Your patch has been applied to the master branch.
commit 3512e8d3ada4fa7d04925a89fd9f3669655c7887 (master)
Author: Selva Nair
Date: Fri Sep 6 12:37:34 2024 +0200
Interpret --key and --cert option argument as URI
There is something wonky going on. On my local macOS build I am getting
Am 30.07.2024 um 19:00 schrieb Eric Toombs via Openvpn-devel:
From: Eric Toombs
We prefer real email addresses in our commits.
I switched the curve to ed25519, a generally more trustworthy curve and the
default in openssh.
As a bonus, it *really* simplifies what is already a complicated com
it should happen during start-up.
I would argue for
- we log "minimum supported version is 1.2" and go on
or
- we log "minimum supported version is 1.2" and exit
both is acceptable. It will break people's setups in different ways,
though... the first will pretend all is well, and older
Am 20.03.24 um 13:06 schrieb Gert Doering:
Hi,
On Fri, Mar 15, 2024 at 05:40:02PM +0100, Frank Lichtenheld wrote:
Code looks good and I tested build and default t_client tests.
However, not sure how exactly to verify that it actually works.
The SOCKS proxy I have doesn't exhibit any problems ev
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 09.02.24 um 16:51 schrieb Juliusz Sosinowicz:
Including "ssl.h" conflicts with the wolfSSL ssl.h header file. The
include/wolfssl directory is included before openvpn/src. include/wolfssl needs to be
included so that openvpn can pick up wolfSSL compatibility headers instead of OpenSSL
heade
whose names start with
Thanks. Collective ACK with the previous patch together.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 06.02.24 um 15:10 schrieb Frank Lichtenheld:
- description of IV_PROTO was outdated, missing a lot
of flags
- complete list of compression flags, but separate them out
- various other style/grammar/typo fixes
Change-Id: I7f854a5a14d2a2a391ebb78a2a92b3e14cfd8be6
Signed-off-by: Frank Lichten
- add protocol-flag aead-packet-format-v2 This signals the client to
switch to the new data channel format.
And finally have the data channel format. Since this format is
negotiated like the cipher, there is no need to use another opcode if
keep the peer id to just 24 bit. But we might want t
g socket" error message.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
OLARIS gets a copy of the Linux code now (works).
-if (!strncmp(ifr.ifr_name, rgi->iface, IFNAMSIZ))
Mini nitpick from clang-tidy:
Clang-Tidy: No header providing "strncmp" is directly included.
Adding string.h would could be done if we want a v2 of the
Hey,
with DCO and possible future hardware assisted OpenVPN acceleration we
are approaching the point where 32 bit IVs are not cutting it any more.
To illustrate the problem, some back of the envelope math here:
If we want to keep the current 3600s renogotiation interval and have a
safety m
ce from the dict if the peer_id is
not MAX_PEER_ID.
We probably should refactor this to be a bit cleaner in the future.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
This can happen if the memory alloc fails.
Patch V2: add goto error
Patch V3: return -ENOMEM instead of going to error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
---
src/openvpn/dco_linux.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src
openvpn so please bear with me.
Code looks good and works fine here.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 12.11.2023 um 14:16 schrieb Savely Krasovsky:
Hello!
I am trying to use OpenVPN3 with Golang SWIG binding. It works pretty nice, but
I have random segmentation faults without obvious reason. My current guess is
that Golang calls OpenVPN3 from various threads and library is not ready for
Am 13.10.23 um 12:23 schrieb Frank Lichtenheld:
Also remove redundant "by default".
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
: I2d353a0cea0a62f289b8c1060244df66dd7a14cb
Signed-off-by: Arne Schwabe
---
.gitignore| 4 -
configure.ac | 1 -
src/openvpn/crypto_openssl.c | 60 -
src/openvpn/crypto_openssl.h | 12 --
src
when SSL_CTX_use_certiifcate() fails in cryptoapi.c
and elsewhere. Such logging could be useful especially when the ceritficate is
rejected by OpenSSL due to stricter security restrictions in recent versions
of the library.
Yeah, looks good.
Acked-By: Arne Schwabe
Am 29.09.23 um 03:25 schrieb Selva Nair:
On Thu, Sep 28, 2023 at 8:55 PM Arne Schwabe <mailto:a...@rfc2549.org>> wrote:
Am 29.09.2023 um 01:08 schrieb mike tancsa:
Hi Selva,
Thank you for looking!
My guess is that something in the certificate or priva
Am 29.09.2023 um 01:08 schrieb mike tancsa:
Hi Selva,
Thank you for looking!
My guess is that something in the certificate or private key is not to
OpenSSL 3.1's liking and it rejects it. Is there any way for you to
check the
contents of the token independently using a tool linked agai
Am 11.08.23 um 17:12 schrieb Gert Doering:
Hi,
generally good, but...
On Fri, Jul 28, 2023 at 02:40:05PM +0200, Frank Lichtenheld wrote:
index ..0620f638
--- /dev/null
+++ b/.github/workflows/coverity-scan.yml
@@ -0,0 +1,45 @@
+name: coverity-scan
+on:
+ schedule:
+- cron: '0 20 *
homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib'
(no such file),
'/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no
such file)
Patch v2: Format message more like current messages
Change-Id: Ic2ee89937dcd85721bcacd1b700a20c640364f80
Signed-
Signed-off-by: Arne Schwabe
---
src/openvpn/route.c | 32 +++-
1 file changed, 23 insertions(+), 9 deletions(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index 90e981e97..bcf6fb878 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -3641,7 +3641,7
Am 27.07.23 um 14:21 schrieb Merten Fermont:
Hi Arne,
I changed my patch to check the client and client+pull options.
Giving an error when neither options are declared.
This however may break current implementations that depend on 'client'
not being a required option?
Acked-By: Ar
Am 27.07.23 um 10:52 schrieb Merten Fermont:
Fixes error that --pull is an unknown option in client config.
---
openvpn/client/cliopt.hpp | 1 +
1 file changed, 1 insertion(+)
diff --git a/openvpn/client/cliopt.hpp b/openvpn/client/cliopt.hpp
index f7be44a8..431791f3 100644
--- a/openvpn/client/c
Am 24.07.23 um 10:43 schrieb Swan Geon:
it still doesn't change where it hangs though interestingly enough if I
set the address within the command to that of the interface, then the
interface will respond with `read from TUN/TAP returned 44` followed by
That happens if we get an unexpected sta
, macos-13]
include:
- build: asan
cflags: "-fsanitize=address -fno-optimize-sibling-calls
-fsanitize-address-use-after-scope -fno-omit-frame-pointer -g -O1"
Acked-By: Arne Schwabe
___
Openvpn-devel ma
Am 18.07.23 um 12:52 schrieb Frank Lichtenheld:
I thought instead about moving this into a loop inside
powershell. But then error handling becomes annoying.
So let's GitHub handle it.
Acked-By: Arne Schwabe
I personally do not mind the long list of repeated unit tests in the
file but
Am 14.07.23 um 13:18 schrieb Lev Stipakov:
From: Lev Stipakov
Commit a261e173 ("Make sending plain text control message session
aware") added KID parameter to "client-pending-auth" management command,
but forgot to mention it in the output of management help.
My fa
required by some cmake versions
Change-Id: Id26676bdc576c7d3d6726afa43fe6c7a397c579b
Signed-off-by: Arne Schwabe
---
CMakeLists.txt | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2d0cd5dd0..7dae6655d 100644
--- a/CMakeLists.txt
-off-by: Arne Schwabe
---
CMakeLists.txt | 2 ++
tests/unit_tests/openvpn/Makefile.am | 3 +-
tests/unit_tests/openvpn/mock_win32_execve.c | 37
tests/unit_tests/openvpn/test_pkt.c | 8 -
4 files changed, 41 insertions(+), 9
Android has no facility nor need one to delete routes as routes are
automatically cleaned up when the tun interface is closed. Also adjust
the IPv4 message to be only shown and verb 7 and rephrase the message.
Change-Id: If8f920d378c31e9ea773ce1f56f3df50f1ec36cd
Signed-off-by: Arne Schwabe
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Patch v3: only consider valid keys
Change-Id: I42d8785959c24bf688190965e58b9b98251b8557
Signed-off-by: Arne Schwabe
---
src
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Patch v3: only consider valid keys
Change-Id: I42d8785959c24bf688190965e58b9b98251b8557
Signed-off-by: Arne Schwabe
---
src
homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib'
(no such file),
'/opt/homebrew/Cellar/openssl@3/3.1.1_1/lib/ossl-modules/vollbit.dylib' (no
such file)
Change-Id: Ic2ee89937dcd85721bcacd1b700a20c640364f80
Signed-off-by: Arne Schwabe
---
src
CLEAR(*r);
r->option = ro;
Good enough.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 06.07.23 um 12:21 schrieb Frank Lichtenheld:
On Thu, Jul 06, 2023 at 12:04:07PM +0200, Frank Lichtenheld wrote:
We write a small .bat file wrapper and then force CMake
to use that.
Note that we need to specify the path with / instead of \
as path separator because otherwise run-cmake action
d
GHA runners.
This commit tries to establish a solution that works for both
systems.
This is annoying and should be necessary but I also don't have no better
idea how to handle this better.
Acked-BY: Arne Schwabe
___
Openvpn-devel mailing li
This function is needed to commpile on win32 as run_command.c defines it
on Unix Linux but on windows it is defined in win32.c which pulls in too
many other unresolvable symbols.
Change-Id: I8c8fe298eb30e211279f3fc010584b9d3bc14b4a
Signed-off-by: Arne Schwabe
---
CMakeLists.txt
Am 15.02.23 um 13:31 schrieb David Sommerseth:
OpenVPN 2.x is licensed under the GNU Public License v2.0 (GPL-2.0).
This license has served us well in the past and we are not trying to
change that. However, changes in licenses of our dependencies put us in
an unfortunate situation.
Since t
ut-of-tree cmake builds.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
: Id26676bdc576c7d3d6726afa43fe6c7a397c579b
Signed-off-by: Arne Schwabe
---
CMakeLists.txt | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index acebbb73c..a982c478a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,6 +16,7 @@ find_package(PkgConfig REQUIRED
the funktion is_on_link is not used on FreeBSD and triggers a
warning/error (-Werror) on FreeBSD.
Patch v2: use actual platforms instead an ifndef FreeBSD
Change-Id: I6757d6509ff3ff522d6de417372a21e73ccca3ba
Signed-off-by: Arne Schwabe
---
src/openvpn/route.c | 4 +++-
1 file changed, 3
OpenSSL has a weird way of only reporting EC curves that are implemented
in a certain way in the list of all EC cruves. Note this fact and point
out that also the very important curves X448 and X25519 are affected.
Change-Id: I86641bf60d62a50e9b2719e809d2429d65c00097
Signed-off-by: Arne Schwabe
bits ECsecp384r1, signature: ecdsa-with-SHA256, server temp
key: 448 bits X448, peer signing digest/type: SHA384 ECDSA
Change-Id: Ib5fc0c4b8f164596681ac5ad73002068ec6de1e5
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_openssl.c | 80 ++-
1 file change
Change-Id: Iaf12bb51a2aac7bcf19070f0b56fa3b1a5863bc3
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_openssl.c | 56 ++-
1 file changed, 44 insertions(+), 12 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 0b310de31
Am 30.06.23 um 15:39 schrieb Frank Lichtenheld:
Use the casting variants of mock(). Using the mock_ptr_type
fixes an existing bug where test_tls_crypt.c couldn't
build in MinGW 32bit:
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Op
Am 30.06.23 um 15:31 schrieb Maximilian Fillinger:
The grammar in the 3rd sentence in the comment below is messed up. (I think I
understand it, but I'm not sure.)
+if (session->opt->verify_hash_no_ca)
+{
+/*
+ * If we decide to verify the peer certificate based on the f
The -Wno-stringop-truncation flag is only supported by some GCC versions
and not by Clang (macOS, FreeBSD) at all.
Move the includes to the top the file to have them available when running
the check_c_compiler_flag.
Change-Id: I452bc4ee935d13f8e9095d0a31805a3bbaff0cec
Signed-off-by: Arne Schwabe
: I7e27ae031179c91cc1bca8122caf2453d6396ec0
Signed-off-by: Arne Schwabe
---
doc/CMakeLists.txt | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt
index d38805513..2fba80bbd 100644
--- a/doc/CMakeLists.txt
+++ b/doc/CMakeLists.txt
@@ -50,13 +50,13 @@ if
the funktion is_on_link is not used on FreeBSD and triggers a
warning/error (-Werror) on FreeBSD.
Change-Id: I6757d6509ff3ff522d6de417372a21e73ccca3ba
Signed-off-by: Arne Schwabe
---
src/openvpn/route.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b
This avoids build errors on macOS. Also the test_tls_crypt command works
just fine on FreeBSD with its linkers, so do not make that test Linux only.
Change-Id: Id26676bdc576c7d3d6726afa43fe6c7a397c579b
Signed-off-by: Arne Schwabe
---
CMakeLists.txt | 11 +++
1 file changed, 7 insertions
The patches to the cmake files did a lot of improvements but broke compiling
on macOS and FreeBSD. This patch set restores the ability to compile again
with these two platforms.
Arne Schwabe (4):
Do not blindly assume python3 is also the interpreter that runs
rst2html
[CMake] Only add
www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16781.html
Change-Id: Ie74c3d606c5429455c293c367462244566a936e3
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c | 1 +
src/openvpn/options.c| 26 +-
src/openvpn/options.h| 1
Am 29.06.23 um 13:39 schrieb Arne Schwabe:
The -Wno-stringop-truncation flag is only supported by some GCC versions
and not by Clang (macOS, FreeBSD) at all.
Change-Id: I452bc4ee935d13f8e9095d0a31805a3bbaff0cec
Ingore this version.
___
Openvpn
The -Wno-stringop-truncation flag is only supported by some GCC versions
and not by Clang (macOS, FreeBSD) at all.
Change-Id: I452bc4ee935d13f8e9095d0a31805a3bbaff0cec
Signed-off-by: Arne Schwabe
---
CMakeLists.txt | 20
1 file changed, 12 insertions(+), 8 deletions
: Id56628cfb3dfd2f306bd9bdcca2e567ac0ca9ab2
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto.c | 38 +++---
src/openvpn/crypto.h | 2 --
2 files changed, 11 insertions(+), 29 deletions(-)
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index b5ae17ec8..930f15a42 100644
In many scenerios the context will still have a reference to the cipher, so
this use-after-free does not explode but it is still wrong.
Change-Id: I59002d6613eaef36d5a47b20b56073e399cfa1df
Signed-off-by: Arne Schwabe
---
src/openvpn/crypto_openssl.c | 3 ++-
1 file changed, 2 insertions(+), 1
Am 09.05.2023 um 17:46 schrieb Gianmarco De Gregori:
-bool persist_key; /* Don't re-read key files on SIGUSR1 or
PING_RESTART */
The downside of always enabling this option is that you can no longer
replace the certificate and key without restarting the server completley.
Ar
www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg16781.html
Change-Id: Ie74c3d606c5429455c293c367462244566a936e3
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c | 1 +
src/openvpn/options.c| 26 +-
src/openvpn/options.h| 1
This reverts commit 423ced962db3129b4ed551c489624faba4340652, which
has Jason A. Donenfeld listed as author as the patch was based on his
initial submission.
We have not received permission to relicense the original patch.
Change-Id: I8142753928498169032450c56d0497a5042bdc9b
Signed-off-by: Arne
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Patch v2: add message when key is not found.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_common.h | 20
src/openvpn/ssl_verify.c | 23
Am 19.05.23 um 15:45 schrieb Selva Nair:
Hi,
While this bugfix should be merged, I'm a conflicted about the way these
two patches are split up. It just makes reviewing harder than it should
be. They actually form two independent changes but with one half
intersecting with the other for no rea
: If9fa1165a0e886b570b3738546ed810a32367cbe
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 4 ++--
src/openvpn/ssl_common.h | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 8e9627199..8f0a534ac 100644
--- a/src/openvpn/push.c
While it might be clear to people being (too?) well versed in
typical crypto applications that an authentication failure probably
mean wrong decryption key, this is not really obvious for the typical
user/server admin.
Change-Id: If0f0e7d53f915d39ab69c43dc73bb9c26ae9
Signed-off-by: Arne
order to be able to
go forward with the license change.
Change-Id: I8142753928498169032450c56d0497a5042bdc9b
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c | 1 -
src/openvpn/options.c| 26 +-
src/openvpn/options.h| 1 -
src
ash_no_ca)
vs
if (!preverify_ok && !session->opt->ca_file_none)
But these similarities are one line fragments and dictated by the
surrounding style and program flow, so even a complete black box
implementation will likely end up with the same lines.
Patch V2: Ch
Am 15.02.23 um 13:31 schrieb David Sommerseth:
OpenVPN 2.x is licensed under the GNU Public License v2.0 (GPL-2.0).
This license has served us well in the past and we are not trying to
change that. However, changes in licenses of our dependencies put us in
an unfortunate situation.
So a go
not found.
Change-Id: If9fa1165a0e886b570b3738546ed810a32367cbe
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 4 ++--
src/openvpn/ssl_common.h | 2 +-
src/openvpn/ssl_verify.c | 5 +
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn
This function allows us to map from a management key id to a key structure
and also allows this function to be reused.
Signed-off-by: Arne Schwabe
---
src/openvpn/ssl_common.h | 20
src/openvpn/ssl_verify.c | 17 +++--
2 files changed, 27 insertions(+), 10
not found.
Change-Id: If9fa1165a0e886b570b3738546ed810a32367cbe
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 4 ++--
src/openvpn/ssl_common.h | 2 +-
src/openvpn/ssl_verify.c | 5 +
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/push.c b/src/openvpn
Am 15.05.23 um 19:26 schrieb Jeremie Courreges-Anglas:
On Wed, Apr 26 2023, Arne Schwabe wrote:
After first round of mailing people with more than 10 commits we have
almost all committers have agreed. This put this license in the realm
of having a realistic change to work. Had any of these
Am 13.05.23 um 16:47 schrieb Melvin Vermeeren:
Hi Arne,
On Saturday, 13 May 2023 16:28:29 CEST Arne Schwabe wrote:
Can you provide some more detail here? Otherwise this seem a bit
nebulously to me what exactly explodes and goes wrong.
I changed the --keepalive setting on the server, lowering
Am 13.05.23 um 16:24 schrieb Melvin Vermeeren:
Hi all,
Today I changed some OpenVPN server configuration and restarted the service,
thinking all clients will reconnect just fine as usual. Unlike other days
however, all Linux clients ended up exploding due to unexpected tun-device
recreation and
Am 05.05.23 um 09:33 schrieb Gert Doering:
Hi,
On Fri, May 05, 2023 at 09:14:03AM +0200, Ralf Hildebrandt via Openvpn-users
wrote:
May 5 09:06:00 openvpn-gw170-int openvpn-udp[29574]:
hildeb/10.31.192.115:55334 TLS Auth Error: username attempted to change from
'hildeb' to 'hildeb::1f047fb6'
The newer compilers started to complain about this.
Change-Id: I784def4d941b7d21c7979f84f8681719c9ff7a53
Signed-off-by: Arne Schwabe
---
src/openvpn/pool.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/openvpn/pool.c b/src/openvpn/pool.c
index f899b95d2..4af9bcb10 100644
--- a/src
: Ide83f914f383b53ef37ddf628e4da5a78e241bf0
Signed-off-by: Arne Schwabe
---
COPYING | 47 +++
1 file changed, 47 insertions(+)
diff --git a/COPYING b/COPYING
index e12c51414..a6f8a6f5f 100644
--- a/COPYING
+++ b/COPYING
@@ -31,6 +31,53 @@ OpenVPN license:
file, but you are not obligated to
this exception now is to avoid having to
have a second round of agreement for new contributers and ensure
that all new code will include the exemption.
patch v2: add explaination and use exception rather than excemption
Change-Id: Ide83f914f383b53ef37ddf628e4da5a78e241bf0
Signed-off-by: Arne
This can happen if the memory alloc fails.
Patch V2: add goto error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
---
src/openvpn/dco_linux.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index
this exception now is to avoid having to
have a second round of agreement for new contributers and ensure
that all new code will include the exemption.
Change-Id: Ide83f914f383b53ef37ddf628e4da5a78e241bf0
Signed-off-by: Arne Schwabe
---
COPYING | 23 +++
1 file changed, 23
Am 17.04.23 um 15:40 schrieb Arne Schwabe:
Commit 3132bead49 accidentially was submitted with a missing semicolon
at the end of the line. Whoops.
Signed-off-by: Arne Schwabe
---
src/openvpn/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/socket.c b
Commit 3132bead49 accidentially was submitted with a missing semicolon
at the end of the line. Whoops.
Signed-off-by: Arne Schwabe
---
src/openvpn/socket.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
index ab8cc754..fc643c1c
ectly below text,
either add empty line of merge into : on previous line)
Enumerated list start value not ordinal-1
(error in numbering)
Thanks. That helps catching these mistakes early.
Acked-By: Arne Schwabe
___
Openvpn-devel mailing list
Op
This can happen if the memory alloc fails.
Patch V2: add goto error
Change-Id: Iee66caa794d267ac5f8bee584633352893047171
Signed-off-by: Arne Schwabe
---
src/openvpn/dco_linux.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index
: I9d7afd8f1d67d2455b4ec6bc12f4dcde80140c4f
Signed-off-by: Arne Schwabe
---
src/openvpn/comp.c| 14 ---
src/openvpn/comp.h| 85 ++-
src/openvpn/init.c| 4 +-
src/openvpn/multi.c | 2 -
src/openvpn/options.c | 12 +-
src/openvpn/options.h | 4 --
6 files changed, 56
t.
Patch v3: always parse all compression option and move logic to check method
Patch v4: fix for not setting correct default for non-dco
Change-Id: Ibd0c77af24e2214b3055d585dc23a4b06dccd414
Signed-off-by: Arne Schwabe
---
doc/man-sections/protocol-options.rst | 4 ++-
src/openvpn/
This change keeps the option parsing of compression options even when
compression is disabled. This allows OpenVPN to also refuse/reject connections
that try to use compression when compression is completely disabled.
Change-Id: I9d7afd8f1d67d2455b4ec6bc12f4dcde80140c4f
Signed-off-by: Arne
This removes also the checks in options.c itself as they we now bail out
later and no longer need to ignore them during parsing.
Change-Id: I872c06f402c35112194ba77c3d6aee78e22547cb
Signed-off-by: Arne Schwabe
---
Changes.rst | 4
src/openvpn/comp.c| 29
This removes a level of identation and make the "stub" condition
easier to see.
Change-Id: Iae47b191f522625f81eedd3a237b272cb7374d90
Signed-off-by: Arne Schwabe
---
src/openvpn/options.c | 87 +--
1 file changed, 43 insertions(+), 44 deletion
t.
Patch v3: always parse all compression option and move logic to check method
Change-Id: Ibd0c77af24e2214b3055d585dc23a4b06dccd414
Signed-off-by: Arne Schwabe
---
doc/man-sections/protocol-options.rst | 4 ++-
src/openvpn/comp.c| 47 ++-
src/openvpn/
%d returned by kernel, but not found locally", peerid);
+struct multi_instance *mi = m->instances[peerid];
+
+mi->context.c2.dco_read_bytes = nvlist_get_number(nvl, "in");
+mi->context.c2.dco_write_bytes = nvlist_get_number(nvl, "out");
}
ompression support.
Change-Id: Ieefb501038b06c7520ed105c660a1c79887476f3
Signed-off-by: Arne Schwabe
---
Changes.rst | 6 ++
doc/man-sections/protocol-options.rst | 3 +
src/openvpn/comp.c| 32 +++---
src/openvpn/comp.h| 44
src/openvpn/d
Adapt the dco-freebsd code to do so.
Acked-By: Arne Schwabe
Arne
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Am 14.02.23 um 15:01 schrieb Gert Doering:
Hi,
On Tue, Feb 14, 2023 at 02:56:58PM +0100, Arne Schwabe wrote:
resolve_ovpn_netlink_id(int msglevel)
{
-int ret;
struct nl_sock *nl_sock = nl_socket_alloc();
-ret = genl_connect(nl_sock);
+if (!nl_sock)
+{
+msg
Explicitly say that the version specified is the one of the peer and not
the version we try to emulate.
Patch v2: Improve grammar.
Change-Id: I3bd27a8d34d8cb4896a3b78508b7d16911571543
Change-Id: If4fb45b3426f5e0dbe6c87d5bd05681b9d733827
Signed-off-by: Arne Schwabe
---
doc/man-sections/generic
Am 19.03.23 um 08:54 schrieb Michael Baentsch:
Signed-off-by: Michael Baentsch
Acked-By: Arne Schwabe
Thanks. We had a discussion/review round on gihtub before this.
Basically the problem is that trying to print the algorithm
for algorithms that are not part of the old OpenSSL 1.x API
allocation of 0 size buffer in
tls_auth_standalone_init
Found-By: clang with asan
Change-Id: I0cff44f79ee7e3bcf7b5981fc94f469c15f21af3
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c | 3 +++
src/openvpn/ssl.c | 11 ++
src/openvpn/ssl.h
Signed-off-by: Arne Schwabe
---
src/openvpn/init.c | 3 +++
src/openvpn/ssl.c | 12 +++
src/openvpn/ssl.h | 6 ++
src/openvpn/ssl_pkt.c | 8 +--
src/openvpn/ssl_pkt.h | 2 +-
tests/unit_tests/openvpn
though the commit is quite long, it is mostly moving the
ecdsa_bin2der function into xkey_helper.c. While I have not tested it
myself the code changes make sense and look good and we got a positive
test report.
Acked-By: Arne Schwabe
___
Openvpn
1 - 100 of 1817 matches
Mail list logo