-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1478635663-5837-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12968.html
Signed-off-by: Dav
com>
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <1477670087-30063-1-git-send-email-steffan.kar...@fox-it.com>
URL:
https://www.
8b42c197626430118ed126c1b8256ba5ae1f699a
Author: David Sommerseth
Date: Mon Nov 14 12:20:08 2016 +0100
systemd: Improve the systemd unit files
Signed-off-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1479122408-6867-1-git-send-email-dav...@openvpn.net>
URL:
http://www.mail-archive
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/11/16 11:44, Steffan Karger wrote:
> Hi,
>
> On 14-11-16 23:45, David Sommerseth wrote:
>> Commit 825e2ec1f358f2e8 cleaned up the usage of
>> warn_if_group_others_accessible() and moved it into options.c.
>> At t
not to remove --compat-names and --no-name-remapping now is that
such a change will require TLS verification scripts and plug-ins to be
updated to support the new X.509 subject formatting; which
--verify-x509-name already uses.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Chang
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/11/16 16:07, Gert Doering wrote:
> Hi,
>
> On Fri, Nov 11, 2016 at 02:16:41PM +0100, David Sommerseth wrote:
>> @@ -917,6 +915,12 @@ do_ifconfig (struct tuntap *tt,
>> management_android_control (management, &q
do not exclude
open_tun_generic() if TARGET_LINUX is defined.
v2 - Move changes from 1) into the proper if() block
directly
- Fix up incorrect comment tags related to changes in 2)
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/tun.c | 12 +++-
it removes some no longer needed #ifdefs
and uses platform_stat() to allow a similar check to happen on the Windows
platform as well.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/options.c | 38 --
1 file changed, 12 insertions(
1ce0638627eb35631af9bfaa569468573568ec65
Author: Steffan Karger
Date: Mon Nov 14 21:06:07 2016 +0100
Deprecate key-method 1
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1479153967-6788-1-git-send-email-stef...@karg
kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1479045751-22297-1-git-send-email-steffan.kar...@fox-it.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13019.html
Signed-off-by: David Sommerseth &
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/16 22:35, David Sommerseth wrote:
> On 14/11/16 21:06, Steffan Karger wrote:
>> Key method 2 has been the default since OpenVPN 2.0, and is both
>> more functional and secure. Also, key method 1 was only ever
>> suppo
.
If nobody noticed this by now, then nobody really uses --key-method.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYKi41AAoJEIbPlEyWcf3yVasP/0vlhDldY6i+HkBGrlMg1OxK
TnuTlqdoz3pg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 14/11/16 15:06, debbie10t wrote:
>
>
> On 14/11/16 11:02, David Sommerseth wrote:
>> On 12/11/16 14:48, debbie10t wrote:
>>>
>>>
>>> On 12/11/16 11:38, David Sommerseth wrote:
>
>>>> +E
use
Type=simple (default)
v2 - Change RuntimeDirectory= to a profile specific (client, server)
directory to avoid clashing with older distro unit files
Contribution-by: Elias Probst <m...@eliasprobst.eu>
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
distro/systemd
On 12/11/16 14:48, debbie10t wrote:
>
>
> On 12/11/16 11:38, David Sommerseth wrote:
>> There are several changes which allows systemd to take care of several
>> aspects of hardening the execution of OpenVPN.
>>
>> - Let systemd take care of the process trackin
On 12/11/16 16:00, Gert Doering wrote:
> Hi,
>
> On Fri, Nov 11, 2016 at 01:35:57PM +0100, David Sommerseth wrote:
>> We can of course investigate if we should enable systemd to restart
>> OpenVPN, at least the server profile, if it dies unexpectedly.
>> Currently,
;
>
> +#include
> +#include
> +
> /* #define ABORT_ON_ERROR */
>
> #ifdef ENABLE_PKCS11
>
This one is easy! :) Without this patch, the following patch will not
build, so ACK.
--
kind regards,
David Somme
STDIN,
> + errs |= check_file_access (CHKACC_FILE|CHKACC_ACPTSTDIN|CHKACC_PRIVATE,
> options->auth_user_pass_file, R_OK,
> "--auth-user-pass");
> #endif /* P2MP */
>
Patch looks good to me. Good clean-up moving
warn_if_gr
les
Contribution-by: Elias Probst <m...@eliasprobst.eu>
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
distro/systemd/openvpn-client@.service | 11 ++-
distro/systemd/openvpn-server@.service | 14 --
2 files changed, 14 insertions(+), 11 deletions(-)
diff
Building with -O2, the compiler warned about query_user_SINGLE() being
declared and not used in console.c. This function, defined in console.h,
should have been declared as 'static inline'. This also removes that
warning.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/o
do not exclude
open_tun_generic() if TARGET_LINUX is defined.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/tun.c | 14 ++
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index a312d91..1a3a88a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/11/16 13:28, Samuli Seppänen wrote:
> This comes a bit late, sorry.
>
> Il 20/10/2016 23:42, David Sommerseth ha scritto:
>> There are several changes which allows systemd to take care of
>> several aspects of hardening the
e - unless there comes an informative NAK message before
that time. And if someone gives an ACK, it will be applied sooner.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
> Note:
> I have inserted blank lines to help with email line wrap.
>
>
> =
>
On 11/11/16 13:14, David Sommerseth wrote:
> On 28/09/16 13:08, Steffan Karger wrote:
>> Fixes compiler warnings (undefined behavior) by making the copy
>> explicit to comply to strict aliasing rules. With newer GCC the
>> old code could actually lead to undefined behaviour.
blog.llvm.org/2011/05/what-every-c-programmer-should-know.html>
[2] <http://blog.regehr.org/archives/213>
[3]
<http://cellperformance.beyond3d.com/articles/2006/06/understanding-strict-aliasing.html>
[4] I've tested with gcc-4.8.5 (Red Hat 4.8.5-4) and clang-3.4.2 on
EL7.2
--
David Sommerseth <dav...@openvpn.net>
Message-Id: <20161109201932.80991-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12983.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
kind regards,
David So
a lot of ambiguity and odd
behaviours. And getting proper unit tests on top of it all is truly
great! But there's still some improvements needed in the last 3 patches
(patch 5, 6 and 7).
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/11/16 02:11, debbie10t wrote:
>
>
> On 20/10/16 21:42, David Sommerseth wrote:
>
>> [Service] PrivateTmp=true +RuntimeDirectory=openvpn
>> +RuntimeDirectoryMode=0710 +WorkingDirectory=/etc/openvpn/server
>>
926], argv_new() is called but no
argv_free() calls.
On a not so related note. I noticed that init.c have a
#ifdef ARGV_TEST block. That should probably also be killed; no need
for that as we have unit tests - and the argv_test() function it calls
no longer exists.
--
kind regards,
David S
patch makes t_cltsrv.sh succeed, so pretty sure this
patch is the one to blame for this error.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/11/16 22:02, Alberto Gonzalez Iniesta wrote:
> On Tue, Nov 08, 2016 at 09:27:20PM +0100, David Sommerseth wrote:
>> On 08/11/16 16:40, debbie10t wrote:
>>> Hi,
>>>
>>> I now have these unit files working o
or whatever Debian uses as the runtime directory)
Otherwise, great testing!
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Developer Access Program for I
and used all places where %sc was
used before, I consider this smoke-testing good enough for now.
As for the prior patches in this series, I will wait with applying this
patch to the git tree until all the other patches in this series have
been reviewed and ACKed.
--
kind regards,
David Sommerset
d also reports less heap usage, which is
expected due to not allocating buffers for system_str. Otherwise tests
passed.
As for the prior patches in this series, I will wait with applying this
patch to the git tree until all the other patches in this series have
been reviewed and ACKed.
--
kind re
eaks.
As for patch 1/7 ... I will wait with applying this patch to the git
tree until all the other patches in this series have been reviewed and
ACKed.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Ver
patch to the git tree until all the other
patches in this series have been reviewed and ACKed.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
Deve
se options than --cd.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYIOmEAAoJEIbPlEyWcf3yPjQP/0UuB2YPtShyVIUSfPHmbvyC
b9mtXbvTOHMhHY8wV9xrZFH89+G69+jOvVfuZGfHdRssJdxn
ange and stand by the current version.
Systemd version used for testing this: systemd-219-19.el7_2.13.x86_64
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYIORgAAoJEIbPlEyWcf3y5ukQAIavRA1nZPi65Zmg+K
ld change, such a discussion will not happen
before the final OpenVPN 2.4 release have stabilized. But as things
are right now, those chances are small - we're fairly happy how the
source tree is organized, the organisation is mostly out of our way
and we figure out things quickly.
Which mea
:44 2016 +0100
Fix --tls-version-max in mbed TLS builds
Signed-off-by: Steffan Karger <stef...@karger.me>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1478289824-9244-1-git-send-email-stef...@karger.me>
URL:
http://www.mail-archiv
can be quite hard to catch who "owns" the main
pointer and who is just "borrowing access". So I am very reluctant to
take this "easy path".
The question is ... does anyone else see a different or better
approach? Thoughts, comments?
- --
kind regards,
David Sommer
ack to the client. But that's for a
different patch.
I can definitely give this one a Feature-ACK. I can also support a
full ACK too if one more developer does a thorough code review.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version:
present in OpenVPN at least since 2.2 or 2.1.
Using a deferred approach makes a lot of sense, and it will also have
other benefits of not slowing down other connected clients during the
authentication - if that takes a few seconds or more to complete.
Once I get a few reviews completed, I can
. which
wouldn't be a bad thing.
- --
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBAgAGBQJYGcYrAAoJEIbPlEyWcf3yfucQALCHugfdugZPlHTXsyyNZS5V
2ypftfSSG8Wup00ZVzfg8SDSnJJuh/gDS7ufrNCKLGm3HKdW
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm splitting of the originating thread to a new one, to refocus the
discussion.
On 01/11/16 15:56, Samuli Seppänen wrote:
> Il 01/11/2016 16:05, David Sommerseth ha scritto:
>> [...snip...]
>>
>>>> I still think the ti
On 01/11/16 13:20, Samuli Seppänen wrote:
> Hi,
>
> Il 01/11/2016 13:10, Gert Doering ha scritto:
>> Hi,
>>
>> On Mon, Oct 31, 2016 at 11:55:08PM +0100, David Sommerseth wrote:
>>> How long will users be willing to wait? I'd be really surprised if 2.4
>&
On 01/11/16 12:28, Gert Doering wrote:
> Hi,
>
> On Mon, Oct 31, 2016 at 03:01:28PM +0100, David Sommerseth wrote:
>> -.B \-\-keepalive n m
>> +.B \-\-keepalive ps pto
>
> What does "ps" stand for? I find this not much clearer than "n"...
&g
.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/options.c | 5 +++--
src/openvpn/ssl_backend.h | 3 +++
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index f88e94d..be31ed3 100644
--- a/src/openvpn/opt
On 31/10/16 23:25, debbie10t wrote:
>
>
> On 31/10/16 21:30, David Sommerseth wrote:
>
>> So let's try to aim at pleasing the end user than being picky about the
>> wording of a track ticket. Because most users will be thankful for a
>> related feature than
On 31/10/16 15:58, Selva Nair wrote:
>
> On Mon, Oct 31, 2016 at 10:51 AM, David Sommerseth
> <open...@sf.lists.topphemmelig.net
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
>
> I was not aware it was fixed in the 2.4 branch until today.
>
&g
t;
>
> ++1
>
> On Mon, Oct 31, 2016 at 6:53 AM, David Sommerseth
> <open...@sf.lists.topphemmelig.net
> <mailto:open...@sf.lists.topphemmelig.net>> wrote:
> I disagree to closing it. This limitation should be fixed, IMO. This
> is a very us
Just minor clarifications and corrections of the --keepalive option.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
doc/openvpn.8 | 29 +++--
1 file changed, 19 insertions(+), 10 deletions(-)
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index e73517a..0
This improves the client experience when a auth-token is rejected or
has expired. The message provided should be visible in all clients
supporting parsing of AUTH_FAILED push messages.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c| 2 +-
src/o
access
to the the context object.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/forward.c | 2 +-
src/openvpn/ssl.c | 28
src/openvpn/ssl.h | 6 +-
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/src/openvpn/for
() is
called. The reason we need the struct context object is that
send_auth_failed() needs that to prepare a message to be pushed to
the client.
The second patch just implements the rejection message and
calling send_auth_failed() with the appropriate messages.
David Sommerseth (2):
Refactor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit 58066d04036bf29107f67ca38c6e964ec11f9dfd
Author: David Sommerseth
Date: Fri Oct 28 21:48:40 2016 +0200
auth-gen-token: Add --auth-gen-token option
Signed-off-by: David Sommerseth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit 2c0403ac359097bbcb1e97b777120e218e29014f
Author: David Sommerseth
Date: Fri Oct 28 21:48:43 2016 +0200
auth-gen-token: Push generated auth-tokens to the client
Signed-off
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit 703c9784f4dcd4f77166201074c21c6ea4aeb033
Author: David Sommerseth
Date: Fri Oct 28 21:48:44 2016 +0200
auth-gen-token: Authenticate generated auth-tokens when client
re-authenticates
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit 270dc91164013eb7ace34d7b098fa11a97aef847
Author: David Sommerseth
Date: Fri Oct 28 21:48:42 2016 +0200
auth-gen-token: Generate an auth-token per client
Signed-off-by: David
GUI can now remember the username.
>>>>
>>>> Regards,
>>>>
>>>> Selva
>>>>
>>>
>>> Totally agree :) thanks for your reply.
>>> I am going t
to lifetime argument
- Rename struct member auth_generate_token to auth_token_generate
to have a consistent naming scheme
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst | 15 +++
doc/openvpn.8| 22 +
- Clarify the magic in sanitize_control_message()
- Relocate auth_token_sent struct member slightly
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/misc.c | 9 +
src/openvpn/push.c | 12 +++-
src/openvpn/ssl_common.h | 2 ++
3
reconnect with a new
authentication using the users password.
v2 - Rename auth_generate_token to auth_token_generate
- Wrap lines exceeding 80 chars
- Improved several comments (rephrasing, grammar)
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl_verify.
scheme in the code
- Ensuring the code don't exceed 80 chars line length
- Various improvements to comments
David Sommerseth (4):
auth-gen-token: Add --auth-gen-token option
auth-gen-token: Generate an auth-token per client
auth-gen-token: Push generated auth-tokens to the client
auth-gen
- Fix Doxygen comment typo
- Don't exceed 80 chars line length
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c| 6 ++
src/openvpn/ssl_common.h | 8
src/openvpn/ssl_verify.c | 39 +++
3 files chang
t;>
>> Acked-by: David Sommerseth <dav...@openvpn.net>
>> Message-Id: <1477060957-6423-1-git-send-email-a...@rfc2549.org>
>> URL:
>> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12766.html
>> Signed-off-by: Da
On 28/10/16 15:15, David Sommerseth wrote:
> ACK.
>
> Your patch has been applied to the branch
This was applied to the master branch.
> commit fe621610ff300a299b232956056ffdf0833a9b45
> Author: Arne Schwabe
> Date: Fri Oct 21 16:42:37 2016 +0200
>
> Make C
On 28/10/16 15:16, David Sommerseth wrote:
> ACK.
>
> Your patch has been applied to the dev/pre-push-hook branch
This was pushed to the master branch.
> commit 752caece99a61e516386f94823e82ddf13fcbcab
> Author: Steffan Karger
> Date: Fri Oct 28 13:57:01 2016 +0200
>
On 28/10/16 15:16, David Sommerseth wrote:
> ACK.
>
> Your patch has been applied to the branch
This was pushed to the release/2.3 branch.
> commit a91ddc99a524014ec79560d873721e8fa81a5631
> Author: Steffan Karger
> Date: Fri Oct 28 14:10:07 2016 +0200
>
> Lim
That should be the master branch. My scripts obviously needs some more
enhancements.
On 28/10/16 15:15, David Sommerseth wrote:
> Your patch has been applied to the dev/pre-push-hook branch
>
> commit a64d76e246042fde40189033b87b126627db5b6b
> Author: Steffan Karger
> Date: W
-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1477656607-7440-1-git-send-email-steffan.kar...@fox-it.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12799.html
Signed-off-by: Dav
Signed-off-by: Steffan Karger <steffan.kar...@fox-it.com>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1477655821-6711-1-git-send-email-steffan.kar...@fox-it.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12798.ht
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ACK.
Your patch has been applied to the branch
commit fe621610ff300a299b232956056ffdf0833a9b45
Author: Arne Schwabe
Date: Fri Oct 21 16:42:37 2016 +0200
Make Changes.rst nicer for 2.4 release
Acked-by: David Sommerseth <
<stef...@karger.me>
Acked-by: Arne Schwabe <a...@rfc2549.org>
Message-Id: <1477510159-5067-1-git-send-email-stef...@karger.me>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12784.html
Signed-off-by: David Sommerseth <dav...@ope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Your patch has been applied to the master branch.
commit f93b76398003769685ae1053ec978fffe17f6cd6
Author: David Sommerseth
Date: Thu Oct 27 18:49:41 2016 +0200
Remove last rest of INSTALL-win32.txt references
Signed-off-by: David
Commit 04341beb1d8e0fad3425bfec5f281fe431895cd6 removed the
INSTALL-win32.txt file. But there were crucial parts left in
Makefile.am which broke building OpenVPN. In addition, removed
other references in INSTALL and README to the same file to be
complete.
Signed-off-by: David Sommerseth <
: https://github.com/OpenVPN/openvpn-build/pull/35
URL: https://github.com/OpenVPN/openvpn-build/pull/38
Signed-off-by: Samuli Seppänen <sam...@openvpn.net>
Acked-by: David Sommerseth <dav...@openvpn.net>
Message-Id: <1477396539-1293-1-git-send-email-sam...@openvp
to the needed
re-indenting when removing the if(true) scope.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c | 439 ++
1 file changed, 208 insertions(+), 231 deletions(-)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
>CLEAR (*ks->key_src);
> + tls_limit_reneg_bytes (session->opt->key_type.cipher,
> + >opt->renegotiate_bytes);
> }
>
>return true;
> @@ -2354,6 +2376,8 @@ key_method_2_read (struct buffer *buf, struct tls_mult
curity related issues.
--
kind regards,
David Sommerseth
OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
--
The Command Line: Reinvented for Modern Developers
Did the resurgence of
---
> INSTALL-win32.txt | 77
> ---
> 1 file changed, 77 deletions(-)
> delete mode 100644 INSTALL-win32.txt
I have no issues with this. I'm just missing the "why" argument in the
commit message.
--
kind regards,
David So
I think moving over to
memcpy() makes sense ... So I do give this a Feature ACK. But we need
to have some proper testing so we're sure we don't break anything.
--
kind regards,
David Sommerseth
#include
#include
#include
#include
#define MR_MAX_ADDR_LEN 20
#define MR_ADDR_IPV4
On 14/10/16 15:30, Steffan Karger wrote:
>
>
> On 13-10-16 21:59, David Sommerseth wrote:
>> If --auth-gen-token has been enabled and a token has been generated,
>> ensure this token is pushed to the client using the 'auth-token' option.
>>
>> Signed-off-by: Dav
- Clarify the magic in sanitize_control_message()
- Relocate auth_token_sent struct member slightly
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/misc.c | 9 +
src/openvpn/push.c | 12 +++-
src/openvpn/ssl_common.h | 2 ++
3
- Fix Doxygen comment typo
- Don't exceed 80 chars line length
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c| 6 ++
src/openvpn/ssl_common.h | 8
src/openvpn/ssl_verify.c | 39 +++
3 files chang
Meh ... disregard this patch. Just noticed that the auth_token_sent
member in the struct tls_options sneaked into this patch during my git
rebasing.
I'll send the correct v2 patch (as v2.1 in the subject only)
--
kind regards,
David Sommerseth
On 14/10/16 12:18, David Sommerseth wrote
binzYSpfSyiyE.bin
Description: PGP/MIME version identification
encrypted.asc
Description: OpenPGP encrypted message
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
by: David Sommerseth <dav...@openvpn.net>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <1476377656-3150-1-git-send-email-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12695.html
Signed-off-by: David Som
On 13/10/16 21:59, David Sommerseth wrote:
> If --auth-gen-token has been enabled and a token has been generated,
> ensure this token is pushed to the client using the 'auth-token' option.
>
> Signed-off-by: David Sommerseth <dav...@openvpn.net>
> ---
> src/openvpn/misc.
- Fix Doxygen comment typo
- Don't exceed 80 chars line length
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c| 6 ++
src/openvpn/ssl_common.h | 8
src/openvpn/ssl_verify.c | 39 +++
3 files chang
to lifetime argument
- Rename struct member auth_generate_token to auth_token_generate
to have a consistent naming scheme
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
Changes.rst | 15 +++
doc/openvpn.8| 22 +
On 14/10/16 10:48, David Sommerseth wrote:
> Your patch has been applied to the master branch
>
> commit b891e57e1fe794483c08296e32c15751f2676a2d
> Author: David Sommerseth
> Date: Thu Oct 13 21:59:27 2016 +0200
>
> Move memcmp_constant_time() to crypto.h
>
>
binefI2zJVRFB.bin
Description: PGP/MIME version identification
encrypted.asc
Description: OpenPGP encrypted message
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org!
parate patch to make the core auth-gen-token
patches easier to review. This patch can be moved anywhere before PATCH 5/5
or squashed into PATCH 5/5 if that is requested.
David Sommerseth (5):
Move memcmp_constant_time() to crypto.h
auth-gen-token: Add --auth-gen-token option
auth-gen
-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl.c| 6 ++
src/openvpn/ssl_common.h | 6 ++
src/openvpn/ssl_verify.c | 33 +
3 files changed, 45 insertions(+)
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index c7cf78d..5
This function is quite useful other places, so make it generally
accessible.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/crypto.c | 18 --
src/openvpn/crypto.h | 18 ++
2 files changed, 18 insertions(+), 18 deletions(-)
diff --git
will implement the auth-token generation and
passing it on to the clients.
The --auth-gen-token can be given an optional integer argument which
defines the lifetime of generated tokens. The lifetime argument
must be given in number of seconds.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
--
reconnect with a new
authentication using the users password.
Signed-off-by: David Sommerseth <dav...@openvpn.net>
---
src/openvpn/ssl_verify.c | 50
1 file changed, 50 insertions(+)
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
.
Acked-by: Selva Nair <selva.n...@gmail.com>
Message-Id: <1476269227-13290-1-git-send-email-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12675.html
Signed-off-by: David Sommerseth <dav...@openvpn.net>
- --
ki
get
> IPv6", (int) info[0], (int) info[1] ); - tt->ipv6 = false; + msg(
> M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support
> IPv6 in TUN mode. IPv6 will not work. Upgrade to Tap-Win32 9.8
> (2.2-beta3 release or later) or use TAP mode to get IPv6",
901 - 1000 of 2019 matches
Mail list logo