From: Arne Schwabe
Old Microsoft versions did strange behaviour but according to the
newly added unit test and
https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating
this is now standard conforming and we can use the normal snprintf
method.
Microsoft own documentation
From: Frank Lichtenheld
Previously the sections "Encryption Options" and
"Data channel cipher negotiation" were on the same
level as "OPTIONS", which makes no sense. Instead
move them and their subsections one level down.
Use ` since that was already in use in section
"Virtual Routing and
From: Frank Lichtenheld
As Coverity says:
Either the check against null is unnecessary, or there may be a null
pointer dereference.
In phase2_tcp_server: Pointer is checked against null but then
dereferenced anyway
There is only one caller (link_socket_init_phase2) and it already has
an
From: Frank Lichtenheld
- Remove compression settings. Not recommended anymore.
- Remove old cipher setting. Replaced by data-ciphers negotiation.
- Add comment how to set data-ciphers for very old clients.
- Remove/reword some old comments. e.g. no need to reference
OpenVPN 1.x anymore.
-
Thanks for the housekeeping...
As discussed on IRC, I've added text about tls-auth being commented
out to the commit message.
Your patch has been applied to the master and release/2.6 branch
(relevant documentation update).
commit b0fc10abd06fa2307e95c8a60fa94f7ccc08d2ac (master)
commit
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/546?usp=email )
Change subject: Add bracket in fingerprint message and do not warn about
missing verification
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/532?usp=email )
Change subject: samples: Update sample configurations
..
samples: Update sample configurations
- Remove compression settings. Not
cron2 has uploaded a new patch set (#5) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/532?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by plaisthos
Change subject: samples: Update sample configurations
Attention is currently required from: flichtenheld.
plaisthos has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/547?usp=email )
Change subject: Remove openvpn_snprintf and similar functions
..
Patch
Attention is currently required from: plaisthos.
flichtenheld has posted comments on this change. (
http://gerrit.openvpn.net/c/openvpn/+/545?usp=email )
Change subject: Use snprintf instead of sprintf for get_ssl_library_version
From: Arne Schwabe
This is avoid a warning/error (when using -Werror) under current macOS
of sprintf:
__deprecated_msg("This function is provided for compatibility
reasons only. Due to security concerns inherent in the design
of sprintf(3), it is highly recommended that you use
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/490?usp=email )
Change subject: phase2_tcp_server: fix Coverity issue 'Dereference after null
check'
..
phase2_tcp_server: fix Coverity issue
This is arguably a correct fix, though we could go a bit further in
terms of refactoring and fully get rid of signal_received - if my
understanding of the code is correct, it's only passed to a single
function (socket_listen_accept()), which is only called from here -
so "just pass on sig_info
cron2 has uploaded a new patch set (#3) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/490?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by plaisthos
Change subject: phase2_tcp_server: fix Coverity issue 'Dereference
Attention is currently required from: flichtenheld.
Hello flichtenheld,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/549?usp=email
to review the following change.
Change subject: Fix snprintf/swnprintf related compiler warnings
cron2 has uploaded a new patch set (#3) to the change originally created by
flichtenheld. ( http://gerrit.openvpn.net/c/openvpn/+/527?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by plaisthos
Change subject: documentation: make section levels consistent
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/527?usp=email )
Change subject: documentation: make section levels consistent
..
documentation: make section levels consistent
Previously the sections
Attention is currently required from: plaisthos.
Hello plaisthos,
I'd like you to do a code review.
Please visit
http://gerrit.openvpn.net/c/openvpn/+/548?usp=email
to review the following change.
Change subject: mbedtls: avoid warning with GCC 13+
cron2 has uploaded a new patch set (#2) to the change originally created by
plaisthos. ( http://gerrit.openvpn.net/c/openvpn/+/545?usp=email )
The following approvals got outdated and were removed:
Code-Review+2 by flichtenheld
Change subject: Use snprintf instead of sprintf for
cron2 has submitted this change. (
http://gerrit.openvpn.net/c/openvpn/+/545?usp=email )
Change subject: Use snprintf instead of sprintf for get_ssl_library_version
..
Use snprintf instead of sprintf for get_ssl_library_version
Your patch has been applied to the master and release/2.6 branch
(because this is good behaviour, even if we know there can not
be an overrun - today).
Tested on...
Linux, with "library versions: mbed TLS 2.28.7, LZO 2.10"
FreeBSD, with "library versions: mbed TLS 3.5.1, LZO 2.10"
commit
Your patch has been applied to the master and release/2.6 branch (doc).
commit 3fdf5aa04f7b96a3b7110f75306306ac5d7ed5fd (master)
commit 7993084c7f2b537e20a0a0d67385733d7d56688c (release/2.6)
Author: Frank Lichtenheld
Date: Mon Mar 25 08:15:20 2024 +0100
documentation: make section levels
22 matches
Mail list logo