-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OpenVPN to CI #1705
Add OpenVPN to CI #1705
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1705 +/- ##
==========================================
- Coverage 78.35% 78.35% -0.01%
==========================================
Files 573 573
Lines 96065 96065
Branches 13764 13764
==========================================
- Hits 75270 75268 -2
- Misses 20195 20196 +1
- Partials 600 601 +1 ☔ View full report in Codecov by Sentry. |
+ int cnum; | ||
if (tls_server) | ||
{ | ||
+ cnum = sk_X509_NAME_num(cert_names); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not a blocker, but why is this change needed? looking at the source, the cert_names
stack doesn't appear to be modified between these assignments of cnum
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once SSL_CTX_set_client_CA_list is called (line 52), in OpenSSL the passed in cert_names stack remains untouched but AWS-LC resets it. So later when sk_X509_NAME_num is called (previously line 59), we get a 0 length in AWS-LC which causes an error below when cnum != added (line 60). Therefore, we obtain the length of the stack before calling SSL_CTX_set_client_CA_list. This patch doesn't break behavior for OpenSSL either.
## What's Changed * Added options to x509 tool by @ecdeye in #1696 * Add support to detect Neoverse V2 cores by @andrewhop in #1706 * Move OCSP functions for Ruby out of internal.h by @samuel40791765 in #1704 * Add aes-256-xts to EVP_get_cipherbyname by @torben-hansen in #1707 * Match using CMAKE_SYSTEM_PROCESSOR_LOWER by @justsmth in #1709 * Update MySQL to 9.0.0 by @skmcgrail in #1685 * [EC] Unify scalar multiplication for P-256/384/521 by @dkostic in #1693 * Adds const qualifier to ciphertext parameter in EVP_PKEY_decapsulate by @maddeleine in #1713 * Upstream merge 2024 06 24 by @nebeid in #1661 * NIST SP 800-108r1-upd1: KDF Counter Implementation by @skmcgrail in #1644 * Upstream merge 2024 07 09 by @nebeid in #1694 * Design for support of HMAC precomputed keys by @fabrice102 in #1574 * Fix for select point from table in ec_nistp scalar_mul by @dkostic in #1719 * X509toolcomparison by @ecdeye in #1714 * AWS-LC s2n-bignum update 2024-07-22 by @dkostic in #1718 * Add OpenVPN to CI by @smittals2 in #1705 * Lower required Go version, add CI test for specific version by @andrewhop in #1717 * ec2-test-framework enhancements and graviton 4 testing by @samuel40791765 in #1715 * sha + chacha: Move AArch64/X86-64 dispatching to C. by @justsmth in #1625 * Show number of pruned ec2 instances in dashboard by @samuel40791765 in #1728 * rsa and md5 tools by @ecdeye in #1722 * FIPS 203 IPD update: ML-KEM-IPD-768 and ML-KEM-IPD-1024 by @jakemas in #1724 * bump mysql CI to 9.0.1 by @samuel40791765 in #1727 * Support utility OCSP request functions by @samuel40791765 in #1708 * add support for OCSP_SINGLERESP functions by @samuel40791765 in #1703
Description of changes:
Call-outs:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.