[Openvpn-devel] [PATCH applied] Re: Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL

ba42 Author: Arne Schwabe Date: Wed May 15 12:01:15 2024 +0200 Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240515100115.11056-1-g...@greenie.muc.de> URL: https://www.mail-a

[Openvpn-devel] [PATCH v5] Remove custom TLS 1.0 PRF implementation only used by LibreSSL/wolfSSL

this, they should expose the functionality as well. Change-Id: I5bfa3630ad4dff2807705658bc877c4a429a39ce Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https

[Openvpn-devel] [PATCH applied] Re: Remove OpenSSL 1.0.2 support

c96d8e0e23 Author: Arne Schwabe Date: Tue May 14 16:15:50 2024 +0200 Remove OpenSSL 1.0.2 support Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240514141550.17544-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists

[Openvpn-devel] [PATCH v9] Remove OpenSSL 1.0.2 support

-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/559 This mail reflects revision 9 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering

[Openvpn-devel] [PATCH applied] Re: Workaround issue in LibreSSL crashing when enumerating digests/ciphers

e Schwabe Date: Thu May 9 00:05:40 2024 +0200 Workaround issue in LibreSSL crashing when enumerating digests/ciphers Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240508220540.12554-1-g...@greenie.muc.de> URL: https://www.mail-archi

[Openvpn-devel] [PATCH applied] Re: Support OpenBSD with cmake

Acked-by: Frank Lichtenheld Message-Id: <20240508220512.12362-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28648.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Workaround issue in LibreSSL crashing when enumerating digests/ciphers

it to the library. Change-Id: Ia08a9697d0ff41721fb0acf17ccb4cfa23cb3934 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/586 This mail reflects

[Openvpn-devel] [PATCH v1] Support OpenBSD with cmake

From: Arne Schwabe Change-Id: I85d4d27333773e8df109e42b1fa56ccf57994e57 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL:

[Openvpn-devel] [PATCH applied] Re: configure: update old copy of pkg.m4

Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240506160413.7189-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28631.html Signed-off-by: Gert Doering -- kind regard

[Openvpn-devel] [PATCH v2] configure: update old copy of pkg.m4

From: Frank Lichtenheld If we copy this code, let's at least make sure we update it every decade ;) I also considered removing it. However, then autoconf can't be run on systems without pkg-config installed anymore. While that is very unusual, didn't see a good reason to break that. Change-Id:

[Openvpn-devel] [PATCH applied] Re: Only run coverity scan in OpenVPN/OpenVPN repository

repository Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240506155831.3524-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28627.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Only run coverity scan in OpenVPN/OpenVPN repository

From: Arne Schwabe This avoids the error message triggering every night that the run failed in forked repositories Change-Id: Id95e0124d943912439c6ec6f562c0eb40d434163 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH applied] Re: Repeat the unknown command in errors from management interface

1.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Remove openvpn_snprintf and similar functions

:27:10 2024 +0200 Remove openvpn_snprintf and similar functions Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240506102710.8976-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28617.html Si

[Openvpn-devel] [PATCH v1] Repeat the unknown command in errors from management interface

From: Arne Schwabe This help pinpointing errors in logs from my app Change-Id: Ie2b62bc95371daf7e1eb58e0323835f169399910 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master.

[Openvpn-devel] [PATCH v5] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation

[Openvpn-devel] [PATCH applied] Re: Fix 'binary or' vs 'boolean or' related to server_bridge_proxy_dhcp

Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240502095322.9433-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28601.html Signed-off-by: Gert Doering -- kind regard

[Openvpn-devel] [PATCH applied] Re: Replace macos11 with macos14 in github runners

72-1-g...@greenie.muc.de Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Replace macos11 with macos14 in github runners

From: Arne Schwabe Github's documentation states: macos-11 label has been deprecated and will no longer be available after 6/28/2024. Add macos14 which is nowadays supported instead. The github macos-14 runner is using the M1 platform with ARM, so this requires a bit more adjustment of paths.

[Openvpn-devel] [PATCH v1] Fix "binary or" vs "boolean or" related to server_bridge_proxy_dhcp

From: Frank Lichtenheld Both values are boolean so there is no reason to use "|" and it just confuses the reader whether there is something more going on here. Change-Id: Ie61fa6a78875ecbaa9d3d8e7a50603d77c9ce09e Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- T

[Openvpn-devel] [PATCH applied] Re: Use topology default of subnet only for server mode

eld Acked-by: Arne Schwabe Message-Id: <20240501124254.29114-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28592.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn

[Openvpn-devel] [PATCH applied] Re: Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

penvpn-devel@lists.sourceforge.net/msg28591.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Use topology default of "subnet" only for server mode

From: Frank Lichtenheld The setting of --topology changes the syntax of --ifconfig. So changing the default of --topology breaks all existing configs that use --ifconfig but not --topology. For P2P setups that is probably a signification percentage. For server setups the percentage is hopefully

[Openvpn-devel] [PATCH v1] Add missing EVP_KDF_CTX_free in ssl_tls1_PRF

From: Arne Schwabe This is just missing in the function. Found by clang+ASAN. Change-Id: I5d70198f6adbee8add619ee8a0bd6b5b1f61e506 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to

[Openvpn-devel] [PATCH v2] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation

[Openvpn-devel] [PATCH applied] Re: Change default of topology to subnet

mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27627.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: forked-test-driver: Show test output always

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28133.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: tests: fork default automake test-driver

.@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28132.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https

[Openvpn-devel] [PATCH applied] Re: Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex

eaa22b0a803fd74f4 Author: Arne Schwabe Date: Tue Apr 2 15:49:09 2024 +0200 Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240402134909.6340-1-g...@greenie.muc.de> URL: https:

[Openvpn-devel] [PATCH v3] Remove/combine redundant call of EVP_CipherInit before EVP_CipherInit_Ex

/openssl/blob/openssl-3.2/crypto/evp/evp_enc.c#L450 basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH v2] Remove redundant call of EVP_CipherInit before EVP_CipherInit_Ex

basically the same as 1.0.2. Just that method names have been changed. Change-Id: I911e25949a8647b567fd4178683534d4404ab469 Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL

[Openvpn-devel] [PATCH applied] Re: Match ifdef for get_sigtype function with if ifdef of caller

) Author: Arne Schwabe Date: Tue Apr 2 08:36:46 2024 +0200 Match ifdef for get_sigtype function with if ifdef of caller Signed-off-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <20240402063646.25490-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/o

[Openvpn-devel] [PATCH v1] Match ifdef for get_sigtype function with if ifdef of caller

From: Arne Schwabe These two ifdef needs to be the same otherwise the compiler will break with a undefined function. Change-Id: I5b14bf90bb07935f0bb84373ec4e62352752c03f Signed-off-by: Arne Schwabe Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one

[Openvpn-devel] [PATCH applied] Re: crypto_backend: fix type of enc parameter

Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240327162621.1792414-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28498.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: misc.c: remove unused code

g28503.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] misc.c: remove unused code

From: Lev Stipakov Commit 3a4fb1 "Ensure --auth-nocache is handled during renegotiation" has changed the behavior of set_auth_token(), but left unused parameter struct user_pass *up Remove this parameter and amend comments accordingly. Also remove unused function definition from misc.h.

[Openvpn-devel] [PATCH applied] Re: script-options.rst: Update ifconfig_* variables

Acked-by: Gert Doering We're so bad at times at updating documentation... verified that the newly documented options exist and do what it says. Confusing code... Your patch has been applied to the master and release/2.6 branch (doc). commit a94226cdc8ed037a6763675aa47e6c821983f174 (master

[Openvpn-devel] [PATCH applied] Re: Add bracket in fingerprint message and do not warn about missing verification

g28474.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Fix snprintf/swnprintf related compiler warnings

Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240326104101.531291-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28475.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: phase2_tcp_server: fix Coverity issue 'Dereference after null check'

.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28452.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourc

[Openvpn-devel] [PATCH applied] Re: Use snprintf instead of sprintf for get_ssl_library_version

y: Frank Lichtenheld Message-Id: <20240325125052.14135-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28458.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: documentation: make section levels consistent

consistent Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240325071520.12513-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28453.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: samples: Update sample configurations

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28451.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net

[Openvpn-devel] [PATCH v1] Use snprintf instead of sprintf for get_ssl_library_version

From: Arne Schwabe This is avoid a warning/error (when using -Werror) under current macOS of sprintf: __deprecated_msg("This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use

[Openvpn-devel] [PATCH v1] Remove openvpn_snprintf and similar functions

From: Arne Schwabe Old Microsoft versions did strange behaviour but according to the newly added unit test and https://stackoverflow.com/questions/7706936/is-snprintf-always-null-terminating this is now standard conforming and we can use the normal snprintf method. Microsoft own documentation

[Openvpn-devel] [PATCH v2] documentation: make section levels consistent

From: Frank Lichtenheld Previously the sections "Encryption Options" and "Data channel cipher negotiation" were on the same level as "OPTIONS", which makes no sense. Instead move them and their subsections one level down. Use ` since that was already in use in section "Virtual Routing and

[Openvpn-devel] [PATCH v2] phase2_tcp_server: fix Coverity issue "Dereference after null check"

From: Frank Lichtenheld As Coverity says: Either the check against null is unnecessary, or there may be a null pointer dereference. In phase2_tcp_server: Pointer is checked against null but then dereferenced anyway There is only one caller (link_socket_init_phase2) and it already has an

[Openvpn-devel] [PATCH v4] samples: Update sample configurations

From: Frank Lichtenheld - Remove compression settings. Not recommended anymore. - Remove old cipher setting. Replaced by data-ciphers negotiation. - Add comment how to set data-ciphers for very old clients. - Remove/reword some old comments. e.g. no need to reference OpenVPN 1.x anymore. -

Re: [Openvpn-devel] [PATCH v2] Implement server_poll_timeout for socks

er doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature _

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

Acked-by: Gert Doering Verified that this is the same conceptual patch as we have in master and release/2.6, just the lines look a bit different because the 2.5 code is different - the union has less members, and there is ring_buffer related stuff in the context that was changed for 2.6 Test

[Openvpn-devel] [PATCH applied] Re: Disable DCO if proxy is set via management

w.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28415.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/o

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

Fix potential stack overflow issue Signed-off-by: Lev Stipakov Acked-by: Heiko Hund Message-Id: <20240319152803.1801-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html

[Openvpn-devel] [PATCH applied] Re: interactive.c: Fix potential stack overflow issue

Fix potential stack overflow issue Signed-off-by: Lev Stipakov Acked-by: Heiko Hund Message-Id: <20240319152803.1801-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28420.html

[Openvpn-devel] [PATCH applied] Re: interactive.c: disable remote access to the service pipe

...@openvpn.net> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28419.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.so

[Openvpn-devel] [PATCH applied] Re: GHA: general update March 2024

0319154456.2967716-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28422.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@l

[Openvpn-devel] [PATCH applied] Re: win32: Enforce loading of plugins from a trusted directory

e/2.5) Author: Lev Stipakov Date: Tue Mar 19 15:53:45 2024 +0200 win32: Enforce loading of plugins from a trusted directory Signed-off-by: Lev Stipakov Acked-by: Selva Nair Message-Id: <20240319135355.1279-2-...@openvpn.net> URL: https://www.mail-archive.com/openvpn-d

[Openvpn-devel] [PATCH v1] Disable DCO if proxy is set via management

From: Lev Stipakov Commit 45a1cb2a ("Disable DCO if proxy is set via management") attempted to disable DCO when proxy is set via management interface. However, at least on Windows this doesn't work, since: - setting tuntap_options->disable_dco to true is not enough to disable DCO - at

[Openvpn-devel] [PATCH applied] Re: Update Copyright statements to 2024

Acked-by: Gert Doering Like Christmas... happens every year :-) - verified that this, indeed, only affects copyright lines ("git show -I '^ \* Copyright') - I guess it was produced by update-copyright.sh anyway, but review is what I do... The only actual code change is the msg() in opti

[Openvpn-devel] [PATCH applied] Re: Remove license warning from README.mbedtls

README.mbedtls Signed-off-by: Max Fillinger Acked-by: Gert Doering Message-Id: <20240314185527.26803-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28400.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH v1] Remove license warning from README.mbedtls

From: Max Fillinger The licenses are compatible now, so we can remove the warning. Change-Id: I1879c893ed19b165fd086728fb97951eac251681 Signed-off-by: Max Fillinger Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge

Re: [Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

Hi, On Mon, Mar 11, 2024 at 12:44:20PM +0100, Frank Lichtenheld wrote: > On Fri, Mar 08, 2024 at 12:51:33PM +0100, Gert Doering wrote: > [...] > > Your patch has been applied to the master branch. > > Could we please cherry-pick this to release/2.6 as well? > > Would ma

[Openvpn-devel] [PATCH applied] Re: Update documentation references in systemd unit files

unit files Signed-off-by: Christoph Schug Acked-by: Frank Lichtenheld Message-Id: <20240308140346.4058419-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28369.html Signed-off-by: Gert Doering -- kind regards,

[Openvpn-devel] [PATCH applied] Re: remove repetitive words in documentation and comments

URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28368.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.ne

[Openvpn-devel] [PATCH applied] Re: gerrit-send-mail: add missing Signed-off-by

Your patch has been applied to the master branch. commit bea088cf8ae3382aeed420da2a39f2a9f52df4cd Author: Frank Lichtenheld Date: Fri Mar 8 13:05:57 2024 +0100 gerrit-send-mail: add missing Signed-off-by Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id

[Openvpn-devel] [PATCH v1] gerrit-send-mail: add missing Signed-off-by

From: Frank Lichtenheld Our development documentation says we add this automatically when it is missing. So let's do that here as well. Change-Id: If9cb7d66f079fe1c87fcb5b4e59bc887533d77fa Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit

[Openvpn-devel] [PATCH applied] Re: t_client.sh: Allow to skip tests

hit users) Your patch has been applied to the master branch. commit 0c7cf0694ee6f878168330e9a084c255c51a9e8b Author: Frank Lichtenheld Date: Fri Mar 8 11:28:18 2024 +0100 t_client.sh: Allow to skip tests Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: &l

[Openvpn-devel] [PATCH applied] Re: Minor fix to process_ip_header

/openvpn-devel@lists.sourceforge.net/msg28345.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: check_compression_settings_valid: Do not test for LZ4 in LZO check

Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v5] t_client.sh: Allow to skip tests

-by: Frank Lichtenheld Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/521 This mail reflects revision 5 of this Change. Acked-by according to Gerrit

[Openvpn-devel] [PATCH applied] Re: Persist-key: enable persist-key option by default

Message-Id: <20240307140355.32644-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28347.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing li

[Openvpn-devel] [PATCH v5] Persist-key: enable persist-key option by default

From: Gianmarco De Gregori Change the default behavior of the OpenVPN configuration by enabling the persist-key option by default. This means that all the keys will be kept in memory across restart. Fixes: Trac #1405 Change-Id: I57f1c2ed42bd9dfd43577238749a9b7f4c1419ff Signed-off-by: Gianmarco

[Openvpn-devel] [PATCH v5] Minor fix to process_ip_header

From: Gianmarco De Gregori Removed if-guard checking if any feature is enabled before performing per-feature check. It doesn't save us much but instead introduces uneeded complexity. While at it, fixed a typo IMCP -> ICMP for defined PIPV6_ICMP_NOHOST_CLIENT and PIPV6_ICMP_NOHOST_SERVER macros.

[Openvpn-devel] [PATCH v3] Persist-key: enable persist-key option by default

From: itsGiaan Change the default behavior of the OpenVPN configuration by enabling the persist-key option by default. This means that all the keys will be kept in memory across restart. Fixes: Trac #1405 Change-Id: I57f1c2ed42bd9dfd43577238749a9b7f4c1419ff Signed-off-by: Gianmarco De Gregori

[Openvpn-devel] [PATCH applied] Re: openvpn-[client|server].service: Remove syslog.target

Signed-off-by: Frank Lichtenheld Message-Id: <20240304163313.2326923-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28318.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___

[Openvpn-devel] [PATCH applied] Re: samples: Remove tls-*.conf

com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28316.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourcefor

[Openvpn-devel] [PATCH applied] Re: Fix typo --data-cipher-fallback

Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH v1] Fix typo --data-cipher-fallback

From: Frank Lichtenheld Change-Id: I38e70cb74c10848ab2981efc4c4c8863c5c8785d Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL:

[Openvpn-devel] [PATCH applied] Re: Document that auth-user-pass may be inlined

4.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Document that auth-user-pass may be inlined

ver doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature _

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

Hi, On Mon, Feb 19, 2024 at 02:23:08PM +0100, Antonio Quartulli wrote: > On 19/02/2024 14:12, Gert Doering wrote: > > Maybe that would be a more reasonable approach here... get rid of the > > umbrella if(), and check individual bits inside. It seems to be a > > mic

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://l

Re: [Openvpn-devel] IRC community meeting summary (Feb 14th)

-- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is

Re: [Openvpn-devel] [S] Change in openvpn[master]: Minor fix to process_ip_header

ubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature __

[Openvpn-devel] [PATCH applied] Re: Change include order for tests

Message-Id: <20240212132522.125903-1-juli...@wolfssl.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28229.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailin

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

hing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert

[Openvpn-devel] [PATCH applied] Re: Turn dead list test code into unit test

rne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240209105902.14506-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28201.html Signed-off-by: Gert Doering -- kind regards, Ger

[Openvpn-devel] [PATCH applied] Re: Implement generating TLS 1.0 PRF using new OpenSSL 3.0 APIs

new OpenSSL 3.0 APIs Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld Message-Id: <20240209110629.15364-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28203.html Signed-off-by: Gert Doering -- kind r

Re: [Openvpn-devel] [PATCH] wolfssl: include "ssl.h" by "src/openvpn/ssl.h"

" Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sou

[Openvpn-devel] [PATCH applied] Re: Print SSL peer signature information in handshake debug details

-devel@lists.sourceforge.net/msg28206.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH applied] Re: Add unit test for encrypting/decrypting data channel

Add unit test for encrypting/decrypting data channel Acked-by: Frank Lichtenheld Message-Id: <20240208085749.869-1-g...@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28195.html Signed-off-by: Gert Doering -- kind regards,

[Openvpn-devel] [PATCH v3] Add unit test for encrypting/decrypting data channel

From: Arne Schwabe This test is reusing code from --test-crypto but is modified to not rely on the static key functionality and also only tests the most common algorithm. So it does not yet completely replace --test-crypto Change-Id: Ifa5ae96165d17b3cae4afc53e844bb34d1610e58 Acked-by: Frank

[Openvpn-devel] [PATCH applied] Re: test_user_pass: add basic tests for static/dynamic challenges

-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240207171239.86730-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28191.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: dco-freebsd: dynamically re-allocate buffer if it's too small

Acked-by: Gert Doering Stare-at-code looks good :-) - there's one possible catch should realloc() return NULL - in that case we'd pass drv.ifd_data = NULL to the kernel - but I'm reasonably sure the kernel will then not crash but return EINVAL. I do not have a sufficient number of clients

[Openvpn-devel] [PATCH applied] Re: documentation: Fixes for previous fixes to --push-peer-info

to --push-peer-info Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240206174745.74828-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28184.html Signed-off-by: Gert Doering -- kind regards,

Re: [Openvpn-devel] [PATCH] dco-freebsd: dynamically re-allocate buffer if it's too small

if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc

Re: [Openvpn-devel] [PATCH applied] Re: documentation: Update and fix documentation for --push-peer-info

Hi, On Tue, Feb 06, 2024 at 04:33:44PM +0100, Gert Doering wrote: > Your patch has been applied to the master branch. > > commit b66d545ce25689588c4dbd1fb525204c78871ed0 (master) > commit 18fb30f7ad292f166805138c0ec3c2c920090364 (release/2.6) > Author: Frank Lichtenheld > Date:

[Openvpn-devel] [PATCH applied] Re: documentation: Update and fix documentation for --push-peer-info

-peer-info Signed-off-by: Frank Lichtenheld Acked-by: Arne Schwabe Message-Id: <20240206141057.46249-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28178.html Signed-off-by: Gert Doering -- kind regards, Gert D

Re: [Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

Hi, On Fri, Feb 02, 2024 at 12:27:19PM +0100, Frank Lichtenheld wrote: > On Thu, Feb 01, 2024 at 08:28:21PM +0100, Gert Doering wrote: > > Makes sense (I did read the GH issue). > > > > Your patch has been applied to the master branch. > > I think it would make sen

[Openvpn-devel] [PATCH applied] Re: README.cmake.md: Document minimum required CMake version for --preset

-by: Frank Lichtenheld Acked-by: Gert Doering Message-Id: <20240201123039.174176-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28160.html Signed-off-by: Gert Doering -- kind regards, Gert D

[Openvpn-devel] [PATCH applied] Re: Allow unit tests to fall back to hard coded location

Lichtenheld Message-Id: <20240201144817.14-1-fr...@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28161.html Signed-off-by: Gert Doering -- kind regards, Gert Doering ___ Openvpn

  1   2   3   4   5   6   7   8   9   10   >