Acked-by: Gert Doering
Explanation and code make sense. Test compiled on Ubuntu18/MinGW.
Your patch has been applied to the master and release/2.5 branch (bugfix).
And I managed to unmess the From: line before pushing :-) (and I *do*
have a pre-push-hook in place now that wakes me up next mond
Am 22.03.21 um 10:55 schrieb Gert Doering:
> Hi,
>
> (I have changed the Subject: line to make clear that this is a bigger
> topic now)
>
> On Mon, Mar 22, 2021 at 11:51:46AM +0200, Lev Stipakov wrote:
>> For 2.6, I think we should drop openvpn-build for Windows (VS)
>> building and switch to vcp
Acked-by: Gert Doering
"I have always wondered why we need these..." - and if Windows isn't
it (anymore), out that stuff goes. It might break old Solaris compilers,
but gcc exists... and I tested on our OpenIndiana buildslave, and that one
is happy with the change.
Your patch has been applied t
FormatMessage() sets the last error according to its own success. This
looses the original error code leading to mismatched error message and
error number when sprintfted together resulting in confusing event log
message.
Signed-off-by: Simon Rozman
---
src/openvpnserv/common.c | 6 --
1 fil
Your patch has been applied to the master branch.
Only limited client-side testing (compile + t_client on one platform),
staring-at-code suggests that no surprises are lurking.
commit 5b8a1231b90697774ae1dea986039b5d9809
Author: Arne Schwabe
Date: Mon Mar 22 10:16:21 2021 +0100
Deprec
Your patch has been applied to the master branch.
commit 26117a82d70dbd90f2260dd9895620394f040239
Author: Arne Schwabe
Date: Tue Sep 8 17:41:57 2020 +0200
Document the simple self-signed certificate setup in examples
Signed-off-by: Arne Schwabe
Acked-by: Antonio Quartulli
These functions seem to have been added to avoid MSVC compiler warnigns.
However nowadays, they trigger compiler warnings from Clang (e.g. when
using --disable-lzo and --disable-lz4):
src/openvpn/fdmisc.c
/Users/arne/oss/openvpn-git/src/openvpn/comp-lz4.c:315:1: error: unused
function 'dummy' [-W
Your patch has been applied to the master branch (in the reworked v3
version from Arne, but since the original idea and v1 patch are from
you, we record you as the author).
I have not tested the actual functionality yet, only verified that
it didn't break openssl/mbedtls builds and "regular certif
Hi,
(I have changed the Subject: line to make clear that this is a bigger
topic now)
On Mon, Mar 22, 2021 at 11:51:46AM +0200, Lev Stipakov wrote:
> For 2.6, I think we should drop openvpn-build for Windows (VS)
> building and switch to vcpkg for dependencies (openssl, lz4 etc) and
> cmake as a p
For 2.6, I think we should drop openvpn-build for Windows (VS)
building and switch to vcpkg for dependencies (openssl, lz4 etc) and
cmake as a project file (also supported by VS).
--
-Lev
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.
Hi,
On 22/03/2021 10:16, Arne Schwabe wrote:
> Despite trying to figure out with multiple people what the use case for
> this option is, we could not come up with a good one. Checking that only
> a specific CA is used can be also done by only using that CA in the --ca
> directive.
>
> Although it
Hi,
On 22/03/2021 10:14, Arne Schwabe wrote:
> From: "Jason A. Donenfeld"
>
> OpenVPN traditionally works around CAs. However many TLS-based protocols also
> allow an alternative simpler mode in which rather than verify certificates
> against CAs, the certificate itself is hashed and compared ag
Hi,
On Mon, Mar 22, 2021 at 10:10:42AM +0100, Gert Doering wrote:
> Acked-by: Gert Doering
>
> It's the same code change as in v1, just the comment rewritten as Arne
> asked for (I found the other one okay-ish, but this is more in line with
> our other code, and indeed "less thinking required
Despite trying to figure out with multiple people what the use case for
this option is, we could not come up with a good one. Checking that only
a specific CA is used can be also done by only using that CA in the --ca
directive.
Although it feels a bit strange to deprecate the option after improvi
From: "Jason A. Donenfeld"
OpenVPN traditionally works around CAs. However many TLS-based protocols also
allow an alternative simpler mode in which rather than verify certificates
against CAs, the certificate itself is hashed and compared against a
pre-known set of acceptable hashes. This is usua
Acked-by: Gert Doering
It's the same code change as in v1, just the comment rewritten as Arne
asked for (I found the other one okay-ish, but this is more in line with
our other code, and indeed "less thinking required on read") and a new
helper variable for the total length.
Code looks good, t
Hi,
On Mon, Mar 22, 2021 at 07:29:30AM +, Simon Rozman wrote:
> Thank you and Arne for explaining this. I should have followed
> the discussion on the OpenVPN meetings. Unfortunately, my workload
> doesn't allow me to follow on anything these days. So, I am not in
> condition to prepare LZ4 bu
commit 24596b258aa3a removed the bundled compat-lz4 from OpenVPN, thus
breaking windows/nsis builds with default config ("--enable-lz4").
Add download URLs and build invocation. Since LZ4 has no "configure"
script, we pass the appropriate CC=/LD=/WINDRES= statement to "make".
Only static library
wcsncat() was declared unsafe in favour of wcsncat_s(). However, the
string concatenation follows the string length check, making wcsncat()
safe too. Code analysis is just not smart enough (yet) to detect this.
The code was refactored to use wcscat_s() MSVC is considering as "safe".
Signed-off-by
Hi,
> > Commit 24596b25 ("build: Remove compat-lz4") removed lz4 compat layer,
> > but openvpn-build\msvc doesn't provide LZ4 library either.
>
> What would be needed to actually *build* with LZ4 on MSVC? That is,
> build it as prerequisite as LZO is built?
>
> The idea wasn't to remove LZ4 fro
20 matches
Mail list logo