[Openvpn-devel] [PATCH applied] Re: attempt to add IPv6 route even when no IPv6 address was configured

ACK. What we had was too strict in some cases, breaking people's configs - with this change, we give users enough rope to hang themselves if they insist to do so, but point out in the log file that this might be a stupid idea... (That this came up in the first place is a consequence of commit

Re: [Openvpn-devel] [PATCH v2] Fix user's group membership check in interactive service to work with domains

Hi, On Mon, Feb 20, 2017 at 11:13:49AM -0500, Selva Nair wrote: > > MS documentation for GetTokenInformation() suggests that group membership > > tests should be done with "CheckTokenMembership()", which sounds more > > convenient than "extract them all and walk the list" - so maybe this > > is

Re: [Openvpn-devel] [PATCH v2] Fix user's group membership check in interactive service to work with domains

On Mon, Feb 20, 2017 at 7:18 AM, Gert Doering wrote: > On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote: > > From: Selva Nair > > > > Currently the username unqualified by the domain is used to validate > > a user which fails for

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Christian Hesse on Mon, 2017/02/20 16:02: > Emmanuel Deloget on Mon, 2017/02/20 15:52: > > On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget > > wrote: > > > Hi again, > > > > > > On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Emmanuel Deloget on Mon, 2017/02/20 15:52: > On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget wrote: > > Hi again, > > > > On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget > > wrote: > >> Hi Christian, > >> > >> On Mon, Feb 20, 2017 at 1:29

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

On Mon, Feb 20, 2017 at 2:53 PM, Emmanuel Deloget wrote: > Hi again, > > On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget wrote: >> Hi Christian, >> >> On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote: >>> That matches my findings. Built

[Openvpn-devel] [RFC PATCH v2 06/15] OpenSSL: don't use direct access to the internal of EVP_PKEY

OpenSSL 1.1 does not allow us to directly access the internal of any data type, including EVP_PKEY. We have to use the defined functions to do so. Compatibility with OpenSSL 1.0 is kept by defining the corresponding functions when they are not found in the library. Signed-off-by: Emmanuel

[Openvpn-devel] [RFC PATCH v2 15/15] OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()

The behavior of EVP_CipherInit() changed in OpenSSL 1.1 -- instead of clearing the context when the cipher parameter was !NULL, it now clears the context unconditionnaly. As a result, subsequent calls to the function with additional information now fails. The bulk work is done by

[Openvpn-devel] [RFC PATCH v2 00/15] Add support for OpenSSL 1.1.x

This (limited) series replaces a few patches on the v1 series, namely: * "OpenSSL: don't use direct access to the internal of EVP_PKEY" This version replaces the previous version and adds function EVP_PKEY_id() which is present in 1.0.0 and later but not in 0.9.8. * "OpenSSL: use

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Hi again, On Mon, Feb 20, 2017 at 2:33 PM, Emmanuel Deloget wrote: > Hi Christian, > > On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote: >> That matches my findings. Built against openssl 1.1.0e (Arch Linux package >> openssl 1.1.0.e-1 [0]) the build itself

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Hi, On Mon, Feb 20, 2017 at 1:37 PM, Gert Doering wrote: > > Interesting. Anything useful in openvpn's logs? > Mon Feb 20 11:57:56 2017 us=371715 OpenSSL: error:0607B083:digital envelope routines:EVP_CipherInit_ex:no cipher set Mon Feb 20 11:57:56 2017 us=371746 EVP cipher

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Hi Christian, On Mon, Feb 20, 2017 at 1:29 PM, Christian Hesse wrote: > That matches my findings. Built against openssl 1.1.0e (Arch Linux package > openssl 1.1.0.e-1 [0]) the build itself succeeds, but 'make check' reports > lots of cipher failures. > > Are your patches available

Re: [Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

Hi, On Mon, Feb 20, 2017 at 02:13:20PM +0100, David Sommerseth wrote: > > and ran it against a local copy of lz4 v131, and that produced the > > expected result - no significant changes to compat-lz4.c/compat-lz4.h > > (the "#ifdef HAVE_CONFIG_H" block moves to the top of the file, but > > that

Re: [Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

On 20/02/17 14:03, Gert Doering wrote: > Hi, > > On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote: >> This tool depends on a cloned upstream LZ4 git repository and a >> checked out release tag. Then run the script like this: >> >>$ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git

Re: [Openvpn-devel] [PATCH] dev-tools: Simple tool wihch automates rebasing LZ4 compat library

Hi, On Wed, Jan 25, 2017 at 09:53:02PM +0100, David Sommerseth wrote: > This tool depends on a cloned upstream LZ4 git repository and a > checked out release tag. Then run the script like this: > >$ ./dev-tools/lz4-rebaser.sh /path/to/lz4.git > > To see the result before committing, use:

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Hi, On Mon, Feb 20, 2017 at 12:45:24PM +0100, Emmanuel Deloget wrote: > * 0.9.8zh --> EVP_PKEY_id() is not defined. I'm adding this to > openssl_compat.h and will provide a v2 patch with the change. Once > added, OpenVPN compiled successfully and was able to connect to my > /2.3 server. If

[Openvpn-devel] [PATCH applied] Re: Fix user's group membership check in interactive service to work with domains

ACK, based on "according to MSDN documentation these are the correct functions and are called properly", and on the test results in #810. I have only compile tested this (which succeeds). Your patch has been applied to the master and release/2.4 branch. commit

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Emmanuel Deloget on Mon, 2017/02/20 12:45: > Hello, > > On Sun, Feb 19, 2017 at 6:49 PM, Gert Doering wrote: > > Hi, > > > > On Sun, Feb 19, 2017 at 01:03:45PM +0100, Steffan Karger wrote: > >> Thank you very much. You approach looks good to me, and quite

Re: [Openvpn-devel] [PATCH v2] Fix user's group membership check in interactive service to work with domains

HI, On Sat, Jan 14, 2017 at 04:16:29PM -0500, selva.n...@gmail.com wrote: > From: Selva Nair > > Currently the username unqualified by the domain is used to validate > a user which fails for domain users. Instead authorize the user > > (i) if the built-in admin group or

Re: [Openvpn-devel] [RFC PATCH v1 00/15] Add support for OpenSSL 1.1.x

Hello, On Sun, Feb 19, 2017 at 6:49 PM, Gert Doering wrote: > Hi, > > On Sun, Feb 19, 2017 at 01:03:45PM +0100, Steffan Karger wrote: >> Thank you very much. You approach looks good to me, and quite closely >> matches what I had in mind for when I would find the time to