From: Arne Schwabe
This helps with IDE integration among other things.
This is a basic implementation for development purposes
that can't replace any of the existing release builds.
Change-Id: I666314a223d324ca72dbe7ba7d22f764996d3ca2
Signed-off-by: Arne Schwabe
Signed-off-by: Frank
None of this is likely relevant for a current reader.
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/vpn-network-options.rst | 9 ++---
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/doc/man-sections/vpn-network-options.rst
b/doc/man-sections/vpn-network-options.rst
Signed-off-by: Frank Lichtenheld
---
docs/man/openvpn3-config-manage.1.rst | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/docs/man/openvpn3-config-manage.1.rst
b/docs/man/openvpn3-config-manage.1.rst
index 56c0704..a919990 100644
--- a/docs/man/openvpn3-config
!route_table_warned)
> +{
> +msg(M_WARN, "NOTE: table specified for --route, but not
> supported on this platform");
> +route_table_warned = true;
> +}
> }
> -add_route_to_option_list(options
.c | 15 ++-
> 1 file changed, 10 insertions(+), 5 deletions(-)
Looks good to me.
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
}
> +if (!status || !message)
> {
> buf_printf(, "[Unknown Win32 Error]");
> }
> --
> 2.34.1
>
>
>
> _______
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge
It is generated from t_client.sh.in by configure,
so no need to ship it. Due to the dependency on
the configuration it also might break reproducibility
of the dist tarball.
Signed-off-by: Frank Lichtenheld
---
tests/Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff
From: Michael Nix
Signed-off-by: Frank Lichtenheld
---
src/openvpn/options.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 3914ab23..f5b09ab7 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -248,7
we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.ne
we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
IPv6, of course.
To be fair, he implemented it in the same way all the other parameters are
implemented. That is why
I did not complain about that (e.g. compare ro->metric, which is treated
exactly the same way).
However, I agree with your general sentiment.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
t;
> +uint32_t table_id = 0;
> +if ((r6->flags & RT_TABLE_DEFINED) && (r6->table_id > 0))
Isn't r6->table_id an uint32 ?
> +{
> +table_id = r6->table_id;
> +}
> +
> status = RTA_SUCCESS;
> int ret = net_route_v6_add(ctx, >network, r6->netbits,
> gateway_needed ? >gateway : NULL,
> - device, 0, metric);
> + device, table_id, metric);
> if (ret == -EEXIST)
> {
> msg(D_ROUTE, "NOTE: Linux route add command failed because route
> exists");
[...]
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Annoyingly this requires custom vcpkg triplets because
the mingw toolchain definition and the vcpkg_configure_make
function use incompatible default triplets (-pc-mingw32 vs
-w64-mingw32).
Change-Id: I4e671938220e9bfd798f91819f34b6f8ceaa45f5
Signed-off-by: Frank Lichtenheld
---
...to-succeed
To be in line with current vcpkg packaging policies.
Change-Id: Ifad0965a2b724b0b278783ba9c0ad5a82274445d
Signed-off-by: Frank Lichtenheld
---
.github/workflows/build.yaml | 1 +
contrib/vcpkg-ports/pkcs11-helper/CONTROL| 4
contrib/vcpkg-ports/pkcs11-helper/vcpkg.json
Frank Lichtenheld (3):
vcpkg-ports/pkcs11-helper: Make compatible with mingw build
vcpkg-ports/pkcs11-helper: Convert CONTROL to vcpkg.json
vcpkg-ports/pkcs11-helper: reference upstream PRs in patches
.github/workflows/build.yaml | 1 +
...to-succeed-if-configured
So it is easier to check the merge status.
Change-Id: Ia1f8a8d26d4752a7dda1a20521c59ded06bc7c52
Signed-off-by: Frank Lichtenheld
---
...1-Allow-the-build-to-succeed-if-configured-with-disabl.patch | 2 ++
.../vcpkg-ports/pkcs11-helper/pkcs11-helper-001-RFC7512.patch | 2 ++
.../pkcs11-helper
into : on previous line)
Enumerated list start value not ordinal-1
(error in numbering)
Change-Id: Id3b0f7be4602f70115c60e6ddb89f6ed58e94e64
Signed-off-by: Frank Lichtenheld
---
doc/Makefile.am | 6 ++-
doc/man-sections/connection-profiles.rst | 3 +-
doc/man
, the general assumption
"a const pointer to a clearly uninitialized area is not useful" is
valid in general. Testing the pointer for NULL like we do is literally
the one and only thing you can do with it.
On anything other than -O0 it will make no difference anyway. And removing
the const
We need this for the MSI build. Previously this was enabled
by default.
Signed-off-by: Frank Lichtenheld
---
.github/workflows/build.yaml | 2 +-
src/openvpn/vcpkg.json | 5 -
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github
This was added back in commit
6187644b660ce284d0a706811eae2dce7cb411b2
to support the NSIS windows installer.
It is now unused.
Signed-off-by: Frank Lichtenheld
---
.gitignore| 1 -
Makefile.am | 5 -
configure.ac | 1 -
version.sh.in | 4
4 files changed, 11 deletions
This only defines three types and none of them is
used anywhere in our source code.
Signed-off-by: Frank Lichtenheld
---
configure.ac | 5 +
src/openvpn/syshead.h | 16
2 files changed, 1 insertion(+), 20 deletions(-)
Suggested by Arne in his CMake patch
Just some very basic tests.
Signed-off-by: Frank Lichtenheld
---
tests/unit_tests/openvpn/test_buffer.c | 59 ++
1 file changed, 59 insertions(+)
diff --git a/tests/unit_tests/openvpn/test_buffer.c
b/tests/unit_tests/openvpn/test_buffer.c
index 9e3b1d2e..5e61fb07
on the length of the source argument
[-Werror=stringop-overflow=]
Warning was at least triggered for
mingw-gcc version 10-win32 20220113.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
v2:
- make len size_t and change code to avoid
on the length of the source argument
[-Werror=stringop-overflow=]
Warning was at least triggered for
mingw-gcc version 10-win32 20220113.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/buffer.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/buffer.c b/src/openvpn
acloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
Github will stop supporting them on April, 1st.
Signed-off-by: Frank Lichtenheld
---
.github/workflows/build.yaml | 15 ---
1 file changed, 15 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index a3ca7a2e..99ae437e 100644
--- a/.github
acloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
acloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> >
> > That said, in a cross-platform code base one often has to make changes
> > to please compilers just to get things to build.
>
> I don't mind what we're doing here... just that I want to avoid the
> impression as though MSVC were setting
h set
Tested MSVC build (in my cmake branch) and verified that this is a
suitable replacement for my earlier attempt to fix same issue.
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lis
; ACK-ed yet.
Actually, I acked that whole series. However there was a problem with
my mail configuration on that day and so Gmail rejected them. They
are on the list however.
But feel free to integrate this and I can re-ack the patch.
Regards,
--
Frank
On Fri, Mar 24, 2023 at 07:30:51PM +0100, Matthias Andree wrote:
> Am 23.03.23 um 15:31 schrieb Frank Lichtenheld:
> > Currently this is not obvious since we never build the
> > UTs with MSVC, but it doesn't like the initializers with
> > "const" variables. They cau
n incorporate similar changes for
> test_pkcs11 into a v2 of the relevant patch as those have not been
> ACK-ed yet.
The attached patch seems to work, yes.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@
esn't like the empty initializer.
error C2059: syntax error: '}'
CC: Selva Nair
Signed-off-by: Frank Lichtenheld
---
tests/unit_tests/openvpn/cert_data.h | 240 +++---
tests/unit_tests/openvpn/test_cryptoapi.c | 10 +-
tests/unit_tests/openvpn/test_pkcs11.c| 10 +-
3 files ch
l | 8 ++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
Worked in the PR, so
Acked-By: Frank Lichtenheld
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
air
I reviewed this on Github, with a focus on the configuration part.
Approved it there, so
Acked-By: Frank Lichtenheld
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Wed, Mar 22, 2023 at 06:14:54PM -0400, selva.n...@gmail.com wrote:
> From: Selva Nair
>
> - This function will be reused for testing pkcs11
>
> Signed-off-by: Selva Nair
This just moves code around.
Acked-By: Frank Lichtenheld
--
Fr
>
> Change-Id: If4fb45b3426f5e0dbe6c87d5bd05681b9d733827
How did you end up with two change ids?
> Signed-off-by: Arne Schwabe
> ---
> doc/man-sections/generic-options.rst | 22 --
> 1 file changed, 16 insertions(+), 6 deletions(-)
Review happened in Gerrit.
Acked-By: Frank L
/community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing
/community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-users mailing li
/community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing li
explicit* references to
srcdir and top_srcdir it works correctly.
Signed-off-by: Frank Lichtenheld
---
tests/unit_tests/openvpn/Makefile.am | 220 +-
tests/unit_tests/plugins/auth-pam/Makefile.am | 6 +-
2 files changed, 110 insertions(+), 116 deletions(-)
diff --git a/tests/
ES = test_search_and_replace.c
$(sut_sourcedir)/utils.h $(sut_sourcedir)/utils.c
+auth_pam_testdriver_SOURCES = test_search_and_replace.c
$(top_srcdir)/src/plugins/auth-pam/utils.h
$(top_srcdir)/src/plugins/auth-pam/utils.c
Will send a patch.
Regards,
--
Frank Lichtenheld
_
Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lis
Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Regards,
--
Frank Lichtenheld
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.source
Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.source
the changes of v3. v5 combines the changes from v3 and v4
- fix build failure GHA/ubuntu1804/mbedtls
- fix build failure GHA/ubuntu2204/libressl
Signed-off-by: Frank Lichtenheld
---
.github/workflows/build.yaml | 22 +-
configure.ac | 82 +++-
2
On Wed, Feb 15, 2023 at 04:04:55PM +0100, Frank Lichtenheld wrote:
> Automatically disabled when
> - iproute2 is enabled
> - libnl-genl is missing on Linux
> - libnv is missing on FreeBSD
>
NAK, I accidentially based this on v2 instead of v3.
--
Fr
Automatically disabled when
- iproute2 is enabled
- libnl-genl is missing on Linux
- libnv is missing on FreeBSD
Signed-off-by: Frank Lichtenheld
---
.github/workflows/build.yaml | 13 ++
configure.ac | 79
2 files changed, 66 insertions
By: Frank Lichtenheld
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
quot;will"
> +These clients will always announce support for all their supported AEAD
> ciphers
> (`AES-256-GCM`, `AES-128-GCM` and in newer versions also
> `Chacha20-Poly1305`).
>
> To support OpenVPN 3.x based clients at least one of these ciphers needs to
> be
--
: Jrjestelmkutsulle
> annettu data-alue on liian pieni. (fd=ffff,code=122)
>
Acked-By: Frank Lichtenheld
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ce 100644
> --- a/doc/openvpn.8.rst
> +++ b/doc/openvpn.8.rst
> @@ -97,6 +97,8 @@ https://community.openvpn.net/openvpn/wiki/FAQ
>
> HOWTO
> =
> +The manual ``openvpn-examples``\(5) give some examples, especially for
"gives"
> +small setups.
Other than
as something
like "add_var" and do the logging as the variables are added? That would
avoid the need for the additional allocations and parsing.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
asymetric compression */
> -
> +#define COMP_F_ALLOW_NOCOMP_ONLY(1<<7) /* Do not allow compression
> framing like stub v2 or comp-lzo no. Breaks DCO */
This sounds like this setting breaks DCO. But I think you mean compressio
Relevant defines/typedefs:
typedef UINT_PTRSOCKET;
if defined(_WIN64)
typedef unsigned __int64 UINT_PTR;
else
typedef unsigned int UINT_PTR;
endif
ifdef _WIN64
define PRIuPTR PRIu64
else
define PRIuPTR PRIu32
endif
Remove duplicated include of inttypes.h
Signed-off-by: Frank
-by: Frank Lichtenheld
---
configure.ac | 82
1 file changed, 63 insertions(+), 19 deletions(-)
v2: error out when libnl-genl is missing as discussed with ordex on
IRC.
v3:
- improvements to the messages, suggested by Selva
- further
Make consistent with the other options.
Signed-off-by: Frank Lichtenheld
---
configure.ac | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
A small issue I noticed when staring at configure.ac for "enable
DCO by default" patch.
diff --git a/configure.ac b/configur
-by: Frank Lichtenheld
---
configure.ac | 78
1 file changed, 61 insertions(+), 17 deletions(-)
v2: error out when libnl-genl is missing as discussed with ordex on
IRC.
diff --git a/configure.ac b/configure.ac
index 91500087..acfa4bc1 100644
Signed-off-by: Frank Lichtenheld
---
src/openvpn/options.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 6ae3faf8..ab1b01cf 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1041,6 +1041,7 @@ setenv_settings(struct
Since I needed to test mingw builds today, I took a
look into the warnings reported.
Most of those patches are trivial and
straightforward. Not 100% sure whether the recv/send
one is a good idea.
Frank Lichtenheld (5):
Windows: fix unused function setenv_foreign_option
Windows: fix unused
On Linux those functions actually take void pointer,
so no behavior change there. On Windows, we avoid
warnings about unsigned char vs char.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/manage.c | 4 ++--
src/openvpn/proxy.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff
Signed-off-by: Frank Lichtenheld
---
src/openvpn/error.c | 4 ++--
src/openvpn/syshead.h | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/error.c b/src/openvpn/error.c
index 89a08cec..a2c9aa4c 100644
--- a/src/openvpn/error.c
+++ b/src/openvpn/error.c
Signed-off-by: Frank Lichtenheld
---
src/openvpn/win32.c | 7 +++
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
index 44176936..ad3d9bf6 100644
--- a/src/openvpn/win32.c
+++ b/src/openvpn/win32.c
@@ -1358,7 +1358,6 @@ win32_get_arch
At this point it might be easier to create a
dedicated function for Windows...
Signed-off-by: Frank Lichtenheld
---
src/openvpn/route.c | 32
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 82519c94
It is time.
Automatically disabled when
- iproute2 is enabled
- libnl-genl is missing on Linux
- libnv is missing on FreeBSD
Signed-off-by: Frank Lichtenheld
---
configure.ac | 79 +---
1 file changed, 62 insertions(+), 17 deletions(-)
diff
When reviweing OpenVPN/openvpn#231 I noticed this was
missing from Changes.rst.
Signed-off-by: Frank Lichtenheld
---
Changes.rst | 5 +
src/openvpn/options.c | 1 -
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/Changes.rst b/Changes.rst
index 4942a580..dc829032
oAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
> +{
> +msg(M_NONFATAL, "ERROR: cryptoapicert not supported in this version");
"in this version" sounds wrong to me. That might indicate to the user that
they need a newer or older version of OpenVPN. Maybe
"th
rc/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
> index 6ff4fcb5..9fd5aea9 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -210,49 +210,29 @@ find_certificate_in_store(const char *cert_prop,
> HCERTSTORE cert_store)
This seems to ask for a unit
On Mon, Jan 30, 2023 at 06:29:33PM +0100, Arne Schwabe wrote:
> The undefined behaviour USAN clang checker found this.
>
> This fix is a bit messy but so are the original structures.
>
Acked-By: Frank Lichtenheld
Well, it doesn't make it worse vOv
Regards,
--
Frank
@1.1 openssl@3 lzo lz4 man2html cmocka
> libtool automake autoconf libressl
> @@ -400,6 +404,7 @@ jobs:
>CFLAGS: ${{ matrix.cflags }}
>LDFLAGS: ${{ matrix.ldflags }}
> CC: ${{matrix.cc}}
> + UBSAN_OPTIONS: print_stacktrace=
ogen.sh
> working-directory: libressl
> @@ -417,7 +417,7 @@ jobs:
> run: autoreconf -fvi
> working-directory: libressl
>- name: "libressl: configure"
> -run: ./configure --enable-openvpn
> +run: ./configure
> w
->opt.auth_token_key.hmac;
> if (check_hmac_token(ctx, b64decoded, up->username))
Acked-By: Frank Lichtenheld
Trivial enough.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
proper masking
> (deferring) of signals during update not possible.
>
> Improve this:
>
> - Use sigaction to properly mask signals when modifying.
>
Acked-By: Frank Lichtenheld
Stared at code intensively. AFAICT this should not change the
general behavior except to be more gener
On Fri, Jan 27, 2023 at 08:41:38PM +0100, Matthias Andree wrote:
> Am 25.01.23 um 20:50 schrieb Frank Lichtenheld:
> > The OpenVPN community project team is proud to release OpenVPN 2.6.0.
> > This is the new stable version of OpenVPN with some major new features.
>
> Hi Fran
nd Ubuntu packages are available in the official apt repositories:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind re
nd Ubuntu packages are available in the official apt repositories:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind re
nd Ubuntu packages are available in the official apt repositories:
<https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos>
On Red Hat derivatives we recommend using the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind re
for
2.7 at this point in time. And even if, splitting up patches might still be
worthwile, if it reduces the individual complexity.
So I would say: go ahead.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
g in such cases.
>
> Especially important on Windows where automatic loading of p11-kit
> is not enabled in our release builds.
>
> - Document this behaviour.
>
Acked-By: Frank Lichtenheld
LGTM.
I was looking at the warning messages whether they are consistent with
ng the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
ng the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
ng the Fedora Copr repository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
ons to be taken over by an illegimate client, binding the
> renegotiations tightly to the original session. Especially when 2FA, webauth
> or similar authentication is used, many third party setup ignore the need
> to secure renegotiation with an auth-token.
>
Acked-By: Frank Lichtenheld
We listed those in Changes, but did not update the documentation.
Signed-off-by: Frank Lichtenheld
---
doc/man-sections/unsupported-options.rst | 11 +++
1 file changed, 11 insertions(+)
diff --git a/doc/man-sections/unsupported-options.rst
b/doc/man-sections/unsupported-options.rst
option".
> +enable-strict-options has been removed. Logging of mismatched options has
> +been moved to debug logging.
>
> User-visible Changes
>
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Wed, Jan 11, 2023 at 12:02:14PM +0100, Arne Schwabe wrote:
> Am 16.12.22 um 14:11 schrieb Frank Lichtenheld:
> > On Mon, Dec 12, 2022 at 12:38:41PM +0100, Arne Schwabe wrote:
> > > Am 27.11.22 um 15:25 schrieb Frank Lichtenheld:
> > > > That makes it possible
On Wed, Jan 11, 2023 at 08:39:51AM +0100, Gert Doering wrote:
> Hi,
>
> On Tue, Jan 10, 2023 at 06:02:57PM +0100, Frank Lichtenheld wrote:
> > @@ -27,7 +27,7 @@ ${top_builddir}/src/openvpn/openvpn --cd
> > ${top_srcdir}/sample --config sample-co
> > # first off che
Not enabled by default with OpenSSL 3, so we don't
see this in our builds.
While here add missing entries to .gitignore (which
is what made me look at engine-key test in the first
place).
Signed-off-by: Frank Lichtenheld
---
.gitignore | 4
tests
Warning by GCC 12:
pkcs11_openssl.c:237:22: warning:
dangling pointer ‘tbs’ to ‘enc’ may be used [-Wdangling-pointer=]
Signed-off-by: Frank Lichtenheld
---
src/openvpn/pkcs11_openssl.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/pkcs11_openssl.c b/src
On Mon, Jan 09, 2023 at 05:36:06PM +0100, Arne Schwabe wrote:
> Am 09.01.23 um 16:01 schrieb Frank Lichtenheld:
> > On Mon, Dec 12, 2022 at 12:27:45PM +0100, Arne Schwabe wrote:
> > > Currently we have only one slot for renegotiation of the session/keys.
> > >
verhead (in bytes) added to the destination buffer by
> @@ -171,6 +183,8 @@ void tls_crypt_v2_init_server_key(struct key_ctx
> *key_ctx, bool encrypt,
> *
> * @param key Key structure to be initialized with the client
> *
SHOW_STR(auth_user_pass_verify_script);
> @@ -7452,6 +7457,22 @@ add_option(struct options *options,
> options->cf_max = cf_max;
> options->cf_per = cf_per;
> }
> +else if (streq(p[0], "connec
On Thu, Dec 29, 2022 at 11:29:29AM +0100, Frank Lichtenheld wrote:
> On Thu, Dec 29, 2022 at 12:27:46PM +0500, Vladislav Grishenko wrote:
> [...]
> > v15:
> > rebase to master (Dec 2022)
> > add optional port argument to --remote and --remote-srv usage message
&g
SRV 0 0 51194 conn-test-server.openvpn.org.
Regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
status
of the option.
Signed-off-by: Frank Lichtenheld
---
src/openvpn/options.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 7395019e..ee378304 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -543,8
epository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-announce mailing list
Openvpn-announce@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-announce
epository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
epository.
<https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
Kind regards,
--
Frank Lichtenheld
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
201 - 300 of 6982 matches
Mail list logo