)]}'
{"id":"openvpn~1758","triplet_id":"openvpn~master~Idb8c0c660a98de8ec549b69f6692a7b41b092eaf","project":"openvpn","branch":"master","attention_set":{"1000003":{"account":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"last_update":"2026-06-30 11:47:24.000000000","reason":"Reviewer was added"}},"removed_from_attention_set":{},"hashtags":[],"change_id":"Idb8c0c660a98de8ec549b69f6692a7b41b092eaf","subject":"oob: Unwrap tls-crypt-v2 server probes (P_CONTROL_OOB_WKC_V1)","status":"NEW","created":"2026-06-30 11:47:23.000000000","updated":"2026-07-02 12:30:33.000000000","submit_type":"CHERRY_PICK","submittable":false,"total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"3cfe3d67b276beb90721394da08eb9a4f647a673","_number":1758,"virtual_id_number":1758,"owner":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"actions":{},"labels":{"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-2,"max":2},"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"values":{"-2":"This shall not be submitted","-1":"I would prefer this is not submitted as is"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"}],"CC":[{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"}]},"pending_reviewers":{},"reviewer_updates":[{"updated":"2026-06-30 11:47:24.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000026,"name":"openvpn-devel","email":"openvpn-devel@lists.sourceforge.net","username":"openvpn-devel"},"state":"CC"},{"updated":"2026-06-30 11:47:24.000000000","updated_by":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"reviewer":{"_account_id":1000003,"name":"plaisthos","display_name":"Arne Schwabe","email":"arne-openvpn@rfc2549.org","username":"plaisthos"},"state":"REVIEWER"}],"messages":[{"id":"43bf86ff7649225d27bc026e1a21ac8560d0dd13","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2026-06-30 11:47:23.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"3cfe3d67b276beb90721394da08eb9a4f647a673","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"date":"2026-07-02 12:30:33.000000000","message":"Uploaded patch set 2: Patch Set 1 was rebased.","accounts_in_message":[],"_revision_number":2}],"current_revision_number":2,"current_revision":"f89df78b7f3dde82f8a4c163dbcecb4557de98c3","revisions":{"5f9d8e33e87bc775a9db0df42edf8b0696936ab0":{"kind":"REWORK","_number":1,"created":"2026-06-30 11:47:23.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/58/1758/1","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/58/1758/1","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1 \u0026\u0026 git checkout -b change-1758 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"35ea41fde6875dd46e7ba0eebe3a4c1ffa88b09d","subject":"oob: Add --server-probe-reply to advertise probe priority/weight"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-30 11:03:12.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-30 11:06:51.000000000","tz":180},"subject":"oob: Unwrap tls-crypt-v2 server probes (P_CONTROL_OOB_WKC_V1)","message":"oob: Unwrap tls-crypt-v2 server probes (P_CONTROL_OOB_WKC_V1)\n\nA tls-crypt-v2 server learns the per-client key only from the wrapped\nclient key (WKc). An out-of-band probe belongs to no session, so the\nclient must carry the WKc with the probe for the server to unwrap it.\n\nAdd the receive/protocol side of this:\n\n  - new opcode P_CONTROL_OOB_WKC_V1 (13): like P_CONTROL_OOB_V1 but with\n    the WKc appended, mirroring CONTROL_HARD_RESET_CLIENT_V3/CONTROL_WKC_V1\n  - tls_wrap_control() appends the WKc for opcode 13; read_control_auth()\n    runs tls_crypt_v2_extract_client_key() for it, loading the per-client\n    key before unwrapping the message\n  - tls_pre_decrypt_lite() accepts opcode 13 and returns VERDICT_VALID_OOB_V1\n  - tls_wrap_oob_standalone() takes the opcode; the server reply stays a\n    plain P_CONTROL_OOB_V1 (the server already holds the key after unwrap)\n  - test_pkt: round-trip test of the wrap/extract/unwrap path\n\nThe client still sends plain probes; sending P_CONTROL_OOB_WKC_V1 is added\nin a following commit.\n\nChange-Id: Idb8c0c660a98de8ec549b69f6692a7b41b092eaf\n"},"branch":"refs/heads/master"},"f89df78b7f3dde82f8a4c163dbcecb4557de98c3":{"kind":"TRIVIAL_REBASE","_number":2,"created":"2026-07-02 12:30:33.000000000","uploader":{"_account_id":1000008,"name":"stipa","display_name":"Lev Stipakov","email":"lstipakov@gmail.com","username":"stipa"},"ref":"refs/changes/58/1758/2","fetch":{"anonymous http":{"url":"http://gerrit.openvpn.net/openvpn","ref":"refs/changes/58/1758/2","commands":{"Branch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2 \u0026\u0026 git checkout -b change-1758 FETCH_HEAD","Checkout":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2","Reset To":"git fetch http://gerrit.openvpn.net/openvpn refs/changes/58/1758/2 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"13ca8fe0be37de4facdfc58b938a3e25015a2852","subject":"oob: Add --server-probe-reply to advertise probe priority/weight"}],"author":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-06-30 11:03:12.000000000","tz":180},"committer":{"name":"Lev Stipakov","email":"lev@openvpn.net","date":"2026-07-02 12:11:49.000000000","tz":180},"subject":"oob: Unwrap tls-crypt-v2 server probes (P_CONTROL_OOB_WKC_V1)","message":"oob: Unwrap tls-crypt-v2 server probes (P_CONTROL_OOB_WKC_V1)\n\nA tls-crypt-v2 server learns the per-client key only from the wrapped\nclient key (WKc). An out-of-band probe belongs to no session, so the\nclient must carry the WKc with the probe for the server to unwrap it.\n\nAdd the receive/protocol side of this:\n\n  - new opcode P_CONTROL_OOB_WKC_V1 (13): like P_CONTROL_OOB_V1 but with\n    the WKc appended, mirroring CONTROL_HARD_RESET_CLIENT_V3/CONTROL_WKC_V1\n  - tls_wrap_control() appends the WKc for opcode 13; read_control_auth()\n    runs tls_crypt_v2_extract_client_key() for it, loading the per-client\n    key before unwrapping the message\n  - tls_pre_decrypt_lite() accepts opcode 13 and returns VERDICT_VALID_OOB_V1\n  - tls_wrap_oob_standalone() takes the opcode; the server reply stays a\n    plain P_CONTROL_OOB_V1 (the server already holds the key after unwrap)\n  - test_pkt: round-trip test of the wrap/extract/unwrap path\n\nThe client still sends plain probes; sending P_CONTROL_OOB_WKC_V1 is added\nin a following commit.\n\nChange-Id: Idb8c0c660a98de8ec549b69f6692a7b41b092eaf\n"},"branch":"refs/heads/master"}},"requirements":[],"submit_records":[{"rule_name":"gerrit~DefaultSubmitRule","status":"NOT_READY","labels":[{"label":"Code-Review","status":"NEED"}]},{"rule_name":"checks~ChecksSubmitRule","status":"OK"}],"submit_requirements":[{"name":"Code-Review","status":"UNSATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"label:Code-Review\u003dMAX -label:Code-Review\u003dMIN","fulfilled":false,"status":"FAIL","passing_atoms":[],"failing_atoms":["label:Code-Review\u003dMAX","-label:Code-Review\u003dMIN"]}},{"name":"checks~ChecksSubmitRule","status":"SATISFIED","is_legacy":true,"submittability_expression_result":{"expression":"rule:checks~ChecksSubmitRule","fulfilled":true,"status":"PASS","passing_atoms":["checks~ChecksSubmitRule"],"failing_atoms":[]}}]}
