[Openvpn-devel] [PATCH] Fix delcarion of pubkeys in test_provider.c in MSVC builds

Error: test_provider.c(74): error C2099: initializer is not a constant Fix this issue by making the const char* to const char[]. This is probably of one the weird array decay corner cases I could not find another/better way around this issue. Godbolt link to try:

Re: [Openvpn-devel] [PATCH applied] Re: Update openssl_compat.h for newer LibreSSL

> but they think the revamped OpenSSL 3.0 way of calculating the TLS1 PRF > might actually not be in 2.5 yet, so they do not need a patch for that. In 2.5, openssl_compat.h also doesn't try to define X509_OBJECT_free(), so there's nothing to backport there.

[Openvpn-devel] [PATCH v3 25/28] Ensure that control channel packet are respecting tls-mtu

This ensures that control packets are actually smaller than tls-mtu. Since OpenVPN will consider a control message packet complete when the TLS record is complete, we have to ensure that the SSL library will still write one record, so the receiving side will only be able to get/read the control

[Openvpn-devel] [PATCH v3 4/4] Allow scripts and plugins to set a custom AUTH_FAILED message

This is currently only possible when using the management interface and the client-deny functionality. Patch v3: add missing gc_free Signed-off-by: Arne Schwabe --- src/openvpn/ssl_common.h | 1 + src/openvpn/ssl_verify.c | 74 ++-- 2 files changed, 73

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

I am fine with adding lib64 to 1.1.1 On Wed, Aug 24, 2022, 6:01 PM Arne Schwabe wrote: > Am 24.08.22 um 14:36 schrieb Илья Шипицин: > > It reverts 3.0 behaviour to 1.1.1 > > However --libdir is available for 1.1.1 as well > > I understand. What I am missing is *why* reverting to 1.1.1 is a good

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

Am 24.08.22 um 14:36 schrieb Илья Шипицин: It reverts 3.0 behaviour to 1.1.1 However --libdir is available for 1.1.1 as well I understand. What I am missing is *why* reverting to 1.1.1 is a good idea. I think we should rather use the new default. I can see arguments that we add

[Openvpn-devel] [PATCH v3] Implement AUTH_FAIL, TEMP message support

This allows a server to indicate a temporary problem on the server and allows the server to indicate how to proceed (i.e. move to the next server, retry the same server, wait a certain time,...) This adds options_utils.c/h to be able to unit test the new function. Patch v2: Improve

Re: [Openvpn-devel] [PATCH v2 3/4] Implement AUTH_FAIL, TEMP message support

diff --git a/doc/man-sections/script-options.rst This is more related to 4/4 and should go there for code archaeology reasons. +/* the server can suggest a backoff time to the client, it + * will still be capped by the max timeout between connections + * (300s by default) */ +

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

It reverts 3.0 behaviour to 1.1.1 However --libdir is available for 1.1.1 as well On Wed, Aug 24, 2022, 5:27 PM Arne Schwabe wrote: > Am 24.08.22 um 13:26 schrieb Илья Шипицин: > > if this is not too late, can we add --libdir=mingw/opt/lib to keep > > current behaviour ? > > > > > > + #

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

Am 24.08.22 um 13:26 schrieb Илья Шипицин: if this is not too late, can we add --libdir=mingw/opt/lib to keep current behaviour ? +      # OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of +      # mingw/opt/lib, so we include both dirs in the following steps +      #

Re: [Openvpn-devel] [PATCH 2/2] uncrustify: remove newlines after return type of function prototype

On Fri, Aug 19, 2022 at 12:18:06PM +0200, Gert Doering wrote: > Hi, [...] > It would be cool if uncrustify had a magic flag for that, like "if > return type + function name is < 40 characters, put on a single line, > and if over, split" :-) Pretty sure there is nothing like that. So should we

Re: [Openvpn-devel] [PATCH v2] Improve data key id not found error message

On Wed, Aug 24, 2022 at 12:46:07PM +0200, Arne Schwabe wrote: > With delayed data key generation now with deferred auth, NCP and similar > mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown > much too frequent and confuses a lot of people. > > This also removes the dead

Re: [Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

if this is not too late, can we add --libdir=mingw/opt/lib to keep current behaviour ? + # OpenSSL 3.0.5 installs itself into mingw/opt/lib64 instead of + # mingw/opt/lib, so we include both dirs in the following steps + # (pkcs11-helper and OpenVPN) so the libraries will be found

[Openvpn-devel] [PATCH v5] Implement --client-crresponse script options and plugin interface

This is allows scripts and pluginsto parse/react to a CR_RESPONSE message Patch V2: doc fixes, do not put script under ENABLE_PLUGIN Patch V3: rebase Patch V4: fix else branch of the verify_crresponse_script function Patch V5: unify message when unable to create/write crresponse file

[Openvpn-devel] [PATCH] Add OpenSSL 3.0 to mingw build

This also updates the host system to ubuntu 22.04 and remove the ovpn-dco-win checkout as we now include the required headers in our own repository. Signed-off-by: Arne Schwabe --- .github/workflows/build.yaml | 31 ++- 1 file changed, 14 insertions(+), 17

[Openvpn-devel] Summary of the community meeting (24th August 2022)

Hi, Here's the summary of the IRC meeting. --- COMMUNITY MEETING Place: #openvpn-meeting on libera.chat Date: Wed 24th August 2022 Time: 10:30 CEST (9:30 UTC) Planned meeting topics for this meeting were here: Your local

[Openvpn-devel] [PATCH v2] Improve data key id not found error message

With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert.

Re: [Openvpn-devel] [PATCH] Improve data key id not found error message

On Wed, Aug 24, 2022 at 11:37:23AM +0200, Arne Schwabe wrote: > With delayed data key generation now with deferred auth, NCP and similar > mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown > much too frequent and confuses a lot of people. > > This also removes the dead

[Openvpn-devel] [PATCH] Improve data key id not found error message

With delayed data key generation now with deferred auth, NCP and similar mechanism the "TLS Error: local/remote TLS keys are out of sync" is shown much too frequent and confuses a lot of people. This also removes the dead code of printing multi not ready keys and replace it with an assert.