[PATCH] bugfix: a single SSL record can't contain >16KiB, therefore we must loop when writing a larger buffer

Daniel Lenski dlenski at gmail.com
Fri Dec 1 10:48:25 PST 2017

Oh, I'm immensely grateful that you're a "grumpy pedant" when it comes
to the code standards and structure for OpenConnect. In additional to
being an invaluable tool for me, the logical structure made it really
easy to get started with a new protocol implementation.

I am sorry this patch wasn't up to standards. I sent it at 2am after
spending about 5 hours tracking down this mystifying misbehavior while
trying to submit HIP reports and just wanted to have a record that I
had figured it out. Should've saved it for morning.

I know I need to do some more code cleanup to get GP support moved.
Unfortunately, every time I sit down and tell myself I'm *only* going
to work on final cleanup, I get distracted by some outstanding feature
I'm trying to perfect. Lately it's been support for HIP
(GlobalProtect's CSD/TNCC-like security checker), but now that I'm
done with that I'm actually out of features to support. So I hope I'll
succeed in just doing the cleanup very soon :-D


On Wed, Nov 29, 2017 at 2:00 AM, David Woodhouse <dwmw2 at infradead.org> wrote:
> On Wed, 2017-11-29 at 01:36 -0800, Daniel Lenski wrote:
>> As usual, you're right on all counts, in particular the *non-pedantic*
>> bit about <= vs. <.
> Right on all but *one* count, perhaps... I wasn't *actually* sorry :)
> In general, I think the world is a better place for having grumpy
> pedants maintaining our VPN clients and other security-sensitive pieces
> of software.
> Which brings me back to your outstanding GlobalProtect support. I'd
> love to merge that. If I recall correctly, the only thing that really
> stopped me from doing so last time was this kind of minor detail.
> You've done excellent work in putting it all together, and it just
> needs a little bit of cleanup.
> One thing I find useful for my own development work is to get the patch
> ready to send in my mailer and then actually *read* it before I hit
> send. Look at every line in the email I'm about to send, and make sure
> it makes sense to me as I look at it with fresh eyes. Psychologically,
> having it in a mail composer and with my mouse hovering over the 'send'
> button tends to give me a new perspective, and makes me see the things
> that I'd passed over in the fog of "wtf is wrong... does this work...
> ok that bit works but *now* what's wrong..."

More information about the openconnect-devel mailing list