in read_key()
CVE: 2017-12166
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: Gert Doering <g...@greenie.muc.de>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <80690690-67ac-3320-1891-9fecedc6a...@fox-it.com>
(master)
commit 1c112c38d46207905bff97969cf787baada59711 (release/2.4)
Author: David Sommerseth
Date: Thu Sep 7 01:52:02 2017 +0200
systemd: Enable systemd's auto-restart feature for server profiles
Signed-off-by: David Sommerseth <dav...@openvpn.net>
Acked-by: David Sommerset
.com/openvpn-devel@lists.sourceforge.net/msg15380.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZxFAuAAoJEIbPlEyWcf3yLi0Q
I think we can do this
stuff as a separate patch, not part of this round of patches. Lets
target this after we have sorted out the current LZ4 patches have been
applied. Then it is much easier to test and validate this approach.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signatu
to discuss and debate this issue. Perhaps we should allocate
one community developers meeting after the hackathon for discussing
this. I'm suggesting after the hackathon, to ensure we have some clear
path forward on how we want to clean up route.c/tun.c. This is a
massive effort and I doubt it
_temp_file(c->options.tmp_dir, "pf",
I'm pondering if we need create_temp_file() to actually return
a const char * - wouldn't just a plain char * be enough?
The alternative is to cast the const away here; but that just
feels too h
patch. Cron2 promised to review it in
> the next few days.
The patch which was referenced is this one:
<https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15396.html>
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digit
that is, delay it 30 minutes.
It will be far easier for both Gert and me to join the meeting. (We
just quickly chatted about it on IRC). If not, we'll come as quickly as
we can manage.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP di
s could treat this silence like that - but also account for
other types of connectivity issues. If it should try to reconnect or
not, well, that's entirely up to the configuration file. There is
--single-session which can be used to control this.
But for servers running OpenVPN clients, retryi
do that through 'systemctl edit', where it is very visible if this
specific configuration have some additional tweaks not - through
'systemctl status'. This way sys-admins won't have remember or research
which 'sub-unit file' of openvpn-server@ to achieve a specific behaviour.
--
kind regards,
David Sommerse
for OpenSSL. Plus it does a few minor reformats and
improvements
to comply with more recommend autoconf coding style.
This patch is a result of the discussions in this mail thread:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14135.html
Signed-off-by: David Sommerseth <
On 07/09/17 16:06, David Sommerseth wrote:
> On 07/09/17 08:12, Gert Doering wrote:
>> Hi,
>>
>> On Thu, Sep 07, 2017 at 03:22:25AM +0200, David Sommerseth wrote:
>>> This change will expect the system to have LZ4 libraries and headers
>>> installed by
robably be detected even quicker.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engagin
On 07/09/17 08:12, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 03:22:25AM +0200, David Sommerseth wrote:
>> This change will expect the system to have LZ4 libraries and headers
>> installed by default. We still carry a bundled LZ4 library, which
>> mus
On 07/09/17 08:13, Gert Doering wrote:> HI,
>
> On Thu, Sep 07, 2017 at 04:28:27AM +0200, David Sommerseth wrote:
>> We are using a deprecated function, LZ4_compress_limitedOutput(), which
>> will be removed with time. The correct function to use is
>> LZ4_compress_
configurations or if we can define scenarios
where we do not want OpenVPN to be restarted automatically, we need to
introduce more exit codes. This way we can implicitly tell systemd if
it should restart OpenVPN or not.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.a
On 07/09/17 15:07, Gert Doering wrote:
> Hi,
>
> On Thu, Sep 07, 2017 at 03:02:20PM +0200, David Sommerseth wrote:
>>> Which is not what I hoped for... "turn it off and leave it so" is non
>>> helpful (it might be a transient error preventing the startup).
>
at is it you want?
* try restarting in an endless loop?
* try restarting X times and then stop trying?
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
---
On 07/09/17 10:04, Samuli Seppänen wrote:
> On 07/09/2017 10:16, Samuli Seppänen wrote:
>> On 07/09/2017 09:16, Gert Doering wrote:
>>> Hi,
>>>
>>> On Thu, Sep 07, 2017 at 01:52:02AM +0200, David Sommerseth wrote:
>>>> @@ -18,6 +18,8 @@ Devi
it
is used so it won't be that easy to just ignore it later on.
This patch is a result of the discussions in this mail thread:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14135.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/comp-lz4.
.
Also improve the autoconf code slightly, to use AS_HELP_STRING() where
needed and wrap some strings/values with [] where it was missing in
the LZ4 segment of ./confiugre.ac.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst| 8 +++
configure.ac
month, and it
works indeed as intended when provoking the OpenVPN process to stop.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
distro/systemd/openvpn-ser...@.service.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/distro/systemd/openvpn-ser...@.service.in
b/distro/s
-off-by: David Sommerseth <dav...@openvpn.net>
---
distro/systemd/openvpn-cli...@.service.in | 1 +
distro/systemd/openvpn-ser...@.service.in | 1 +
2 files changed, 2 insertions(+)
diff --git a/distro/systemd/openvpn-cli...@.service.in
b/distro/systemd/openvpn-cli...@.service.in
index 49
van Dijk <g...@gertvandijk.net>
Acked-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170827161515.2424-1-g...@gertvandijk.net>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourc
.com/openvpn-devel@lists.sourceforge.net/msg15356.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZsIGwAAoJEIbPlEyWcf3yszEP/0fmB/zeaW8
Aug 24 15:55:47 2017 +0800
fragment.c: simplify boolean expression
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170824075547.29844-...@unstable.cc>
URL:
https://www.mail-archive
forge.net/msg15302.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZsIBaAAoJEIbPlEyWcf3ynvYQALjESHxTRQZtKF32rkvGWChA
cFrKXwYqVy/Imfk8IF/ZYC9PHFtg2iD7atK/kQW
: Sat Aug 19 21:37:35 2017 +0100
man: Corrections to doc/openvpn.8
Signed-off-by: Richard Bonhomme <fragmen...@gmail.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170819203735.8681-1-fragmen...@gmail.com>
URL:
https://www.mail-archive
Date: Sat Aug 19 15:52:09 2017 +0800
fix a couple of typ0s in comments and strings
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170819075209.28520-...@unstable.cc>
URL:
https://ww
db52b6df6915d38a269bf68767faefd9cebf33bb (release/2.4)
Author: Steffan Karger
Date: Wed Aug 16 19:04:50 2017 +0200
tls-crypt: don't leak memory for incorrect tls-crypt messages
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
effan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170816125504.21181-...@unstable.cc>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15272.html
Signed-off-by: David Sommerseth <dav...@openvpn.net&g
te code base.
For reference, the uncrustify command line I used was:
$ uncrustify -c dev-tools/uncrustify.conf \
--no-backup -l C -p debug.uncr \
src/openvpn/route.c
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
diff --git a/src/openvpn/route.c b/src/openvpn/
forge.net/projects/openvpn/lists/openvpn-devel/unsubscribe>
Thank you very much
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant te
and maintain.
We can have more slack in dev-tools, but if we deviate, then we need to
properly document it so we won't forget why.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
---
On 24/08/17 20:40, Antonio Quartulli wrote:
>
>
> On 25/08/17 02:40, Christian Hesse wrote:
>> David Sommerseth <open...@sf.lists.topphemmelig.net> on Thu, 2017/08/24
>> 20:16:
>>> On 24/08/17 09:57, Antonio Quartulli wrote:
>>>> My effort i
ot;bool ret"
down. So it will become:
bool ret = multi_process_post(m, mi, mpp_flags);
Which I think is also closer to what the compiler would end up with anyway.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> On 24/08/17 15:53, Antonio Quartulli wrote:
>> S
ugh ksh or dash? Those are the most feature
restrictive shells I can think of right now. Dash is supposed to be the
most POSIX compliant shell, iirc.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> On 24/08/17 22:37, Илья Шипицин wrote:
>> openvpn is also built on man
-by: David Sommerseth <dav...@openvpn.net>
---
INSTALL | 4 ++--
README.polarssl => README.mbedtls | 10 +-
doc/doxygen/doc_data_crypto.h | 2 +-
doc/doxygen/doc_key_generation.h | 6 +++---
doc/openvpn.8 | 16 +++-
idence of GitLab-CI
being superior and worth the efforts of switching_. Without any
evidence, we're just painting the bike shed. If changing, I prefer
changing to a feature-improved bike shed.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
eir userbase
as well. But that's their decision how they want to test their stuff.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibran
.com/openvpn-devel@lists.sourceforge.net/msg15176.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlypjAAoJEIbPlEyWcf3yuQEP
ts.sourceforge.net/msg15011.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlbiUAAoJEIbPlEyWcf3yN60Q
On 17/08/17 17:13, Arne Schwabe wrote:
> Am 15.08.17 um 23:54 schrieb David Sommerseth:
>> We have quite a list of deprecated options currently. Ensure this
>> is highlighted both in documentation and code.
>>
>> This patch builds on the wiki page [1] enlist
24 22:35:59 2017 +0800
rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
Signed-off-by: Antonio Quartulli <a...@unstable.cc>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170724143559.11503-...@unstable.cc>
URL:
https://ww
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Your patch has been applied to the following branches
commit 500854c3fc956b274790991e4d6771ad9bf6f641 (master)
commit 35e81e1a3d6809772f49f777ed6ec8e868505c6c (release/2.4)
Author: David Sommerseth
Date: Tue Aug 15 22:53:01 2017 +0200
Use
.com/openvpn-devel@lists.sourceforge.net/msg15229.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlGBTAAoJEIbPlEyWcf3ykpwP/3iuOWQMf6jgWs0ezR9A5YcT
08AjJ9aS
ts.sourceforge.net/msg15256.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlGAuAAoJEIbPlEyWcf3ylAQP/3mQukJluWtKhHBsbwNvC6RV
pm0kQ6BXwhIpQoR0FrUo
.net/msg15275.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlGAmAAoJEIbPlEyWcf3yHFMP/jU0S1g9wVZFNtvQQ2wL/ZxZ
wFSP+jPrHVwOm3fKz8VVGVRdrjtaO1Cwja5xADJW
forge.net/msg15268.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZlGAXAAoJEIbPlEyWcf3yypsP/302vOTwTQ/HizJ83s9QJYPh
9xRA2/4fwV9iNyoj76SHskMnAtkyIZGUlWN/mMIw
On 15/08/17 23:54, David Sommerseth wrote:
> We have quite a list of deprecated options currently. Ensure this
> is highlighted both in documentation and code.
>
> This patch builds on the wiki page [1] enlisting all deprecated features
> and their status. There are also some opt
awaits an update for git master.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst | 15 ++
doc/openvpn.8 | 78 ++-
src/openvpn/options.c | 16 ++-
3 files changed, 77 insertions(+), 32 del
text for the version reference.
In Changes.rst modified paragraphs exceeding 80 chars lines where
reformatted as well.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst| 52 ++
doc/openvpn.8
e3da00918d2dd99c116f6da1a14a2a73b72829f4
Author: Steffan Karger
Date: Sat Jul 1 13:22:08 2017 +0200
Deprecate --no-replay
Signed-off-by: Steffan Karger
Acked-by: David Sommerseth
Message-Id: <20170701112208.18803-1-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn
(master)
commit e2ab4958528a352c3ddad02446c10814afe68f6b (release/2.4)
Author: Steffan Karger
Date: Sat Jul 1 13:29:51 2017 +0200
Deprecate --keysize
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Trac: #876
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <150447-8186-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15180.ht
apable of understanding. And _we_ shouldn't
care how Mikrotik does that, it's their own implementation design.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
)
Author: David Sommerseth
Date: Mon Aug 14 15:19:37 2017 +0200
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
As we did in 2d032c7f for the ASN1_STRING_to_UTF8() calls in the core code,
we should also free(buf) if the function returns 0.
[DS: On-the-fly
c43045ca0590364552fbd060cc65ee1c50a4866a
Author: Steffan Karger
Date: Fri Jul 28 12:38:22 2017 +0200
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Document down-root plugin usage in client.down
Signed-off-by: Conrad Hoffmann <c...@bitfehler.net>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170802181435.14549-3...@bitfehler.net>
URL:
https://www.mail-archive.com/openvpn-devel@lis
94c1ce22ebcc1f672bb80598afccc130aa01fafc (master)
commit 9f390f0209aa119f7625a75ae309787bc6785831 (release/2.4)
Author: Conrad Hoffmann
Date: Wed Aug 2 20:14:34 2017 +0200
Use provided env vars in up/down script.
Signed-off-by: Conrad Hoffmann <c...@bitfehler.net>
Acked-by: David Sommerset
: Steffan Karger
Date: Tue Jul 25 23:02:34 2017 +0200
Move create_temp_file() out of #ifdef ENABLE_CRYPTO
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <20170725210234.5673-1-stef...@karg
6f616aa6b7570db965b8eee1d8b8d182af4bb05f (release/2.4)
Author: Steffan Karger
Date: Thu Jul 20 19:55:57 2017 +0200
Always use default keysize for NCP'd ciphers
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
.net/msg15202.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZkarWAAoJEIbPlEyWcf3ykp8P/jZX5e+B8le3+hfEqpKHuaE1
739gAXun6mrVjbxQOcFrhBp68igoNzRNmZ6mTJYf
On 14/08/17 13:17, Steffan Karger wrote:
> Hi,
>
> On 14-08-17 12:36, David Sommerseth wrote:
>> On 01/07/17 13:29, Steffan Karger wrote:
>>> The --keysize option can only be used with already deprecated ciphers,
>>> such as CAST5, RC2 or BF. Deviating from the
t my, and other's, fingers
within the Fedora community with the v2.4 upgrade)
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibr
iour
or API of a function which already have a unit test. So tests will need
to be adopted according to the changes done on code it is expected to
test. But we can ensure doing those changes in the test-case can be
done in an easily and understandable way.
--
kind regards,
David Sommerseth
OpenVPN
.net/msg15204.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg/+AAoJEIbPlEyWcf3yXZgQAMJeK4kkVnxAPzS0bR3FxPQ6
d/y1gMGbJV/tEkhx17gkJwwERhxI3/S7bwsQZlGt3HU
ml
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg/1AAoJEIbPlEyWcf3yzugP+gP0wPkoOvnhvaPoetdmmjxP
aOUnArkRg9LfivX2K4xXhK2Tv/Ay1sajxhojqESLY2PX0dkWCUbvGcPaGV+MGatB
forge.net/msg15203.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg/eAAoJEIbPlEyWcf3yRnwP/10HUlYwyVR5cLSwVj474ypR
8IdOabXBDkXnI13n7GVfaT4VpANljlhrtLHJqOi8
.com/openvpn-devel@lists.sourceforge.net/msg15186.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg/NAAoJEIbPlEyWcf3y1F4QAJyow7lPlSCgFUc5Yq7Yh5jy
de+FtUTELHC9lostek1wGDEQc4xloAQ
.net/msg15187.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg+/AAoJEIbPlEyWcf3ybecP/0L9hhRQ6nK6sPaTaGrlzTwl
3ae/F+td5Ve8vTKuGn3P93LAiA15KR2E4BxQ6yJh8nJnTP
-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
Acked-by: Steffan Karger <stef...@karger.me>
Message-Id: <20170807132301.22759-2-chipits...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15171.html
Signed-off-by: David Som
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Your patch has been applied to the following branches
commit 59e7e9fce8de6ea90d13baeaede83adc0b594e22 (master)
commit b597ded895e372831bb19538e5591d5c52270a44 (release/2.4)
Author: David Sommerseth
Date: Tue Jul 25 15:03:14 2017 +0200
ff-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg98AAoJEIbPlEyWcf3yPeoP/2wafGf4dlzWiZsRTn1aZtj8
gqsxP7JG4a58SxKJb/YrR7RVaFQWYi2dz+f8r6lvabQRd7NDkQzKcEnkkYKjwc
.net/msg15028.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg9uAAoJEIbPlEyWcf3y0l0P/RIDHjeC+dH7OgAVyrbb5Rfm
HKGqqEaJcg1qAfQxOpH4+CAPF/FHBRToJ9mrTYK/BpelE8LxxCpf
.net/msg15030.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg9iAAoJEIbPlEyWcf3ywC8QAMAVm4psZ96qwzryKr6Zteab
nwRB11RGH1WK64/X5gem7Epj3Ldmv9BE3++45FQBc78j
.net/msg15032.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCgAGBQJZjg9SAAoJEIbPlEyWcf3y0HgP/i35Nvj4wDpV/akcBP0SWLvR
L6AcwCM7LBEgqOeNfSO18ysoK1nzp9EpglPyyFDr
.
[1]
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15172.html
Message-Id: <20170807132301.22759-3-chipits...@gmail.com>
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
tests/Makefile.am | 2 +-
tests/t_sanity_ch
On 09/08/17 12:28, Илья Шипицин wrote:
>
>
> 2017-08-09 14:31 GMT+05:00 David Sommerseth
> <open...@sf.lists.topphemmelig.net
> <mailto:open...@sf.lists.topphemmelig.net>>:
>
> On 09/08/17 07:55, Илья Шипицин wrote:
>
isten,
--port, --proto, etc, etc). It is also possible to have a copy of the
expected "openvpn --help | grep -E -- ^--" output and do a diff -
probably filter out some less important/deprecated options). While
these are a nice checks too, it is not as crucial as ensuring we have
ample:
$ ./openvpn --help | grep -- ^-- | wc -l
238
As we might vary number of options from time to time, I wouldn't check
against 238. But that it should be above 220 in the foreseeable future
would not be an unreasonable assumption. *BUT* the number of options
migh
as some of us are ready to process it.
And based on a 10 seconds look, this does look correct - we just need to
need to do a little test run first.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
On 03/08/17 19:07, debbie10t wrote:
>
>
> On 03/08/17 17:46, David Sommerseth wrote:
>> On 03/08/17 18:03, debbie...@gmail.com wrote:
>>> From: Richard Bonhomme <fragmen...@gmail.com>
>>>
>>> Signed-off-by: Richard Bonhomme <fragmen...@gmail.c
gt; -.B \-\-verify\-x509\-name Server -name-prefix
> +.B \-\-verify\-x509\-name Server\- name\-prefix
> if you want a client to only accept connections to "Server-1", "Server-2",
> etc.
Just wondering ... Shouldn't the "Server-1" and "Server-2" be e
ated further and to consider if this is a better way for the
integration.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant te
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Your patch has been applied to the following branches
commit c5b12817c9aa3ae97fbdd2c2a9a9ab605087dff1 (master)
commit cb438b513223744949e0958d9f14870880cfc407 (release/2.4)
Author: David Sommerseth
Date: Tue Jul 25 16:57:18 2017 +0200
8295f62f84be3dbc5203b9695d99a4f74fcb7295 (release/2.4)
Author: Antonio Quartulli
Date: Fri Jul 7 18:22:38 2017 +0800
tls-crypt: avoid warnings when --disable-crypto is used
Signed-off-by: Antonio Quartulli <anto...@openvpn.net>
Acked-by: Steffan Karger <stef...@karger.me>
Acked-by: David Som
, but
I would rather see that as a part of cleaning up the whole init_static()
function - in fact when moving all "unit tests" in init_static() to cmocka,
it will not be too bad in the end.)
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/init.c | 17 ++
The write_pid() function is only used in openvpn.c, so no
need to have that in the misc.[ch] mixed bag.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/misc.c| 21 -
src/openvpn/misc.h| 2 --
src/openvpn/openvpn.c | 21 ++
- and the Tunnelblick project will take
over the responsibility for this code base on their own. And since
this code base is purely macOS specific, this seems to be a far
better place for this code to reside.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
[1]
<http://community.openvpn.net/ope
David Sommerseth <dav...@openvpn.net>
Message-Id: <20170707140108.31612-...@unstable.cc>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15015.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David Sommerseth
tures" section labelled as an improvement. Otherwise
I fear this would drown in the list of "User-visible Changes"
later on.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a
unless there are really strong reasons
to do so.
In this particular case, both OpenSSL and mbed TLS have a similar
features, so in this case it should be possible to get a unified
experience. So lets try to aim for that.
--
On 26/06/17 14:12, Arne Schwabe wrote:
> Am 26.06.17 um 13:51 schrieb David Sommerseth:
>> On 26/06/17 13:13, Arne Schwabe wrote:
>>> OpenSSL 1.1 does not allow MD5 signed certificates by default anymore. This
>>> can be enabled again by settings tls-cipher &qu
SL 1.0, I'm
not really convinced we need this.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's mo
ies from
project to project. In OpenVPN context 1 usually can be interpreted as
"no tunnel was started".
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
-
weeks holiday, let this sink in, and then we
can schedule a meeting some time in August where we discuss these
issues. And lets hope we don't need to rush yet another release before
August :)
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP
n easy-enough change from what
> we have now... ("gunzip <...tar.gz | xz >...tar.xz" or however you
> do xz balls) :-)
Hmmm ... not a bad idea. But do we really need tar.gz at all these
days? Why not just make autotools generate tar.xz by default and be
done with it?
Or to put
allenge us from time to time with its caching.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the worl
On 21/06/17 14:30, David Sommerseth wrote:
> On 21/06/17 13:48, Jonathan K. Bullard wrote:
>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen <sam...@openvpn.net> wrote:
>>> The OpenVPN community project team is proud to release OpenVPN 2.4.3. It
>>> can be do
501 - 600 of 2019 matches
Mail list logo