)]}'
{"id":"openvpn~1728","triplet_id":"openvpn~master~Iaf1f3475e4f27a920c028cd73b1a2497953583d0","project":"openvpn","branch":"master","topic":"multipeer","hashtags":[],"change_id":"Iaf1f3475e4f27a920c028cd73b1a2497953583d0","subject":"Do not differentiate TLS server and client context initialisation","status":"NEW","created":"2026-06-22 15:31:08.000000000","updated":"2026-06-25 13:37:02.000000000","submit_type":"CHERRY_PICK","submittable":false,"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"47033a8cfdaa4849afcf4939e5dcafbf899b8bdd","_number":1728,"virtual_id_number":1728,"owner":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"actions":{},"labels":{"Code-Review":{"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-06-22 15:31:16.000000000","updated_by":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"}],"messages":[{"id":"81f0cab4d5c0fef0c250a4122a2e5e990580aed1","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2026-06-22 15:31:08.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"47033a8cfdaa4849afcf4939e5dcafbf899b8bdd","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"date":"2026-06-25 13:37:02.000000000","message":"Uploaded patch set 2: Patch Set 1 was rebased.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"9e251ce7c48f9a749e46bb4051ceaf79b41dc1b8","revisions":{"1eec88cff05fc7eb8135943739c1ab670014a490":{"kind":"REWORK","_number":1,"created":"2026-06-22 15:31:08.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/28/1728/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/28/1728/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1 \u0026\u0026 git checkout -b change-1728 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"0fefdd1d70ac3f8183ca1d136e37071853a692c1","subject":"Add lookup of multi session by session id"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2026-04-14 23:36:33.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2026-06-22 15:30:51.000000000","tz":120},"subject":"Do not differentiate TLS server and client context initialisation","message":"Do not differentiate TLS server and client context initialisation\n\nOpenSSL has the quite curious way of allowing to create contexts\nthat allow only server or only client. This creates extra\ncomplications when we want to use both server and client SSL\nobjects and does not seem to have any advantages.\n\nWe later explicitly tell initialise the SSL objects to be a server or\nclient object in key_state_ssl_init via SSL_set_accept_state or\nSSL_set_connect_state. If this is mismatched we end up getting an\nerror from OpenSSL (\"called a function you should not call\") that\nthat ends up calling a function that is not defined in that\nTLS_method.\n\nLooking into the OpenSSL source (IMPLEMENT_tls_meth_func) the main\ndifference between the methods is whether they have a proper\naccept/connect or have the ssl_undefined_function that triggers the\n\"called a function you should not call\".\n\nOur mBed TLS code basically does give the SSL contet any personlity\nof client or server until we the same area where the OpenSSL code\ncalls the set accept/connect state call.\n\nChange-Id: Iaf1f3475e4f27a920c028cd73b1a2497953583d0\nSigned-off-by: Arne Schwabe \u003carne@rfc2549.org\u003e\n"},"branch":"refs/heads/master"},"9e251ce7c48f9a749e46bb4051ceaf79b41dc1b8":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2026-06-25 13:37:02.000000000","uploader":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"ref":"refs/changes/28/1728/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/28/1728/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2 \u0026\u0026 git checkout -b change-1728 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/28/1728/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"3d148280b63a069b8d6879a7d9be7e5175292aa9","subject":"Add lookup of multi session by session id"}],"author":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2026-04-14 23:36:33.000000000","tz":120},"committer":{"name":"Arne Schwabe","email":"arne@rfc2549.org","date":"2026-06-25 13:36:38.000000000","tz":120},"subject":"Do not differentiate TLS server and client context initialisation","message":"Do not differentiate TLS server and client context initialisation\n\nOpenSSL has the quite curious way of allowing to create contexts\nthat allow only server or only client. This creates extra\ncomplications when we want to use both server and client SSL\nobjects and does not seem to have any advantages.\n\nWe later explicitly tell initialise the SSL objects to be a server or\nclient object in key_state_ssl_init via SSL_set_accept_state or\nSSL_set_connect_state. If this is mismatched we end up getting an\nerror from OpenSSL (\"called a function you should not call\") that\nthat ends up calling a function that is not defined in that\nTLS_method.\n\nLooking into the OpenSSL source (IMPLEMENT_tls_meth_func) the main\ndifference between the methods is whether they have a proper\naccept/connect or have the ssl_undefined_function that triggers the\n\"called a function you should not call\".\n\nOur mBed TLS code basically does give the SSL contet any personlity\nof client or server until we the same area where the OpenSSL code\ncalls the set accept/connect state call.\n\nChange-Id: Iaf1f3475e4f27a920c028cd73b1a2497953583d0\nSigned-off-by: Arne Schwabe \u003carne@rfc2549.org\u003e\n"},"branch":"refs/heads/master"}},"requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"NOT_READY","labels":[{"label":"Code-Review","status":"NEED"}]},{"rule_name":"checks~ChecksSubmitRule","status":"NOT_READY","requirements":[{"status":"NOT_READY","fallback_text":"All required checks must pass","type":"checks_pass"}]}],"submit_requirements":[{"name":"Code-Review","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","-label:Code-Review\u003dMIN"]}},{"name":"checks~ChecksSubmitRule","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"rule:checks~ChecksSubmitRule","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["checks~ChecksSubmitRule"]}}]}
