Re: [Openvpn-devel] [PATCH 5/7] Remove CIPHER_ENABLED

Hi, On 05/12/17 02:45, Gert Doering wrote: > Hi, > > On Sun, Dec 03, 2017 at 03:17:51PM +0100, Steffan Karger wrote: >> On 02-12-17 14:45, Antonio Quartulli wrote: >>> Now that ENABLE_CRYPTO has been removed, CIPHER_ENABLED is basically >>> a useless shortcut which does not really help the

Re: [Openvpn-devel] [PATCH v4] ifconfig-ipv6(-push): allow using hostnames

Hi, On 05/12/17 00:17, Selva Nair wrote: [cut] > I didn't mean to banish ASSERT: it does have some legitimate > uses. IMO, if the invalid input is due to programmer error, say, null > hostname, ASSERT is good and useful to catch it during tests. > But if its a user input error, say, empty

Re: [Openvpn-devel] [PATCH] Added OpenSSL FIPS 2.0 support to OpenVPN

On 03/12/17 16:10, Jim Carroll wrote: [...snip...] > You asked: > > >> +* OpenSSL 1.0.2m > >> +* openssl-fips-2.0.2 > > > I think the points above are expected to be ">="? > > Or are these versions strictly required? > > These versions are strictly required.

Re: [Openvpn-devel] [PATCH] Added OpenSSL FIPS 2.0 support to OpenVPN

Hi Antonio, I've resubmitted our patch(s) for FIPS support. While re-reading your message, I see you asked a question I neglected to answer. In options.h, we declared an integer option 'fips_mode', and you asked: "why not bool?" The reason is extendibility for planned changes in

[Openvpn-devel] [PATCH 1/2] Added support for OpenSSL FIPS Object Module v2.0 validated encryption

From: Jim Carroll Signed-off-by: Jim Carroll --- INSTALL | 78 Makefile.am | 5 +++ configure.ac | 41 +++ src/openvpn/crypto.c |

Re: [Openvpn-devel] [PATCH 09/13] Signed/unsigned warnings of MSVC resolved

Hi, On Wed, Nov 08, 2017 at 06:46:53PM +, Simon Rozman wrote: > > The best time to re-factor a function would be when a a new use case needs > > to change its semantics. Apart from the ill-chosen -err as a return value, > > currently it returns 0 if automatic metric is in use, making it

[Openvpn-devel] [PATCH applied] Re: Remove SSL_LIB_VER_STR

Your patch has been applied to the master branch. commit ca78395352e90c5b30015e23f1918a72a6c4a6ab Author: Antonio Quartulli Date: Sat Dec 2 21:45:38 2017 +0800 Remove SSL_LIB_VER_STR Signed-off-by: Antonio Quartulli Acked-by: Steffan Karger

[Openvpn-devel] [PATCH applied] Re: Remove ENABLE_PUSH_PEER_INFO

Your patch has been applied to the master branch. commit d16529483d72871e1812f8f974f456867f5021d1 Author: Antonio Quartulli Date: Sat Dec 2 21:45:37 2017 +0800 Remove ENABLE_PUSH_PEER_INFO Signed-off-by: Antonio Quartulli Acked-by: Steffan Karger

Re: [Openvpn-devel] [PATCH 5/7] Remove CIPHER_ENABLED

Hi, On Sun, Dec 03, 2017 at 03:17:51PM +0100, Steffan Karger wrote: > On 02-12-17 14:45, Antonio Quartulli wrote: > > Now that ENABLE_CRYPTO has been removed, CIPHER_ENABLED is basically > > a useless shortcut which does not really help the readability of the > > code. Call me silly, but

[Openvpn-devel] [PATCH applied] Re: Remove option to disable crypto engine

Your patch has been applied to the master branch. commit cf49ff503125df08c8ba697c5e0a896fed192e46 Author: Antonio Quartulli Date: Sun Dec 3 20:49:52 2017 +0800 Remove option to disable crypto engine Signed-off-by: Antonio Quartulli Acked-by: Steffan Karger

Re: [Openvpn-devel] [PATCH v4] openvpnserv: Add support for multi-instances

Hi, v4 looks good and passes my tests and "opinionated" demands. Thanks, Simon. On Sun, Dec 3, 2017 at 4:16 PM, Simon Rozman wrote: > > While openvpn.exe can run multiple concurrent processes, openvpnserv.exe > is usually only one single globally unique running process. > >

Re: [Openvpn-devel] [PATCH v3] Remove ENABLE_CRYPTO

Hi, On 04-12-17 02:01, Antonio Quartulli wrote: > The crypto engine cannot be disabled anymore, therefore get > rid of all the related ifdefs in the code. > > This change makes the code simpler and reduces our the > number of config combinations we have to test after a new > change is applied. >

Re: [Openvpn-devel] [PATCH v4] ifconfig-ipv6(-push): allow using hostnames

Hi, Back to the patch I hijacked... :) On Sat, Dec 2, 2017 at 11:14 PM, Antonio Quartulli wrote: > > Similarly to ifconfig(-push), its IPv6 counterpart is now able to > accept hostnames as well instead of IP addresses in numeric form. > > Basically this means that the user is