es in new acl"));
> -return CloseHandleEx();
> -}
> -
> - if (SetSecurityInfo(pipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION,
> -NULL, NULL, new_dacl, NULL) != ERROR_SUCCESS)
> -{
> -MsgToEventLog(M_SYSERR, TEXT("Could not set pipe security info"));
> -return CloseHandleEx();
> -}
> -
> return pipe;
> }
>
> --
> 2.42.0.windows.2
>
The only change from the 2.6 version is openvpn_swprintf -> swprintf.
I did not retest the build or executable, but looks good to me based on 2.6
tests.
Acked-by: Selva Nair
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Forgot to add:
This applies only to 2.6 -- for master we'll need a rebased version.
On Wed, Jun 19, 2024 at 9:51 AM Selva Nair wrote:
>
>
> On Wed, Jun 19, 2024 at 9:47 AM Lev Stipakov wrote:
>
>> At the moment everyone but anonymous are permitted
>> to create a
I35e783b79a332d247606e05a39e41b4d35d39b5d
> Reported by: Zeze with TeamT5
> Signed-off-by: Lev Stipakov
> ---
> v2:
> - ensure that sd is freed even if pipe creation failed
> - added Reported-By
>
Acked-by: Selva Nair
___
From: Selva Nair
Commits 7d48d31b, 39619b7f added support for inlining username
and, optionally, password.
Add a description of its usage in the man page.
Github: resolves OpenVPN/openvpn#370
Change-Id: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
---
v2: Add
From: Selva Nair
Commits 7d48d31b, 39619b7f added support for inlining username
and, optionally, password.
Add a description of its usage in the man page.
Change-Id: I7a1765661f7676eeba8016024080fd1026220ced
Signed-off-by: Selva Nair
---
Does this have to go through gerrit?
doc/man-sections
otally sure how exactly interface-specific DNS works in
this case).
So, if at all, why not state that the DNS server specified here should be
reachable through the tunnel irrespective of the platform?
Regards,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Selva Nair
Currently we log a bogus error message saying private key password verification
failed when SSL_CTX_use_cert_and_key() fails in pkcs11_openssl.c. Instead print
OpenSSL error queue and exit promptly.
Also log OpenSSL errors when SSL_CTX_use_certiifcate() fails in cryptoapi.c
distributions). Looks like
a good idea to stop
overriding it by default.
We could also improve logging when SSL_CTX_set_certificate and similar fail
by printing OpenSSL error queue.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi Mike
I misunderstood Arne's comment. We default to security level 1 but that
forbids SHA1 signatures in OpenSSL 3.0+.
Could you test with "tls-cert-profile Insecure" in the config file? It's
not recommended but useful to check.
Thanks,
Selva
On Thu, Sep 28, 2023 at 7:08 PM m
On Thu, Sep 28, 2023 at 8:55 PM Arne Schwabe wrote:
>
> Am 29.09.2023 um 01:08 schrieb mike tancsa:
>
> Hi Selva,
>
> Thank you for looking!
>
> My guess is that something in the certificate or private key is not to
> OpenSSL 3.1's liking and it rejects it. Is the
> 2023-09-28 17:05:12 us=578000 Error: private key password verification
> failed
>
Not a very useful error message.
My guess is that something in the certificate or private key is not to
OpenSSL 3.1's liking and it rejects it. Is there any way for you to chec
func,
> + const char **data, int *flags)
> +{
> +static const char *empty = "";
> +*func = empty;
> +long err = ERR_get_error_line_data(file, line, data, flags);
>
I think you missed to change that to "unsigned long err = "
+return err;
> +}
> +
> #endif /* OPENSSL_VERSION_NUMBER < 0x3000L */
>
> #endif /* OPENSSL_COMPAT_H_ */
> --
> 2.39.2 (Apple Git-143)
>
The above could be handled at merge time, so:
Acked-by: Selva Nair
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
On Tue, Jul 25, 2023 at 6:18 AM Frank Lichtenheld
wrote:
> On Sat, Jan 28, 2023 at 04:59:01PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - "if (sig == X) signal_reset(sig)" now becomes
> > "signal_reset(sig, X)" so that th
er
potential
loss of signal during signal-reset is avoided.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi,
This looks good except that the format of the log could be kept closer to
the current one:
On Fri, Jul 7, 2023 at 2:59 PM Arne Schwabe wrote:
> This also shows the extra data from the OpenSSL error function that
> can contain extra information. For example, the command
>
> openvpn
o>bar' vs "foo>bar").
That said, for valid domain names, the only expected characters are
alpha-numeric, hyphen and period, and single quotes should work. I have
only tested this using wmic command line, not the resulting openvpn.exe.
Acked-by: Selva Nair
P.S.
We probably need
_multi *multi,
> unsigned int mda_key_id)
> for (int i = 0; i < KEY_SCAN_SIZE; ++i)
> {
> struct key_state *ks = get_key_scan(multi, i);
> -if (ks->mda_key_id == mda_key_id)
> +if (ks->mda_key_id == mda_key_id && ks->state >
On Mon, May 29, 2023 at 3:07 PM Gert Doering wrote:
> Hi,
>
> On Thu, May 25, 2023 at 02:41:10PM -0400, Selva Nair wrote:
> > Now that 2.6 appears to have reached a fairly stable state, may I request
> > you to look into this patch for 2.7 -- this one has an ACK (thanks t
down into the details to resolve them. Right now it looks like no
one has yet touched related chunks.
Thanks,
Selva
On Tue, Jan 31, 2023 at 5:48 AM Frank Lichtenheld
wrote:
> On Sat, Jan 28, 2023 at 04:59:00PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
>
Acked-by: Selva Nair
On Fri, May 19, 2023 at 4:27 AM Lev Stipakov wrote:
> From: Lev Stipakov
>
> At the moment if --name is not specified, adapter names
> are generated by Windows and they look a bit confusing
> like "Local Area Connection 2".
>
> This is also
gt;mda_status = auth ? ACF_SUCCEEDED : ACF_FAILED;
> }
> +else
> +{
> +msg(D_TLS_DEBUG_LOW, "%s: no key state found for management
> key id "
> +"%d", __func__, mda_key_id);
> +}
> }
> return (bool) ks;
> }
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
StringFromIID((REFIID), );
> _ftprintf(stderr, TEXT("Renaming TUN/TAP adapter %")
> TEXT(PRIsLPOLESTR)
>TEXT(" to \"%") TEXT(PRIsLPTSTR) TEXT("\"
> failed (error 0x%x).\n"),
> -
From: Selva Nair
Setting the desktop as "winsta0\default" does not always work when run
from a non-interactive session which may not have access to the
the window station "Winsta0". Leave this as NULL to let the system
automatically assign a window station and desktop.
pn/ssl_common.h
> @@ -733,7 +733,7 @@ get_key_by_management_key_id(struct tls_multi *multi,
> unsigned int mda_key_id)
>
ssl_common.h in master (and 2.6) has only 725 lines and no function by that
name. Am I missing something?
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Selva Nair
Currently we use the ANSI version of CreateEvent causing name of the
exit event to be interpreted differently depending on the code page
in effect. Internally all strings parsed from command line and config
file are stored as UTF8-encoded Uniode. When passed to Windows API calls
From: Selva Nair
Github: Fixes OpenVPN/openvpn#323
Signed-off-by: Selva Nair
---
This will fix #323 is my best guess, untested as yet..
This is a bug that needs fixing, regardless.
src/openvpn/pkcs11_openssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn
Hi,
On Tue, Apr 25, 2023 at 6:22 AM Arne Schwabe wrote:
> After first round of mailing people with more than 10 commits we have
> almost all committers have agreed. This put this license in the realm
> of having a realistic change to work. Had any of these contributers
> disagreed, rewriting
exemption -> exception in a number of places below
Though similar in meaning, better to use the standard wording here.
On Fri, Apr 21, 2023 at 11:02 AM Arne Schwabe wrote:
> After first round of mailing people with more than 10 commits we have
> almost all committers have agreed. This put this
From: Selva Nair
- We assume that all text passed to the management interface
and written to log file are in Unicode (UTF-8). This is broken by
the use of the ANSI version of FormatMessage() for Windows error
messages. Fix by using FormatMessageW() and converting the UTF-16
result to UTF
From: Selva Nair
- We assume that all text passed to the management interface
and written to log file are in Unicode (UTF-8). This is broken by
the use of the ANSI version of FormatMessage() for Windows error
messages. Fix by using FormatMessageW() and converting the UTF-16
result to UTF
else
> {
> -netsh_delete_address_dns(tt, false, );
> +do_dns_domain_wmic(false, tt);
> +
> +if (tt->options.ip_win32_type == IPW32_SET_NETSH)
> +{
> +netsh_delete_address_dns(tt, false, );
> +}
&g
t->options.ip_win32_type == IPW32_SET_NETSH)
> +{
> +netsh_delete_address_dns(tt, false, );
> +}
> }
> }
>
> diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h
> index e19e1a2e..0d8e2307 100644
> --- a/src/openvpn
reason, --tls-version-max 1.0 did not suffice to trigger
> the error this morning, but --tls-version-min 1.3 + management + bytecount
> still did)
>
Since then I've found this can be triggered quite simply by adding
"--status /dev/stdout" or some file to the client options.
Whic
inux), too much to
ask the caller to check that a valid dco handle is available.
Selva
On Mon, Mar 27, 2023 at 4:42 PM Selva Nair wrote:
>
>
> On Mon, Mar 27, 2023 at 4:30 PM Antonio Quartulli wrote:
>
>> Hi,
>>
>> On 27/03/2023 19:12, selva.n...@gmail.com wrote
On Mon, Mar 27, 2023 at 4:30 PM Antonio Quartulli wrote:
> Hi,
>
> On 27/03/2023 19:12, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> >We persist peer-stats when restarting, but an early restart
> >before open_tun results in
From: Selva Nair
We persist peer-stats when restarting, but an early restart
before open_tun results in a segfault in dco_get_peer_stats().
To reproduce, trigger a TLS handshake error due to lack of common
protocols, for example.
Fix by checking that tuntap is defined before
Hi,
On Mon, Mar 27, 2023 at 9:59 AM Matthias Andree
wrote:
> Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com:
> > From: Selva Nair
> >
> > - Do not use non-literal initializers for static objects
> > - Replace empty initializer {} by {0}
>
> Should we
On Mon, Mar 27, 2023 at 8:09 AM Frank Lichtenheld
wrote:
> On Mon, Mar 27, 2023 at 07:49:37AM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - Do not use non-literal initializers for static objects
> > - Replace empty initializer {} by {0}
> &
From: Selva Nair
- Do not use non-literal initializers for static objects
- Replace empty initializer {} by {0}
Signed-off-by: Selva Nair
---
To be applied after the test-pkcs11 patch set
tests/unit_tests/openvpn/cert_data.h | 6 ++---
tests/unit_tests/openvpn/test_cryptoapi.c | 24
On Mon, Mar 27, 2023 at 4:49 AM Frank Lichtenheld
wrote:
> On Fri, Mar 24, 2023 at 01:13:22PM -0400, Selva Nair wrote:
> > Would the attached small patch be acceptable instead? It covers only
> > test_cryptoapi --- if this will do, I can incorporate similar changes for
> >
lude "const variables".
Though it works with gcc. In C99, automatic variables can be intialized
so, and the alternative I suggested uses that approach.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
d in an initializer.
> So change all of them to preprocessor defines instead.
>
> It also doesn't like the empty initializer.
> error C2059: syntax error: '}'
>
> CC: Selva Nair
> Signed-off-by: Frank Lichtenheld
> ---
> tests/unit_tests/openvpn/cert_data.h | 24
I didn't realize it until Lev pointed out that this reply yesterday
didn't go to the list. FTR, copying to the list.
-- Forwarded message -
From: Selva Nair
Date: Wed, Mar 22, 2023 at 9:42 AM
Subject: Re: [Openvpn-devel] [PATCH] Print DCO client stats on SIGUSR2
To: Lev Stipakov
From: Selva Nair
- Enabled for the Ubuntu 22.04 build (OpenSSL 3) and one of the
Ubuntu 20.04 builds (OpenSSL 1.1.1).
Signed-off-by: Selva Nair
---
.github/workflows/build.yaml | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build.yaml b/.github
From: Selva Nair
- This function will be reused for testing pkcs11
Signed-off-by: Selva Nair
---
tests/unit_tests/openvpn/Makefile.am | 1 +
tests/unit_tests/openvpn/pkey_test_utils.c | 141 +
tests/unit_tests/openvpn/test_cryptoapi.c | 98 +-
3 files
From: Selva Nair
- Load some test certificate/key pairs into a temporary softhsm2 token
and enumerate available objects through pkcs11-helper interface
- For each object, load it into SSL_CTX and test sign (if using OpenSSL 3)
or check the certificate and public-key match (if using OpenSSl
From: Selva Nair
- Unfortunately there are still users out there who disable IPv6
on tun/tap/dco interfaces or even system-wide.
Fixes: Github issue #294
Signed-off-by: Selva Nair
---
src/openvpnserv/interactive.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src
"TCP/UDP write bytes," counter_format,
> c->c2.link_write_bytes);
> +status_printf(so, "TCP/UDP read bytes," counter_format,
> c->c2.link_read_bytes + c->c2.dco_read_bytes);
> +status_printf(so, "TCP/UDP write bytes," counter_format,
> c->c2.link_write_b
easy way to "provoke" this is to use openssh proxy (say, -D 1080) and
use it to proxy to a udp server. SSH will close the connection as it does
not
support udp association. Probably it should return one of the socks5 error
code instead, but doesn't. Even if it did, our recv_socks_
From: Selva Nair
- This is the only remaining function in cryptoapi.c that has no
direct or indirect test.
This test confirms that an SSL_CTX context gets a certificate and
private key loaded into it and the public key in the certificate
matches the private key. As signing
From: Selva Nair
Change-Id: Id6bf8ea705d02eff2cbfba7d841e1cdb6ae1
Signed-off-by: Selva Nair
---
src/openvpn/socks.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/socks.c b/src/openvpn/socks.c
index 6a672c25..2cf0cc9f 100644
--- a/src/openvpn/socks.c
ay have been
imported. Those go to "Trusted Root Certificates" listed below "Personal".
I'm not entirely sure whether it's possible to select a wrong destination
during import, causing client certificates to go into root certificates.
During import I only select the store (use
On Wed, Mar 15, 2023 at 4:30 AM Gert Doering wrote:
> Hi,
>
> On Tue, Mar 14, 2023 at 09:35:12PM -0400, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Import some sample certificates into Windows store for testing
> > - 4 test ce
From: Selva Nair
- A few sample certificates are defined and imported into
Windows certificate store (user store).
This only tests the import process. Use of these certs to test the
core functionality of 'cryptoapicert' are in following commits.
Change-Id
From: Selva Nair
- For each sample certificate/key pair imported into the store,
load the key into xkey-provider and sign a test message.
As the key is "provided", signing will use appropriate
backend (Windows CNG in this case).
The signature is then verified using OpenSSL.
From: Selva Nair
- find_certificate_in_store tested using 'SUBJ:', 'THUMB:'
and 'ISSUER:' select strings. Uses test certificates
imported into the store during the import test.
Change-Id: Ib5138465e6228538af592ca98b3d877277355f59
Signed-off-by: Selva Nair
---
tests/unit_tests/openvpn
From: Selva Nair
- Loading the certificate and key into the provider is split out of
setting up the SSL context. This allows testing of signing by
cryptoapi-provider interface without dependence on SSL context
or link-time wrapping.
Change-Id: I269b94589636425e1ba9bf953047d238fa830376
From: Selva Nair
Import some sample certificates into Windows store for testing
- 4 test certificates imported to user store
and removed at the end.
Add tests for finding certificates in Windows certficate store
- test using SUBJ:, THUMB: and ISSUER: select-strings
Refactor
.
>
> Tested-by: flor...@apolloner.eu
Thanks. Updated patch is on the list.
I "heard" whispers of "2.6.2 coming soon" in another thread. Would be great
if this fix can make it.
As this also touches cryptoapicert (via a refactor), an inde
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL expects
a DER encoded ASN.1 structure.
Do this conversion as done in cryptoapi.c. For code re-use, ecdsa_bin2sig
From: Selva Nair
- With OpenSSL 3.0 and xkey-provider, we use pkcs11h_certificate_signAny_ex()
which returns EC signature as raw r|s concatenated. But OpenSSL expects
a DER encoded ASN.1 structure.
Do this conversion as done in cryptoapi.c. For code re-use, ecdsa_bin2sig
cannot figure arbitrary variable
expansion won't work as expected for out-of-tree builds with read-only
sources. But testing does show only $(srcdir) and $(top_srcdir) get
correctly handled, and the fix below appears to be a reasonable way out.
Tested "make distcheck" and also compared
of the while loop */
> +}
> +gr = getgrent();
> +}
>
endgrent();
> +#endif /* if defined(HAVE_GETPWUID) && defined(HAVE_GETGRENT) */
> +return ret;
> +}
> +
>
Will delay v2 depending on the fate of this patch.
Selva
__
Hi,
On Mon, Mar 6, 2023 at 3:24 AM Gert Doering wrote:
> Hi,
>
> On Mon, Mar 06, 2023 at 12:33:46AM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - When management-client-group is in use, allow access if any of
> > the supplementary groups
From: Selva Nair
- When management-client-group is in use, allow access if any of
the supplementary groups of the user matches the specified group.
Currently only the effective gid of the peer socket is checked
which is normally the primary group of user. As unprivileged users
have
From: Selva Nair
- This pointer is to a static area which can change on further
calls to getpwnam, getpwuid etc.
Same with struct group returned by getgrnam.
As the only field later referred to is uid or gid, fix
by saving them instead.
Signed-off-by: Selva Nair
---
Though we call
45#logs
>
Run ./unittests/cryptoapi_testdriver.exe
> 4[==] Running 1 test(s).
> 5[ RUN ] test_parse_hexstring
> 6[ OK ] test_parse_hexstring
> 7[ PASSED ] 1 test(s).
> 8[==] 1 test(s) run.
Selva
___
Openvpn-devel mailing li
From: Selva Nair
- Though named cryptoapi_testdriver, right now this only tests
parsing of thumbprint specified as a selector for --cryptioapicert
option. More tests coming..
v2: a line that belongs here was mistakenly included in the previous
commit. Corrected.
v3: add to list of tests run
From: Selva Nair
- Though named cryptoapi_testdriver, right now this only tests
parsing of thumbprint specified as a selector for --cryptioapicert
option. More tests coming..
v2: a line that belongs here was mistakenly included in the previous
commit. Corrected.
v3: add to list of tests run
ed reference to
> `_cmocka_run_group_tests'
>
I had seen something similar with the master branch -- the def had some
functions missing. But 1.1.5 worked out of the box.
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Hi
On Fri, Feb 10, 2023 at 4:13 PM Gert Doering wrote:
> Hi,
>
> On Tue, Feb 07, 2023 at 07:59:25PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - Minor changes to the build system to include some
> > dependencies for Windows build
&
On Fri, Feb 10, 2023 at 4:13 PM Gert Doering wrote:
> Hi,
>
> On Tue, Feb 07, 2023 at 07:59:25PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > - Minor changes to the build system to include some
> > dependencies for Windows build
&
ints hex, and INVALID_SOCKET looks a bit nicer:
> >
> >2023-02-10 15:17:11 us=828000 write to TUN/TAP : Jrjestelmkutsulle
> > annettu data-alue on liian pieni. (fd=,code=122)
> >
> > Reported-by: Selva Nair
> > Signed-off-by: Lev Stipakov
mingw to github
actions
<https://patchwork.openvpn.net/project/openvpn2/patch/20230209163705.466173-1-a...@rfc2549.org/>
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
CC: list
-- Forwarded message -
From: Selva Nair
Date: Tue, Feb 7, 2023 at 11:57 AM
Subject: Re: [Openvpn-devel] [PATCH v2 3/5] Windows: fix wrong printf
format in x_check_status
To: Frank Lichtenheld
Nitpicking:
> - use PRIuPTR as discussed on IRC (added relevant defi
CC: list
-- Forwarded message -
From: Selva Nair
Date: Wed, Feb 8, 2023 at 11:34 PM
Subject: Re: [Openvpn-devel] [PATCH 4/5] Add missing stdint.h includes in
unit tests files
To: Arne Schwabe
Hi,
On Tue, Feb 7, 2023 at 7:19 PM Arne Schwabe wrote:
> My mingw compiler/head
CC: list was missed..
-- Forwarded message -
From: Selva Nair
Date: Thu, Feb 9, 2023 at 2:54 PM
Subject: Re: [Openvpn-devel] [PATCH v2 5/5] Add building unit tests with
mingw to github actions
To: Arne Schwabe
Hi,
Thanks, this is much better with tests grouped together.
Some
make -j3
>- name: make check
> run: make check
> +
> --
A couple of minor issues with the way test results are reported:
(1) The main name of the test being run is not printed
Normally when run from make check, we will get "PASSED pkt_testdriver" etc
at t
On Wed, Feb 8, 2023 at 6:16 AM Arne Schwabe wrote:
> Am 08.02.23 um 02:05 schrieb Selva Nair:
> > Hi,
> >
> > On Tue, Feb 7, 2023 at 7:18 PM Arne Schwabe > <mailto:a...@rfc2549.org>> wrote:
> >
> > Am 04.02.23 um 07:40 schrieb selva.n...@g
Hi,
On Tue, Feb 7, 2023 at 7:18 PM Arne Schwabe wrote:
> Am 04.02.23 um 07:40 schrieb selva.n...@gmail.com:
> > From: Selva Nair
> >
> > - Though named cryptoapi_testdriver, right now this only tests
> >parsing of thumbprint specified as a selector for --cryptio
From: Selva Nair
- Minor changes to the build system to include some
dependencies for Windows build
- test_tls_crypt not built as it will pull in win32.c and
its dependencies
- If cross-compiling, "make check" will only build the tests but not
run any. Copy to Windows and ru
On Tue, Feb 7, 2023 at 7:18 PM Arne Schwabe wrote:
> From: Selva Nair
>
> - Eliminates repeated warnings such as
> warning: source file '$(openvpn_srcdir)/env_set.c' is in a subdirectory,
> but option 'subdir-objects' is disabled
> - Enabled only for automake >= 1.16 a
Hi,
On Tue, Feb 7, 2023 at 6:59 AM Arne Schwabe wrote:
> Am 04.02.23 um 07:40 schrieb selva.n...@gmail.com:
> > From: Selva Nair
> >
> > - Minor changes to the build system to include some
> >dependencies for Windows build
> >
> > - test_tls_cry
libnl-genl is missing as discussed with ordex on
> IRC.
>
> v3:
> - improvements to the messages, suggested by Selva
> - further improvements to the default specification, trying to make it
> clear
> - if enabling iproute2, do not test for libnl-genl
>
>
>
would result in outputs like:
WARNING: iproute2 support cannot be enabled when using DCO
WARNING: DCO support disabled
(or in an error)
Phrasing the first as "DCO cannot be enabled when using iproute2" would be
better.
> + enable_dco="no"
> + f
From: Selva Nair
- Minor changes to the build system to include some
dependencies for Windows build
- test_tls_crypt not built as it will pull in win32.c and
its dependencies
- If cross-compiling, "make check" will only build the tests but not
run any. Copy to Windows and ru
From: Selva Nair
- Though named cryptoapi_testdriver, right now this only tests
parsing of thumbprint specified as a selector for --cryptioapicert
option. More tests coming..
v2: a line that belongs here was mistakenly included in the previous
commit. Corrected.
Signed-off-by: Selva Nair
From: Selva Nair
- Though named cryptoapi_testdriver, right now this only tests
parsing of thumbprint specified as a selector for --cryptioapicert
option. More cryptoapi tests coming..
Signed-off-by: Selva Nair
---
As requested during review of the 4/4 patch of cryptoapi series.
Note
From: Selva Nair
- Minor changes to the build system to include some
dependencies for Windows build
- test_tls_crypt not built as it will pull in win32.c and
its dependencies
- If cross-compiling, "make check" will only build the tests but not
run any. Copy to Windows and ru
From: Selva Nair
- Eliminates repeated warnings such as
warning: source file '$(openvpn_srcdir)/env_set.c' is in a subdirectory,
but option 'subdir-objects' is disabled
- Enabled only for automake >= 1.16 as older versions have a buggy
implementation
of this option
Main side eff
From: Selva Nair
v2: Moved the "parse_hexstring" chunk to a function for clarity
and to permit unit-testing.
A test is submitted as a follow up patch.
Signed-off-by: Selva Nair
---
src/openvpn/cryptoapi.c | 77 -
1 file changed, 37 inserti
l#L561
Thanks a lot for that.
By adding win32-util.c and -lws2_32 where required, I can now build almost
all tests using the autotools framework --- cmocka had to be cross-compiled
using cmake which is a pain.
I do not particularly like cmake though it's convenient for Windows MSVC
build, so st
Hi
>
> On Wed, Feb 1, 2023 at 6:56 AM Frank Lichtenheld
> wrote:
>
>> On Sat, Jan 28, 2023 at 05:34:21PM -0500, selva.n...@gmail.com wrote:
>> > From: Selva Nair
>> >
>> > Signed-off-by: Selva Nair
>> > ---
>> > src/openvpn/cry
Hi,
On Wed, Feb 1, 2023 at 6:56 AM Frank Lichtenheld
wrote:
> On Sat, Jan 28, 2023 at 05:34:21PM -0500, selva.n...@gmail.com wrote:
> > From: Selva Nair
> >
> > Signed-off-by: Selva Nair
> > ---
> > src/openvpn/cryptoapi.c | 44 +++-
From: Selva Nair
- Require xkey-provider (thus OpenSSL 3.01+) for --cryptoapicert
Note:
Ideally we should also make ENABLE_CRYPTOAPI conditional
on HAVE_XKEY_PROVIDER but that looks hard unless we can agree
to move HAVE_XKEY_PROVIDER to configure/config.h.
v2: use "binary&quo
From: Selva Nair
- An item added to undo-list was not removed on error, causing
attempt to free again in Undo().
Also fix a memory leak possibility in the same context.
Github: fixes OpenVPN/openvpn#232
v2: Split add and delete functions and reuse the delete
function for cleanup.
Signed
>
>
> Also I replaced 0x%x with %u in win_block_dns_service() for
> consistency. You may want to do it in your patch too :)
>
We have at least another place where it's %x, so will leave that for
another day. btw, shouldn't it be %d?
Selva
ks okay.
That said, if you have a better fix, I'm ready to review it in lieu of this.
Thanks,
Selva
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
From: Selva Nair
- An item added to undo-list was not removed on error, causing
attempt to free again in Undo().
Also fix a memory leak possibility in the same context.
Github: fixes OpenVPN/openvpn#232
Signed-off-by: Selva Nair
---
src/openvpnserv/interactive.c | 17 ++---
1
From: Selva Nair
- With various ways of specifying the selector-string to the
"--cryptoapicert" option, its not immediately obvious
which certificate gets selected from the store. Log it.
The "name" logged is a friendly name (if present), or a
representative el
1 - 100 of 1412 matches
Mail list logo