c5a1a82f2aecda8dd8|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/07b4cdb87c866059dee207a77faf4f76bfb9d43f Refactored: Moved crypto.h inline functions to end of file]||dazo||||76dafacecdcdf30a8278ab3abcec64831e95054f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/740f3b58c7fa48dec5db37e6f6d36b0c47e30957 Removed stale OpenSSL defines from crypto.h]||dazo||||1b1a98069b290512f673db5630eb4134f4899f16|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/fe519cd6f0c382e5b75945e8cac9b825a6e3625f Whitespace fixes in ntlm.c]||'''NACK'''||jamesyonan: only changes style||(skipped)|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f7843d14f10c3755c96f28d96ed02eeae20d0e56 Added a check for Openssl or PolarSSL defines]||dazo||||253329a8588939da09867349c6a6aae62a21c667|| == SSL library separation == ||'''Patch'''||'''Acked-by'''||'''Notes'''||'''Upstream commit'''|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/46e7d0b6ae89634e70686bf48bfcdca07249f829 Refactored: Added stubs for new files]||cron2||||9a160b796e1a40f9635231e5533ce40d46dba25f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/ad858d74599484b3f0d4ee16ffa645e098978a1d Refactored SSL initialisation functions]||cron2||||95993a1df3c39fd2ea9c037b2f0bfcdf040b7d59|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/d58b991030ff321dd107e81a400a1e2e1a82bfea Refactored TLS_PRF to new hmac and md primitives]||cron2,jamesyonan||Also look [https://github.com/andj/openvpn-ssl-refactoring/blob/master/crypto_openssl.c#L747 here]||eab0cf2df1b1f1f73a657384c0fdb201508c0399|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/84a1af2ca444672ef3dcd9488c49e16b22f7646e Refactored tls_show_available_ciphers]||cron2,jamesyonan||||397c0a35c5b36c270678c717e931476dc42bfa5c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/4f5b4ca58d2a16d1d0a88701b260da5a24f1bb99 Refactored get_highest_preference_tls_cipher]||cron2||||b64ffdcf09edd7110c1f851942d0e8d4e05d883c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7b0aaa1b779aca13c3d4f4ad36d32cf800cfec06 Refactored root SSL context initialisation]||cron2,jamesyonan||||6245178696842fb22f2c53d87184236fd471a334|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/47031a84fc2d27e03439ff29baa8f66b6f2794bf Refactored new external key code]||cron2,jamesyonan||||df904551cde7534e3f58809cb810164749fbbc28|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/ab64efc6d3d85b901c0b65794a07ecaba046f376 Refactored DH paramater loading]||cron2||||ac3e8d62ba14d4ee376fd3c9f20bccc3e53e7371|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/9bb4886227f17d9a5f770294d7953555e7554b13 Refactored root TLS option settings]||cron2||||b5563f1154a4a4e1d4742b7194e4974a3b53b78f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/b598dc77bb01e900926fe1c897fab3fca87c1499 Refactored PKCS#12 key loading]||cron2,jamesyonan||||289a8bb806150b418abb64abea26cb4106811850|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/2751963b9860a1a1fc82dec4851b11ddafac031e Refactored PKCS#11 loading]||cron2||||d1013cfe957ab3961b8b78486704ddcdecba513b|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/6cd93220509346eb2701188cbb8ca6e77451b494 Refactored windows cert loading]||cron2||||d494c31501635cbd5ae0e864849901bb3a4d3565|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/df9b63c5c0b3333d7171e76dd3dab87b9274cbf8 Refactored load certificate functions]||jamesyonan||dazo: check if ssl.c causes problems when merging to "master"||f4047d7420bac6bce5e8862771f0c20d42ba68ed|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/4431a8b7cf89500b81c9c62774ac75c1937297e3 Refactored private key loading code]||dazo||||d67c3147b006aed24f0c3f6e0e288bf0d6a55973|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/2a5f084332fc7a619107513b17b2f4a3dc0c31b2 Refactored external key loading from management]||jamesyonan||||5f4eb537d7a4eb28db8bd6211bc8e29ae5c4465a|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/b5ceb7049dd57ac8e7fa05d542c479382a4ed1ed Refactored CA and extra certs code]||||dazo: functional ACK, needs style cleanup in separate patch||244da317ee9d32a04da80e87502883453f6618cc|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/bde5b4f18e82437cdd6ca93cdc6fb78bfedc924b Refactored cipher restriction code]||dazo||ACK with this patch:[https://github.com/andj/openvpn-ssl-refactoring/commit/8e6d02204736f36e5f94ab539fcbcf5f5766f060 Removed a stray Fox-IT tag]||2e74a9d02da9ac071438e24de8561ccf9192e94a|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/899913d235502a2a6bd754e368bbe5a782a83911 Rafactored tls_options, key_state, and key_source data structures]||jamesyonan||||67d8a0d4e9bcca4299158c80f184c7dea57a9eab|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/68adc0eff8f06eef9d98a4bd12eb36bcbfc62164 Refactored initalisation of key_states]||jamesyonan||||d7efe640112f94cb20ce52a6adf0bd1b4d5f4ec2|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/1f09fbe7a54779a6b359c139400c71cbb53f5ac9 Refactored key_state free code]||cron2||||214fc873fe744ac722e9dd69917b6254e2151af2|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7172f01eee7aa5c78af77f560ab8c5a25666614d Refactored print_details]||cron2||||963ad54e53c1fc1b701a9c62231b011243321cef|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/72e75b9776e7528a8e36671f8e5337a00aa840ba Refactored key_state read code (including bio_read())]||jamesyonan||||dd5e1102c1a2a431510be3e5a179c6e264d8f913|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/fc50119c1fe1b37cebc76913c66854bce103b68f Refactored key_state write functions]||jamesyonan||||bf707bd2b1f3af28afed84738e0f6a59db59bb74|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/d1fa6f792b65f38acbe0728387a1f9b214e2be00 Refactored: Moved BIO debug functions to OpenSSL backend]||cron2||||dea110e0531c88c71f71bc91badbaa8f6fb37e72|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7e4fb7ce9e061e180ab2f6a78da15ac0b797cc77 Refactored: removed ks and ks_lame macro for clarity]||jamesyonan||||57513aac1aac93190d56ffb3a1a642460f318253|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/0c332998f43510afed692febadf1a03dcee57ee9 Refactored: minor whitespace fixes in ssl.c]||cron2||||(not found, NACKed?) ||[https://github.com/andj/openvpn-ssl-refactoring/commit/360ff2980be50a6d2d8dececa1854807da4a7a1c Refactored: moved write_empty_string function back]||cron2||||fef565a31640e9de2bc518ea7264a067a5efd38e|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/be3d6f97f7596c91fae5e656854dbfed6de80ec6 Refactored Doxygen for tls_multi functions]||cron2||||897f8be4efa2d4b7cae100fe89838eb62e26f3b3|| == Verification functions == '''NOTE:''' Some Github pages have links to "diff of diff" pages. These make it easier to visualize if / how the patch changes functionality. ||'''Patch'''||'''Acked-by'''||'''Notes'''||'''Upstream commit'''|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/1e3d80aeafa910a21bf9fe4e23c59392ea6fc551 Migrated data structures needed by verification functions to ssl_common.h]||jamesyonan||||49620510205af8623efad434b471a4089851da19|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/365d2319d95f4374072a2b6ea49b1b6c472fbb39 Refactored client_config_dir_exclusive function]||jamesyonan||||88aaf1aefd91b3704b3b00eeddff3befdefbc2b8|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/bbe117b0217180718f9d84ed21c149b0d0f035ad Refactored certificate hash lock checks]||jamesyonan||||82f925b60c0f029295975e64d9acabb53c0a5e3c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/4254b8152e94fdd46015505157a81a3033700202 Refactored common name locking functions]||jamesyonan||ACK when coupled with [https://github.com/andj/openvpn-ssl-refactoring/commit/5c0202f2be6a28b049d878b6b55019b8b1cfa5dc Added back checks for ks->authenticated in verify_user_pass ]||530af3efa38bd4e1044e5982f1970f5d772dbb48|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/ba69026d92958de3dbee6410c016d5b5cff01d6c Refactored username and password authentication code]||jamesyonan||ACK, provided it's [ticket:150 tested properly before 2.3 release]||d0811e643cddd796722fb1d0050ad57168da29d4|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/77aa7ead6e86082045e5423d88df8cb1d6179efd Add some extra comments]||jamesyonan||||e285cdb0a266fe43c282bc77cda4447d3043fffd|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/950b2182d8846d794ca1339b8d20ad7532801c5f Refactored: split verify_callback into two parts]||jamesyonan||||0a67e4621dea40ff5aa292cebbd271633adbf157|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/22a6039ac3ae6b09650f74c0db65269099f829fe Added function to extract and verify the subject from a certificate]||jamesyonan||||971790dae113e4665e1508ab17698047e7321c69|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/71e27b1e282bf8e10724b69fe4cbeac65dee325b Added function to verify and extract the username]||jamesyonan||||dd4cdb9ee740527f32198ef27b9901e396e045be|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/43c6568e72c10838ee851dbd96f400cdac90563d Refactored: removed global x509_username_field]||jamesyonan||||19dd3ef12f45b2c70c0657ea72fbdce5241e45c2|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/9213b628af6d93d9c3f067734733323ee79c57f1 Refactored: separated environment setup during verification]||jamesyonan||||fe100528c780548c21d664d1c14b37cbfd4c3e0f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/ac7cefae3d05f993ff25d6ed6fd51d37b9d1c803 Refactored: Netscape certificate type verification]||jamesyonan||||06d22777e9172efe3b3dc15c1bc2c6ef5d292cfa|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/2731886dcb714be5af04e0ec5f9df9ff273f8401 Refactored key usage verification code]||jamesyonan||||876752aed66a143295d9d0d4e61dc9a8beca2f5e|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/fd9c5f659cfe99a2380ce758c1ccc1b9af7e8d01 Refactored EKU verification]||jamesyonan||||587f419b714d283ad6d5c861d6f1ecf12345b89d|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/cf90d5f8cd4976e641fab81ac8054432f38df1ee Refactored tls-remote checking]||jamesyonan||||a4c926bb5939d95d9e7c0dfd4b83e61a11f86c90|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/e9a18e013b1dfedc0f21f1d7f7c2e740c0a968cb Refactored tls-verify-plugin code]||jamesyonan||||75c67073ed5d35b0efcd2a99492cf34339da08fb|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/a60b87394334587f9879da2d469d2a4a4c51a826 Refactored tls-verify script code]||jamesyonan||ACK when coupled with [https://github.com/andj/openvpn-ssl-refactoring/commit/fce243108b1c538359b0f33e7e58a884cc2be2b4 Moved gc_new and gc_free to begin end of function]||3e44ea55339429ede83857c9e79cc218d6bc297f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/e4327902ed2af06f2596cdf306f4a0b76b1f0649 Refactored CRL checks]||jamesyonan||"Doing low-level stuff like verifying CRL issuers and checking serial numbers is something that's better done by the OpenSSL library directly"||83c49a3ef135141101b71037f315099d32219bbf|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f67d4841c6edc2d9a9383ae6dce3a694a735dad7 Minor cleanup in verify_cert:]||jamesyonan||||3cb348e46e5e356eb7e1fe44d1e35f1152865e28|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/5b118dd62369b8d9cb2b425a27b8e7e9ba05ef5f Refactored: Moved verify_cert to ssl_verify]||jamesyonan||||36fae2ec0d04ee078db6ab3888815ea49660104a|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/840d040a2552da07e948732ffba4dd6ed39581c1 Cleaned up ssl.h]||jamesyonan||||9fb45319cba1f99ffe5538243a4e735191504cc8|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/3d5d5b3649f46bd812c146a731fba295473eeeb8 Refactored: made M_SSL dependent on USE_OPENSSL]||jamesyonan||||71ebd84debcea72d5b86861aca33553eb435126c|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/368b49096911dfa6b4f1cbf651a2df8ac3d5e937 Refactored: renamed X509 functions from verify_*]||jamesyonan||||bb53a20a9b678da3acce6b73cb3d6f73ebdbede9|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/11e94d8da97765571ecf91c512bcc559507e5f3b Separated OpenSSL-specific parts of the PKCS#11 driver]||jamesyonan||||5fe5fe9e6264d45154a7ece8c85fa70173429ff8|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7c6edbb0e507f8980b83208c43844d6a0bd582ac Modified base64 code in preparation for PolarSSL merge]||jamesyonan||||a4da1fe776b774670948f00898d370da614960f5|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/03225fa7939b9bab6f69b50b36af30565692ad51 Final cleanup before PolarSSL addition:]||jamesyonan||||fceecbab9ddd58ccec28aeafa7be39c65f313458|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/d235530fe14ccca5b9ef12bfbbd367c78d069e43 Refactored X509 track feature to be contained within the openssl backend]||jamesyonan||||725336282db0c9f160d6ef577288e5a628959776|| == PolarSSL addition == ||'''Patch'''||'''Acked-by'''||'''Notes'''||'''Upstream commit'''|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/0ef8d44cc4b9b10f174101cf420af0a5b2150809 Added PolarSSL support:]||jamesyonan,cron2||only the modified parts, _polarssl parts will be shown at a slower pace||53f97e1e9125aa9327c7ecf4a1b0b1a0c20cf2de|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/511691b09e2ac739482260267a0a1b97cd870d36 Fixed a missing include in ssl_backend.h]||cron2||||8c96419559b5978cf6096e63caec2c197266b961|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f43e33e4abb961a85cd67234c57bf16157b4d764 Fixed a bug in the hash generation in ssl_verify_openssl.c]||jamesyonan, cron2||||f25d29c9b239b757f5391f0fb1a7353ec6b8bbcf|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/0f3bb68db10ce4aa029501092dc36cddd48d41ed Added SHA_DIGEST_SIZE definition]||jamesyonan, cron2||||7ce40d9931ab9f16c83b282eb0f2ba1ebefd7079|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/8d4360d179cb176803e330e3a947e6c34315b225 Changed PolarSSL crypto backend to support v0.99-pre5]||cron2, jamesyonan||||be0a08d452f7fafde507361c76d8724f047cfb3f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/a6ce24ef2999fcc73ee1590fdc4518842c228f4e Updated ssl_polarssl.c to work with 0.99-pre5]||cron2, jamesyonan||||50d1fc0dd5844fd0ef92b4d09e021f9332fd5e77|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/3bff5d3dc0cd62e24269ad8f1cb1588c9e47b433 Fixed a compilation warning for size_t key sizes]||NACK, %zd is not portable||ack together with [https://github.com/andj/openvpn-ssl-refactoring/commit/82e745b6e4c81b5fa5f0d0793383a292696d2991 Moved from %zd to a more compatible format string (counter_format) ]||Merged both commits into c2896b10c5f170d3821a647c1f38f542fdeba9eb, ACKed by dazo|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/bc2dbfc7e9cf9d0552374e49750012a444e2a70f Added a warning that the PolarSSL library does not support pkcs12 files.]||cron2,jamesyonan||||88133cdb961afcfb2de4576b0647f90378a67cc3|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/74ca0110269a46607e3211f8d7c6b1d250361d99 Added warning that --capath is not available with PolarSSL]||cron2,jamesyonan||||8d26c253e8f62d67b51d50f82c333ed4412000ac|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f79f1556902d1c73416858813cc75594d3d2fdf6 Disable CryptoAPI when not using OpenSSL, and document that fact.]||cron2,jamesyonan||||93c22ecc635bc5047468629f2a5423a153910c0b|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/09f156a99ac16c1157392818d43b6dd4b898d659 Removed support for management external keys in PolarSSL]||cron2, jamesyonan||||5fa82c550f8160bb8dd107bc5f3d516ba996dd6d|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/b28532360c4ddf2d2bec62b5c7b62d2ae05c9ce1 Removed stray X509_free from ssl.c]||jamesyonan||||477127061a22e6e998755c657873aa1b212ea59a|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/2b018cc88744bf580e62e3a403b58deba267a798 Refactored (and disabled for PolarSSL) support for writing external cert files in scripts]||jamesyonan||||8bb72fbcba4721a68333f06d8b38a5ad05f6638a|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/60890102b755390e704a74ee2962780480b50c80 Added an extra define to allow building without PKCS#11]||jamesyonan||||a9bf901c76aca35cb40845177ef639225b6dabd5|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/5f5eca00f31199571450cceee1f4469154bd4d38 Added SSL library to title string]||jamesyonan, cron2||||88203950ef5ce2f23325ceff5ad247033dfa0005|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7c18f7cd1ef7e79a489bf116a4ca33c97227dc08 Disabled X.509 track and username selection for PolarSSL]||jamesyonan||||7dd8bbf574672b60d4776bee0ef9908cf1f49c2f|| == Misc cleanup == ||'''Patch'''||'''Acked-by'''||'''Notes'''||'''Upstream commit'''|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/4970f1485d4d2117ccb3b1932965809fc51d8efe Hardening: periodically reset the PRNG's nonce value]||jamesyonan||||557624e0a7282cf31cd3b58f8155f11f0517f254|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/84916b43b6d614291ec765d93f615be30d519bbb Fixes for the plugin system:]||jamesyonan||||1876ccd012e9e2ca6f8e1cd9e7e9bb4bf24ccecb|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/3f1647d20ff081cefd54ee80cff64c2234f1e48f Further improvements to plugin support:]||jamesyonan||||bcedab1f498d480cc1d4d60789b8459c1498c330|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/be63e6e86837cec71b35446a164ab158cd986ab1 Got rid of a few magic numbers in ntlm.c]||jamesyonan||||New version of same patch applied: 9788322b9566101119484d992364e8b1bb1d4dd4 (ACK by dazo)|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/de00fa7e30d7a68528f1ce7338f4f4e83d665090 Fixed an unintentional change in the options calculated key size.]||dazo||A fix to [https://github.com/andj/openvpn-ssl-refactoring/commit/5b8f6dbaf96b0b82a50e4b3c9acb4bbe6f5bf968 Refactored cipher key types]||1271be60c88e6d7e0208fdb893f1e553c2b5f0cf|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/89e31cfb9c6c5fd33600a76c77e645c24dd0663b Moved print messages back to generic crypto.c from cipher backends]||dazo||dazo: ''"We need to fix spelling on -> one"''||0d4ec3d8bbf39e4802781e1b3c881d76e068217f|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/7f009fd01788dd5787facd953fe260491ac62b44 Moved HMAC prints back to main crypto module]||dazo||Req. by [https://github.com/andj/openvpn-ssl-refactoring/commit/f331011e2ab7aa59f5493907a2b1d98925fa7f97 Refactored HMAC functions]||62242ed28d4cb3adec4edd6c39c6ed3f1c50cb37|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/5c0202f2be6a28b049d878b6b55019b8b1cfa5dc Added back checks for ks->authenticated in verify_user_pass]||jamesyonan||Required by [https://github.com/andj/openvpn-ssl-refactoring/commit/4254b8152e94fdd46015505157a81a3033700202 Refactored common name locking functions]||c94eff3c2fe2f1ae85159294ce89f80d676f8c36|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/fce243108b1c538359b0f33e7e58a884cc2be2b4 Moved gc_new and gc_free to begin end of function]||jamesyonan||Requirement for [https://github.com/andj/openvpn-ssl-refactoring/commit/a60b87394334587f9879da2d469d2a4a4c51a826 Refactored tls-verify script code]||b26341cdb7e58a00c0d2ab5e5b1e3ad59c0a60b7|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/25a2452776e8701ff6f7c59e73d6d3d216bc5048 Fixed a bug in the return value of ssl_verify when pre_verify failed]||jamesyonan||||4ce976fb280fc279fc2f9e6478ca55716cf3d081|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f543aafc52d8885c36ced7bf0eb74919dc6bb75f Unified verification function return values]||jamesyonan||||8a840d832e9576bdcb7c6819a3a9401e0d9fd545|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/8e6d02204736f36e5f94ab539fcbcf5f5766f060 Removed a stray Fox-IT tag]||dazo||Req.by [https://github.com/andj/openvpn-ssl-refactoring/commit/bde5b4f18e82437cdd6ca93cdc6fb78bfedc924b Refactored cipher restriction code]||2e791e6577db296b1b34379e3308a96c2f49afa9|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/86338fd1c7925ca7c84fe697e123dc158289f02b Fixed a typo: print the subject instead of the serial for verification e..]||jamesyonan||||58ddb7b89240e4a484c5171be6df285563eda392|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/f2ca3bf675c500b839c22d2db828a7a73a7054cc Made SSL_CIPHER const in print_details, to fix warning]||dazo||||0e282134d58b15c8fd21defb22c963e96b0d5372|| ||[https://github.com/andj/openvpn-ssl-refactoring/commit/77b34616e70dcab081b2a2f0f567d1ab8fd25349 Moved to PolarSSL 1.0.0:]||dazo||||eaacf8d8f289fefa9a64b85e72552f949d4c28c6||