[Openvpn-devel] [PATCH v2] Only schedule_exit() once

is scheduled - we no longer notify management on redundant exit. Change-Id: I9457f005f4ba970502e6b667d9dc4299a588d661 Signed-off-by: Reynir Björnsson Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] Allow the TLS session to send out TLS alerts

experience is much better with alerts, this compromise is worth it. Change-Id: I0ad48915004ddee587e97c8ed190ba8ee989e48d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH v3] crypto_backend: fix type of enc parameter

. Fix the actual API definition Change-Id: If0dcdde30879fd6185efb2ad31399c1629c04d22 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v1] Fix snprintf/swnprintf related compiler warnings

) Change-Id: If23988a05dd53a519c5e57f2aa3b2d10bd29df1d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/549 This mail reflects

[Openvpn-devel] [PATCH v1] Add bracket in fingerprint message and do not warn about missing verification

From: Arne Schwabe Change-Id: Ia73d53002f4ba2658af18c17cce1b68f79de5781 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH] script-options.rst: Update ifconfig_* variables

- Remove obsolete ifconfig_broadcast. Since this was removed in 2.5.0, do not add a removal note but just completely remove it. - Add missing documentation of IPv6 variants for ifconfig_pool_* variables. Github: #527 Change-Id: Ia8c8de6799f0291fc900628fbd06c8a414e741ca Signed-off-by: Frank

[Openvpn-devel] [PATCH v1] GHA: general update March 2024

- Update to Node 20 versions of actions to avoid warnings - Update to current vcpkg - Update mbedTLS and LibreSSL to latest releases Change-Id: I1ad6a0b1323ce0872f4a3299c5a9f18a982e0126 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

On Fri, Mar 15, 2024 at 05:20:11PM +0100, Frank Lichtenheld wrote: > From: 5andr0 > > So far --server-poll-timeout was only applied > for HTTP proxies, apply it also to SOCKS proxies. > > This removes the default 5 second socks connect timeout > which can be too small depen

[Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

From: 5andr0 So far --server-poll-timeout was only applied for HTTP proxies, apply it also to SOCKS proxies. This removes the default 5 second socks connect timeout which can be too small depending on network setup and replaces it with the configurable overall connect timeout (default 120

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

way. > commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b > Author: Frank Lichtenheld > Date: Fri Mar 8 11:28:18 2024 +0100 > > t_client.sh: Allow to skip tests > > Signed-off-by: Frank Lichtenheld > Acked-by: Gert Doering > Message-Id: <20240308

[Openvpn-devel] [PATCH] Update documentation references in systemd unit files

From: Christoph Schug The systemd unit files for both client and server were referencing outdated documentation as they were hard-coded to the OpenVPN 2.4.x release branch. Change-Id: Iee289aa5df9ee0e9a03c0dc562e45dd39836e794 Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] remove repetitive words in documentation and comments

From: wellweek Change-Id: I4f349963b41ebe155d3866da8955f2d7245d0394 Signed-off-by: wellweek Acked-by: Frank Lichtenheld --- Changes.rst | 2 +- contrib/OCSP_check/OCSP_check.sh | 2 +- doc/man-sections/cipher-negotiation.rst | 2 +- doc/man-sections/vpn

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

have options "client" and "pull" but no "tls-client" in the config, > the "pull" option will not be touched. True, due to short-circuit logic. I will prepare a fix. Regards, -- Frank Lichtenheld ___ Open

Re: [Openvpn-devel] [PATCH OpenVPN3] Add 'pull' to ignored options

t; > In this specific case, resending the patch as an attachment can also work. Since I was confused about the state of this patch: It has been superseded by a patch from Arne, see commit https://github.com/OpenVPN/openvpn3/commit/53614a0cce7775ba0ae4a43887ee03aa2fa098cc Also marked it in Patchwo

Re: [Openvpn-devel] [PATCH] Implement server_poll_timeout for socks

can also take care of it but it would be preferred if the original submitter does it :) Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH 1/1] openvpn-[client|server].service: Remove syslog.target

From: Martin Rys Change-Id: If825e5b1ebc6eecc9e5398f0d8274927b53e5b83 Signed-off-by: Martin Rys Acked-by: Frank Lichtenheld Signed-off-by: Frank Lichtenheld --- distro/systemd/openvpn-cli...@.service.in | 2 +- distro/systemd/openvpn-ser...@.service.in | 2 +- 2 files changed, 2 insertions

[Openvpn-devel] [PATCH v1] samples: Remove tls-*.conf

These are mostly redundant with client/server.conf Let's try to manage to maintain one set of sample configurations before we branch out further. Change-Id: I199541fea5a76c8edef7f67d2dbfc476987dc2f7 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Acked-by: Antonio Quartulli

[Openvpn-devel] IRC community meeting summary (Feb 28th)

on it yet/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v2] Route: remove incorrect routes on exit

. Fixes: Trac #1457 Change-Id: I8a67b82eb4afdc8d82c5a879c18457b41e77cbe7 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v2] Minor fix to process_ip_header

ros. Fixes: Trac https://community.openvpn.net/openvpn/ticket/269 Change-Id: I4b5e8357d872c920efdb64632e9bce72cebee202 Signed-off-by: Gianmarco De Gregori Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to mas

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

, ``--http-proxy-user-pass``, ``--tls-auth``, > ``--auth-gen-token-secret``, ``--peer-fingerprint``, ``--tls-crypt``, > -``--tls-crypt-v2`` and ``--verify-hash`` options. > +``--tls-crypt-v2``, ``--verify-hash`` and ``auth-user-pass`` options. --auth-user-pass for consistency. Rega

[Openvpn-users] Request for feedback: Unbundling easy-rsa on Windows

. Also we assume that very few users actually run OpenVPN as a server on Windows in the first place. But maybe we're wrong? Please let us know. Frank Lichtenheld (for the OpenVPN developers) -- Frank Lichtenheld ___ Openvpn-users mailing list

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

On Wed, Feb 14, 2024 at 05:18:21PM +, tincantech wrote: > On Wednesday, 14 February 2024 at 15:22, Frank Lichtenheld > wrote: > > > Meeting summary for 14 February 2024: > > > > > * New: Easy-rsa in Windows installers > > easy-rsa has included pre-bu

[Openvpn-devel] [PATCH v1] check_compression_settings_valid: Do not test for LZ4 in LZO check

Probably introduced by copy & paste since there is no COMP_ALGV2_LZO. Github: #500 Change-Id: Id6b038c1c0095b2f22033e9dc7090e2507a373ab Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to m

[Openvpn-devel] IRC community meeting summary (Feb 14th)

if people really care about easy-rsa in the Windows installers. Depending on the feedback we might drop it from the installer./ * *Closed: 2.6.9* /Release was done on Monday/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn

[Openvpn-devel] [PATCH v3] Implement support for AEAD tag at the end

as they do not need to buffer a whole packet content and encrypt it to finally write the tag but instead just add the calculated tag at the end of processing. Change-Id: I00821d75342daf3f813b829812d648fe298bea81 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-announce] OpenVPN 2.6.9 released

tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-announce mailing list Openvpn-announce@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-announce

[Openvpn-users] OpenVPN 2.6.9 released

tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users

[Openvpn-devel] OpenVPN 2.6.9 released

tps://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/> Kind regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

changes to buildsystem configuration would be required. Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] IRC community meeting summary (Feb 7th)

and uddr and colleague from Fox IT. Tuesday 13th at 11:00 CET/ Regards, -- Frank Lichtenheld ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v9] Print SSL peer signature information in handshake debug details

certificate: 384 bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp key: 448 bits X448, peer signing digest/type: SHA384 ECDSA Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v8] Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

be in the future. Change-Id: Ic74195a4ed340547c5e862dc2438f95be318c286 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/457

[Openvpn-devel] [PATCH v5] Turn dead list test code into unit test

From: Arne Schwabe Change-Id: I7511bc43cd6a0bcb89476f27d5822ab4a78d0d21 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v5] Windows: enforce 'block-local' with WFP filters

From: Heiko Hund In an attempt to better defend against the TunnelCrack attacks, enforce that no traffic can pass to anything else than the VPN interface when the 'block-local' flags is given with either --redirect-gateway or --redirect-private. Reuse much of the existing --block-outside-dns

[Openvpn-devel] [PATCH v8] test_user_pass: add basic tests for static/dynamic challenges

Change-Id: I8b5570f6314e917f92dce072279efe415d79b22a Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/475 This mail reflects

[Openvpn-devel] [PATCH] documentation: Fixes for previous fixes to --push-peer-info

- Clarify compression IV_ settings - Clarify which settings might come from --setenv Change-Id: Id8615515c8df6e38e931e357396811234faad796 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) For master

[Openvpn-devel] [PATCH] documentation: Update and fix documentation for --push-peer-info

- description of IV_PROTO was outdated, missing a lot of flags - complete list of compression flags, but separate them out - various other style/grammar/typo fixes Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6 Signed-off-by: Frank Lichtenheld --- doc/man-sections/client-options.rst

Re: [Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

On Thu, Feb 01, 2024 at 08:28:21PM +0100, Gert Doering wrote: > Makes sense (I did read the GH issue). > > Your patch has been applied to the master branch. I think it would make sense to apply this to release/2.6 as well, since that uses the same CMake build. Thanks, -- Frank Li

[Openvpn-devel] [PATCH v1] [CMake] Allow unit tests to fall back to hard coded location

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/509 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH] README.cmake.md: Document minimum required CMake version for --preset

CMakePreset.json is supported since 3.19, but we have a version 3 preset file, so need at least 3.21. Github: OpenVPN/openvpn#489 Change-Id: I44c555f6ffa08f2aee739c7f687fa3b678c86231 Signed-off-by: Frank Lichtenheld --- README.cmake.md | 7 ++- 1 file changed, 6 insertions(+), 1 deletion

[Openvpn-devel] [PATCH v7] forked-test-driver: Show test output always

We want to see the progress, at least for slow tests like t_client.sh. Change-Id: I11e0091482d9acee89ca018374cb8d96d22f8514 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master

[Openvpn-devel] [PATCH v6] tests: fork default automake test-driver

: I67d461afbcc9c06b1fc5ab4477141d7b8bd9ba8e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/478 This mail reflects revision 6 of this Change

[Openvpn-devel] [PATCH v4] Ensure that all unit tests use unbuffered stdout and stderr

will be lost. As the unit test x_msg mock implementation prints even fatal on stdout we ensure with this setup method that stdout is also unbuffered. Change-Id: I5c06dc13e9d8ab73997f79b13c30ee8949e5e993 Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one

Re: [Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

On Wed, Dec 20, 2023 at 02:36:37PM +0100, Frank Lichtenheld wrote: > From: Lev Stipakov > > Commits > > 1c4a47f7 ("wintun: set adapter properties via interactive service") > 18826de5 ("Set WINS servers via interactice service") > > ad

[Openvpn-devel] [PATCH v2] tun.c: don't attempt to delete DNS and WINS servers if they're not set

k "has DNS/WINS been pushed?". While on it, convert do_XXX_service() functions to "void" from "bool", since we never check their return values. Change-Id: I21a36d24f8e213c780f55acbe3e4df555c93542a Signed-off-by: Lev Stipakov Acked-by: Frank Lichtenheld --- This chan

[Openvpn-devel] [PATCH v4] cmake: create and link compile_commands.json file

-by: Heiko Hund Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/483 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected

[Openvpn-devel] [PATCH v6] Implement the --tls-export-cert feature

ook. Once the script or plugin call has completed, OpenVPN should delete this file. Change-Id: Ia9b3f1813d2d0d492d17c87348b4cebd0bf19ce2 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it

[Openvpn-devel] [PATCH v2] tests: disable automake serial_tests

that with a custom test driver. But will put that into a separate commit. Change-Id: Ic7265d89142637b0963a6847c6beb06d9163bbb1 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH] documentation: improve documentation of --x509-track

In the current state it was completely unclear to me how you would use this. Extended the description based on reading the code and experimentation. Change-Id: Ibf728f9d624e64ecda094d66fa562bd3916829d2 Signed-off-by: Frank Lichtenheld --- doc/man-sections/script-options.rst | 3 +++ doc/man

[Openvpn-devel] [PATCH v2] Make it more explicit and visible when pkg-config is not found

: Iebaa35a23e217a4cd7739af229cbfc08a3d8854a Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/465 This mail reflects revision 2 of this Change

[Openvpn-devel] [PATCH v8] Extend the error message when TLS 1.0 PRF fails

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/456 This mail reflects revision 8 of this Change. Acked-by according

[Openvpn-devel] [PATCH v6] Fix building mbed TLS with CMake and allow specifying custom directories

Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/377 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH v5] Check PRF availability on initialisation and add --force-tls-key-material-export

support is not available. Change-Id: I04f8c7c413e7cb62c726262feee6ca89c7e86c70 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c

[Openvpn-devel] [PATCH v1] buffer: add documentation for string_mod and extend related UT

Since I was confused what exactly string_mod does, I added documentation and additional UTs to make it clearer. Change-Id: I911fb5c5fa4b41f1fc1a30c6bf8b314245f64a6e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v1] unit_tests: remove includes for mock_msg.h

Not actually used. Change-Id: I5e394bb73702d87562ed354100eaff9b41f5389e Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master and release/2.6. Gerrit URL: https

[Openvpn-devel] [PATCH v1] Move tls_get_cipher_name_pair and get_num_elements to ssl_utils.c

From: Arne Schwabe This allow these functions to be defined without having to include ssl.c/misc.c which pulls in a lot of more dependencies. Change-Id: I605394d4f3872a168d05bbbe52d90f6d48935865 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit

Re: [Openvpn-devel] [Openvpn-Devel] [PATCH] vcpkg-ports/pkcs11-helper: bump to version 1.30

uild-with-disable-shared.patch > delete mode 100644 > contrib/vcpkg-ports/pkcs11-helper/pkcs11-helper-002-dynamic_loader_flags.patch > Changes look reasonable. Build succeeds. Acked-By: Frank Lichtenheld -- Frank Lichtenheld ___ O

[Openvpn-devel] [PATCH] documentation: remove reference to removed option --show-proxy-settings

This option was removed in 2.3.0. Change-Id: I243ba135ce36cff36ba77eead7dcd9354bd94ab7 Signed-off-by: Frank Lichtenheld --- doc/man-sections/proxy-options.rst | 4 1 file changed, 4 deletions(-) diff --git a/doc/man-sections/proxy-options.rst b/doc/man-sections/proxy-options.rst index

[Openvpn-devel] [PATCH v1] GHA: clean up libressl builds with newer libressl

- Update to latest stable release - Work-around patches not required anymore - Official URL of repo has changed Change-Id: I9b8e69f2b9838cea4cb9001f4e8960b8a39724ef Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v5] Remove unused/unneeded/add missing defines from configure/cmake

From: Arne Schwabe Change-Id: Ifd0376b36d4050dc22bc93b8fcf7ed29faef0021 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Replace character_class_debug with proper unit test

From: Arne Schwabe Change-Id: Ib2aa85b9c34d0a0b8b1dfb9f477f56c9a6b705d0 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v2] Change default of "topology" to "subnet"

Change-Id: Iede3e7c028cbb715e28bc88c7e583f84dadc02c8 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/421 This mail reflects

[Openvpn-devel] [PATCH v3] Document tls-exit option mainly as test option

From: Arne Schwabe Change-Id: I93afff2372c4150d6bddc8c07fd4ebc8bfb0cc3e Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Remove dead remains of extract_x509_field_test

From: Arne Schwabe This removes some leftover references to extract_x509_field_test that was removed 15 years ago in commit 564cbab5f. Change-Id: Ie511a586cf022afcab9d67891ff80676ac7d47b9 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit

[Openvpn-devel] [PATCH v1] Remove TEST_GET_DEFAULT_GATEWAY as it duplicates --show-gateway

From: Arne Schwabe This debug code is not very useful as it is outdated and the same functionality is provided by --show-gateway Change-Id: Ie7fd59cc84e2eb024086c28c2ec2a5606a2b2e7c Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v1] Minimal Solaris/OpenIndiana support to Cmake and clean up -Werror

From: Arne Schwabe Change-Id: I66e3dd7b7166459526824fe5ae81a449b375b8db Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v1] Fix check_session_buf_not_used using wrong index

doing anything really useful with i instead of j, it at least is not crashing or anything similar. Noticed-By: Jon Williams (braindead-bf) on Github issue #449 Change-Id: Ia3d5b4946138df322ebcd9e9e77d04328dacbc5d Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was re

[Openvpn-devel] [PATCH v3] Add check for nice in cmake config

From: Arne Schwabe Change-Id: I2cc8f9b82079acca250db5871ffd9fad2997d1a8 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v2] Remove compat versionhelpers.h and remove cmake/configure check for it

: I9c85ccab6d51064ebff2c391740ba8c2d044ed1a Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/445 This mail reflects revision 2 of this Change. Acked

[Openvpn-devel] [PATCH v1] configure.ac: Remove unused AC_TYPE_SIGNAL macro

ignal handlers return void, without needing to use this macro or RETSIGTYPE." Change-Id: I7da7c2d7d34c7e5efd52d448646b4398a1005e77 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to maste

[Openvpn-devel] [PATCH v3] Rename state_change to continue_tls_process

to be set to false. Change-Id: Ib6d713f2eb08a4c39d97de3e1a4a832cedc09585 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/452

[Openvpn-devel] [PATCH v2] sample-keys: renew for the next 10 years

Old expiration was October 2024, less than a year away. Give everyone the chance to get the new keys before tests start failing. Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201 Signed-off-by: Frank Lichtenheld --- sample/sample-config-files/loopback-client | 319

[Openvpn-devel] [PATCH v1] Introduce report_command_status helper function

From: Arne Schwabe Instead of repeating near identical code several times in manage.c, use a small helper function instead. Change-Id: I91f739f5cb43386b2ce767cf3603a76e6b93e216 Acked-by: Frank Lichtenheld Signed-off-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v1] Remove unused function prototype crypto_adjust_frame_parameters

From: Arne Schwabe Change-Id: I1141eb7740d8900ed4af0ff5ff52aa3659df99aa Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/451 This mail reflects

[Openvpn-devel] [PATCH v3] Log SSL alerts more prominently

fatal SSL alert: protocol version which previously needed --verb 8 to be displayed (now verb 3). Also rework the message to be better readable. Change-Id: I6bdab3028c9bd679c31d4177a746a3ea505dcbbf Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit

[Openvpn-devel] [PATCH v2] sample-keys: renew for the next 10 years

Old expiration was October 2024, less than a year away. Give everyone the chance to get the new keys before tests start failing. Change-Id: Ie264ec1ec61fd71e8cc87987be3e2adc2735c201 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved

[Openvpn-devel] [PATCH v2] tun: use is_tun_p2p more consistently

hat are not required. Also use is_tun_p2p in more places. Change-Id: Ice8b95f953c3f7e71657a78ea12b02a08c60aa67 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https:

[Openvpn-devel] [PATCH v5] Various fixes for -Wconversion errors

Change-Id: I6818b153bdeb1eed65870af99b0531e95807fe0f Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/267 This mail reflects revision 5 of this Change. Acked-by

[Openvpn-devel] [PATCH] doc: improve pkcs11 documentation

- Explicitely specify how to provide settings that are per-provider - Misc grammar fixes Change-Id: I176ba2cb885b5304a6897341f5f03dbb4a7f9028 Signed-off-by: Frank Lichtenheld --- doc/man-sections/pkcs11-options.rst | 34 + 1 file changed, 25 insertions(+), 9

[Openvpn-devel] [PATCH v1] Remove CMake custom compiler flags for RELEASE and DEBUG build

From: Arne Schwabe This overwrites the default that cmake automatically sets. In the case of debug builds, this breaks debugging as -O1 already optimises many variables away. Change-Id: I3ca6965799b23d542ababc3e38880317cb46a3ac Acked-by: Frank Lichtenheld --- This change was reviewed

Re: [Openvpn-devel] Typographical Error Corrections - Patch Submission

On Wed, Nov 01, 2023 at 06:23:57PM +, aquilamac...@riseup.net wrote: > I am writing to inform you that I have identified and rectified several > typographical errors in the manpages. An attached patch contains the > necessary changes I've made. LGTM. Acked-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] Add mbedtls3 GHA build

Change-Id: I9edb3e336bb9efe6f555fa6b323a4a0a944f683d Signed-off-by: Frank Lichtenheld --- .github/workflows/build.yaml | 51 1 file changed, 51 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 60d3da5e..cd72f3db

Re: [Openvpn-devel] [PATCH 2/5] Fix unaligned access in macOS/Solaris hwaddr

On Tue, Jan 31, 2023 at 11:59:41AM +0100, Frank Lichtenheld wrote: > On Mon, Jan 30, 2023 at 06:29:33PM +0100, Arne Schwabe wrote: > > The undefined behaviour USAN clang checker found this. > > > > This fix is a bit messy but so are the original structures. > > >

[Openvpn-devel] [PATCH] gerrit-send-mail.py: Add patch version to subject

Change-Id: I75403dfbebeeb4d667c7dd6b8276c6a4f2ae4842 Signed-off-by: Frank Lichtenheld --- dev-tools/gerrit-send-mail.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev-tools/gerrit-send-mail.py b/dev-tools/gerrit-send-mail.py index 851a20a0..5429aef6 100755 --- a/dev

[Openvpn-devel] [PATCH v8] Update README.mbedtls

From: Max Fillinger Change-Id: Ia61c467d85d690752011bafcf112e39d5b252aa7 Signed-off-by: Max Fillinger Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH v7] Add support for mbedtls 3.X.Y

for elliptic curve operations harder to exploit. Change-Id: I445a93e84dc54b865b757038d22318ac427fce96 Signed-off-by: Max Fillinger Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH v2] Add --enable-werror to all platforms in Github Actions

From: Arne Schwabe Change-Id: I8f06a1213fdca233671f8d5746216ae46e84233b Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn

[Openvpn-devel] [PATCH] doc: fix argument name in --route-delay documentation

Also remove redundant "by default". Change-Id: I6f55d15ce6a5fe2f59bbc1cb51c8474f1f81dfca Signed-off-by: Frank Lichtenheld --- doc/man-sections/vpn-network-options.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/man-sections/vpn-network-options.rst

[Openvpn-devel] [PATCH] Remove ability to use configurations without TLS by default

and final warning for people who missed the warning message in OpenVPN 2.6. This commit also removes the documentation for --secret and the static key mode. Change-Id: I4f29953b91cf8e8daf2c9503da44073ad96d0ff5 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed

[Openvpn-devel] [PATCH] Add warning for the --show-groups command that some groups are missing

-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Note: I fixed some typos on-the-fly. See my comments in Gerrit for details. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/366 This mail reflects revision 7

[Openvpn-devel] [PATCH] Print peer temporary key details

-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/364 This mail reflects revision 6 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld

[Openvpn-devel] [PATCH] Add warning if a p2p NCP client connects to a p2mp server

From: Arne Schwabe Change-Id: I85ae4e1167e1395b4f59d5d0ecf6c38befcaa8a7 Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/323 This mail reflects

[Openvpn-devel] [PATCH] Change type of frame.mss_fix to uint16_t

Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/268 This mail reflects revision 4 of this Change. Acked-by according to Gerrit

[Openvpn-devel] [PATCH] dco-win: get driver version

From: Lev Stipakov Print dco-win driver version using the new ioctl. Requires dco-win driver 1.0.0 or newer to work. Change-Id: I1d0d909e7fca3f51b5c848f1a771a989ab040f17 Signed-off-by: Lev Stipakov Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH] dco: warn if DATA_V1 packets are sent to userspace

/issues/422 Change-Id: I8cb2cb083e3cdadf187b7874979d79af3974e759 Signed-off-by: Lev Stipakov Acked-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https

[Openvpn-devel] [PATCH] mss/mtu: make all size calculations use size_t

our codebase). Resolves some -Wconversion warnings. Change-Id: Ic996eca227d9e68279a454db93fcbc86a7bd0380 Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH] generate_auth_token: simplify code

The previous code went through some hoops to avoid compiler warnings. But there is a much easier way by just telling it exactly what you want to do. Also fix typo in variable name while I'm here. Change-Id: Icc86334b26ba1fcc20f4cd03644018d1d16796e3 Signed-off-by: Frank Lichtenheld Acked

[Openvpn-devel] [PATCH] Fix various "Uninitialized scalar variable" warnings from Coverity

These are all not actually problems, since the uninitialized parts are either .unused members of the struct (mroute_addr) or only written to (buflen), but still doesn't hurt to explicitely initialize them. Change-Id: I45cd0917d24570ae9e9db7eb6c370756e4595842 Signed-off-by: Frank Lichtenheld

[Openvpn-devel] [PATCH] Remove last uses of inet_ntoa

inet_ntoa is officially deprecated and in some places its use already causes warnings (e.g. Fedora submissions). Since we mostly use inet_ntop already, just convert the remaining usages to that. Change-Id: I052bebe720ddf26340827f25b94705945e470bfa Signed-off-by: Frank Lichtenheld Acked-by: Arne

  1   2   3   4   5   6   7   8   9   10   >