Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

Am 18.05.23 um 09:09 schrieb Gert Doering: Hi, On Thu, May 18, 2023 at 09:00:26AM +0200, Matthias Andree wrote: That, and constants usually go on the left-hand side of comparison so the compiler flags the accidental if (foo = NULL) even if it does not produce "add a pair of parentheses i

Re: [Openvpn-devel] [PATCH] src/openvpn/dco_freebsd.c: handle malloc failure

Am 17.05.23 um 22:47 schrieb Antonio Quartulli: Hi, On 17/05/2023 22:01, Ilya Shipitsin wrote: malloc was not checked against NULL, I was able to get core dump in case of failure Signed-off-by: Ilya Shipitsin ---   src/openvpn/dco_freebsd.c | 5 +   1 file changed, 5 insertions(+) diff

Re: [Openvpn-devel] [PATCH] buffer: use memcpy in buf_catrunc

Am 28.03.23 um 20:58 schrieb Antonio Quartulli: Hi, On 28/03/2023 20:51, Matthias Andree wrote: Am 28.03.23 um 17:12 schrieb Frank Lichtenheld: Since we use strlen() to determine the length and then check it ourselves, there is really no point in using strncpy. But the compiler might

Re: [Openvpn-devel] [PATCH] buffer: use memcpy in buf_catrunc

Am 28.03.23 um 17:12 schrieb Frank Lichtenheld: Since we use strlen() to determine the length and then check it ourselves, there is really no point in using strncpy. But the compiler might complain that we use the output of strlen() for the length of strncpy which is usually a sign for bugs:

Re: [Openvpn-devel] [PATCH] GHA: remove Ubuntu 18.04 builds

Am 28.03.23 um 12:09 schrieb Frank Lichtenheld: Github will stop supporting them on April, 1st. ACK nowledged. OpenPGP_signature Description: OpenPGP digital signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 28.03.23 um 10:47 schrieb Frank Lichtenheld: On Mon, Mar 27, 2023 at 09:45:53PM +0200, Matthias Andree wrote: Am 27.03.23 um 16:45 schrieb Selva Nair: Hi, On Mon, Mar 27, 2023 at 9:59 AM Matthias Andree wrote: Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: > From: Se

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 27.03.23 um 16:45 schrieb Selva Nair: Hi, On Mon, Mar 27, 2023 at 9:59 AM Matthias Andree wrote: Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: > From: Selva Nair > > - Do not use non-literal initializers for static objects > - Replace empty initiali

Re: [Openvpn-devel] [PATCH] Make cert_data.h and test_cryptoapi/pkcs11.c MSVC compliant

Am 27.03.23 um 13:49 schrieb selva.n...@gmail.com: From: Selva Nair - Do not use non-literal initializers for static objects - Replace empty initializer {} by {0} Should we go to a revision, I would suggest to not make something compliant to a compiler because that is assigning it way too

Re: [Openvpn-devel] [PATCH] unit_tests: make cert_data.h compile with MSVC

Am 24.03.23 um 22:12 schrieb Selva Nair: Hi, On Fri, Mar 24, 2023 at 4:18 PM Matthias Andree wrote: Am 23.03.23 um 15:31 schrieb Frank Lichtenheld: > Currently this is not obvious since we never build the > UTs with MSVC, but it doesn't like the initializers with &g

Re: [Openvpn-devel] [PATCH] unit_tests: make cert_data.h compile with MSVC

Am 23.03.23 um 15:31 schrieb Frank Lichtenheld: Currently this is not obvious since we never build the UTs with MSVC, but it doesn't like the initializers with "const" variables. They cause error C2099: initializer is not a constant What MSVC version are you using? What options? I've tried

Re: [Openvpn-devel] OpenVPN 2.5.9 released

Am 16.02.23 um 18:52 schrieb Gert Doering: Hi, On Thu, Feb 16, 2023 at 08:48:26AM -0500, Jonathan K. Bullard wrote: On Thu, Feb 16, 2023 at 7:51 AM Frank Lichtenheld wrote: The OpenVPN community project team is proud to release OpenVPN 2.5.9. This is a small bugfix release. Was this sent a

Re: [Openvpn-devel] [PATCH applied] Re: make dist: Ship ovpn_dco_freebsd.h, too

Am 28.01.23 um 19:55 schrieb Gert Doering: Acked-by: Gert Doering To see the actual failure, one needs to build a tarball ("make dist"), and from that tarball, compile with "configure --enable-dco", on FreeBSD - so a pure "make distcheck" did not see it. Apologies for that oversight. Your

[Openvpn-devel] [PATCH] make dist: Ship ovpn_dco_freebsd.h, too

This file was missing from src/openvpn/Makefile.am. --- src/openvpn/Makefile.am | 1 + 1 file changed, 1 insertion(+) diff --git a/src/openvpn/Makefile.am b/src/openvpn/Makefile.am index 3ed73fa4..a8e44528 100644 --- a/src/openvpn/Makefile.am +++ b/src/openvpn/Makefile.am @@ -78,6 +78,7 @@

Re: [Openvpn-devel] OpenVPN 2.6.0 released

Am 25.01.23 um 20:50 schrieb Frank Lichtenheld: The OpenVPN community project team is proud to release OpenVPN 2.6.0. This is the new stable version of OpenVPN with some major new features. Hi Frank, OpenVPN 2.5.x releases also showed up in .tar.xz format - are there plans to provide these

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 15.01.23 um 12:44 schrieb Gert Doering: Hi, On Sat, Jan 14, 2023 at 05:28:09PM -0500, James Bottomley wrote: What do you mean "a source"? every apache licensed library that's statically linked with a GPLv2 program would be an example of this ... in the early days there was no dynamic

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 18:29 schrieb Arne Schwabe: Hey, This is the first round and will be only to the openvpn-devel list. After that I will also write to individuals email addresses but I want to start with sending this to the devel list. We are writing to you since you are or were a contributor in

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 19:44 schrieb Arne Schwabe: Am 14.01.2023 um 19:35 schrieb Matthias Andree: Am 14.01.23 um 18:29 schrieb Arne Schwabe: We also considered going for a change from GPL2 to GPL2+ but we think that GPL3 would hurt the ability to distribute OpenVPN as part of router or other

Re: [Openvpn-devel] Amend OpenVPN license to allow continued mbed TLS support (allow mbed TLS 3.x linking)

Am 14.01.23 um 18:29 schrieb Arne Schwabe: We also considered going for a change from GPL2 to GPL2+ but we think that GPL3 would hurt the ability to distribute OpenVPN as part of router or other embedded devices as the GPL3 has been explicitly developed (at least in part) to make this use case

[Openvpn-devel] Licensing questions

ermissions (= restriction exceptions) granted to OpenVPN that I have missed and am unaware of? Any other license incompatibilities that the public should be aware of? TIA Matthias Andree ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge

Re: [Openvpn-devel] [PATCH] Completely remove DES checks

Am 07.11.21 um 13:13 schrieb Arne Schwabe: Am 07.11.21 um 12:57 schrieb Matthias Andree: Am 07.11.21 um 10:01 schrieb Arne Schwabe: We already removed the check in d67658fee for OpenSSL 3.0. This removes the checks entirely for all crypto libraries. Signed-off-by: Arne Schwabe ---   src

Re: [Openvpn-devel] [PATCH] Completely remove DES checks

Am 07.11.21 um 10:01 schrieb Arne Schwabe: We already removed the check in d67658fee for OpenSSL 3.0. This removes the checks entirely for all crypto libraries. Signed-off-by: Arne Schwabe --- src/openvpn/crypto.c | 15 src/openvpn/crypto_backend.h | 28 ---

Re: [Openvpn-devel] [PATCH v2] Remove support for PF (Packet Filter)

Am 27.08.21 um 21:00 schrieb Antonio Quartulli: > OpenVPN shipped a small packet filtering tool called PF. It has never > been straightforward as it required a plugin to work. On top of that, > keeping PF support, makes the code more complicated and increases the > maintenance cost of OpenVPN. > >

[Openvpn-devel] [PATCH] Fix SIGSEGV (NULL deref) receiving push "echo"

g/bugzilla/show_bug.cgi?id=256331 Fixes: Trac #1409 Reported-by: p...@nethead.se (to FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8d417206..a54bc562 100644 --- a/s

Re: [Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

Am 25.03.21 um 20:57 schrieb Antonio Quartulli: > Hi, > > On 25/03/2021 20:29, Matthias Andree wrote: >> I find the reasons you present to withdraw the symmetric non-TLS mode >> too weak to justify its deprecation or removal. Yes, TLS-based >> configurations may be m

Re: [Openvpn-devel] [PATCH 1/2] Deprecate non TLS mode in OpenVPN

Am 25.03.21 um 01:01 schrieb Arne Schwabe: > The non-TLS mode is a relict from OpenVPN 1.x or 2.0. When tls mode was > introduce the advantages of TLS over non-tls were small but tls mode > evolved to include a lot more features. (NCP, multipeer, AEAD ciphers to name > a few). > > Today VPN that

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Am 17.07.20 um 22:15 schrieb David Sommerseth: > On 17/07/2020 19:19, Matthias Andree wrote: >> Else one location overwrites options from the other. >> >> Signed-off-by: Matthias Andree >> --- >> Makefile.am | 3 --- >> configure.ac | 4 +++- >>

Re: [Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > doc/Makefile.am | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/doc/Makefile.am b/doc/Makefile.am > index add92198..80cb2cb8 100644 > --- a/doc/Makefile.am

Re: [Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

Am 17.07.20 um 17:05 schrieb Matthias Andree: > Signed-off-by: Matthias Andree > --- > Makefile.am | 1 - > configure.ac | 2 +- > 2 files changed, 1 insertion(+), 2 deletions(-) > > diff --git a/Makefile.am b/Makefile.am > index 439120e4..e4125447 100644 > --- a/Make

Re: [Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Am 17.07.20 um 19:09 schrieb Matthias Andree: > +LT_INIT() > + This guy escaped, so NAK on the first version of the patch. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

Am 17.07.20 um 19:09 schrieb Matthias Andree: > @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info > *rgi6, > msg(M_WARN, "GDG6: socket #1 failed"); > goto done; > } > +errno = 0; > if (write

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..24563ed6

[Openvpn-devel] [PATCH] Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.

Else one location overwrites options from the other. Signed-off-by: Matthias Andree --- Makefile.am | 3 --- configure.ac | 6 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..d1c10fc5 100644 --- a/Makefile.am +++ b/Makefile.am

[Openvpn-devel] [PATCH] Fix stack buffer overruns in NEXTADDR() macro:

copy first, then round up the length when adding padding to the advance. Found by: GCC 9.3.0 (FreeBSD) Signed-off-by: Matthias Andree --- src/openvpn/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index b57da5dd..7f760e9d

[Openvpn-devel] [PATCH 1/2] Automake options: add subdir-objects, and clean up

Signed-off-by: Matthias Andree --- Makefile.am | 1 - configure.ac | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 439120e4..e4125447 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,7 +25,6 @@ # This option prevents autoreconf from

[Openvpn-devel] [PATCH 2/2] Permit make dist* targets without py*-docutils

Signed-off-by: Matthias Andree --- doc/Makefile.am | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index add92198..80cb2cb8 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -59,8 +59,9 @@ else endif if HAVE_PYDOCUTILS

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

Ping again - please review. Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveals one sed expression that uses the GNU-extension "\s". > Given that

Re: [Openvpn-devel] [PATCH applied] Re: Fix regression, reinstate LibreSSL support.

Am 18.09.19 um 14:01 schrieb Gert Doering: > Your patch has been applied to the release/2.4 branch. > > Sorry for the delay. Vacation, and too many distractions. > > Lightly tested on an OpenSSL 1.1, a mbedTLS build and an LibreSSL 2.7.2 > on OpenBSD 6.3 - with OpenSSL and mbedTLS, it builds and

Re: [Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

What is the review status of the change Kyle Evans proposed below that I've relayed on Sept 6th? Am 06.09.19 um 19:44 schrieb Matthias Andree: > From: Kyle Evans > > A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in > regex(3)' > reveals one sed expre

Re: [Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

Am 18.08.19 um 14:11 schrieb Arne Schwabe: > Am 18.08.19 um 13:18 schrieb Matthias Andree: >> OpenVPN 2.4.6 could be compiled with LibreSSL, 2.4.7 cannot. This was broken >> since 9de7fe0a "Add support for tls-ciphersuites for TLS 1.3". >> >> Thi

[Openvpn-devel] [PATCH] tests/t__lpback.sh: Switch sed(1) to POSIX-compatible regex.

From: Kyle Evans A test run with FreeBSD PR 229925 'Disallow escaping ordinary characters in regex(3)' reveals one sed expression that uses the GNU-extension "\s". Given that this is the only occurrence and it's a trivial fix, update it to be POSIX-compatible. Signed-off-by: Matth

[Openvpn-devel] PATCH: test portability, avoid GNUism and use POSIX regex

This patch should be applied to the 2.4 and master branches. ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] v2: fix release/2.4 regression of 2.4.7, permit build with LibreSSL

It was deemed that the previous patch was insufficient, so let's take a new stab. Note that this does not mean I endorse using LibreSSL, but at least we should not be breaking existing library support in a point release 2.4.7 (that cannot be compiled against LibreSSL) when 2.4.6 could. Details on

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

er reports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

[Openvpn-devel] [PATCH] Fix regression, reinstate LibreSSL support.

er reports that OPNsense has been a long-time user of LibreSSL without reported breakage, see also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238382#c10 Signed-off-by: Matthias Andree --- src/openvpn/ssl_openssl.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/s

Re: [Openvpn-devel] RFC: release/2.4 (OpenVPN 2.4.7) patch for building with LibreSSL

Am 07.06.19 um 20:26 schrieb Matthias Andree: > Greetings, > > FreeBSD has received a patch contribution to enable OpenVPN 2.4.x to be > built with LibreSSL. I'm seeking comments, and yes I am aware of > master's a47508606be2c6359d4b27c3b65b72dfe4786222 commit description > th

Re: [Openvpn-devel] [PATCHv2] openssl: Fix compilation without deprecated OpenSSL 1.1 APIs

Am 14.06.19 um 12:38 schrieb Arne Schwabe: > >> -#ifndef ENABLE_SMALL >> +# ifndef ENABLE_SMALL > The space between # and ifndef looks wrong. It's standard C. (Chapter 3.8 in the 1989/1990 standard, chapter 6.10 in recent editions, I checked 1999 and 2017/2018, although worded in a quite

Re: [Openvpn-devel] [PATCH] Add support for tls-ciphersuites for TLS 1.3

Hi Arne, I haven't looked at the code, only at strings for now, and I'd like to pick a few nits. Am 26.09.18 um 15:44 schrieb Arne Schwabe: > OpenSSL 1.1.1 introduces a seperate list for TLS 1.3 ciphers. As these > interfaces are meant to be user facing or not exposed at all and we > expose the

Re: [Openvpn-devel] [PATCH v2] ssl_verify: define label only when required

Am 15.08.2018 um 08:12 schrieb Antonio Quartulli: > The "cleanup" label in ssl_verify.c:verify_user_pass_plugin() is used > only when PLUGIN_DEF_AUTH is defined, therefore make the label > definition dependent on the same define. > > Fixes the following warning when PLUGIN_DEF_AUTH is not defined:

[Openvpn-devel] FreeBSD -CURRENT (unreleased) issues with TAP known?

it's too early for me to dig deeply, given that the OS (FreeBSD-current) is currently still a moving target. Best regards, -- Matthias Andree -- Check out the vibrant tech community on one of the world's most engaging

Re: [Openvpn-devel] [patch] Fix time_t printing - NAK

Am 05.10.2017 um 01:47 schrieb Jeremie Courreges-Anglas: > When building openvpn-2.4.4 on OpenBSD, I noticed the following warning: > > --8<-- > cc -DHAVE_CONFIG_H -I. > -I/usr/ports/pobj/openvpn-2.4.4/openvpn-2.4.4/src/openvpn -I../.. > -I../../include

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 18:53 schrieb Илья Шипицин: > > > 2017-06-21 21:48 GMT+05:00 Matthias Andree <matthias.and...@gmx.de > <mailto:matthias.and...@gmx.de>>: > > Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > > On 21/06/2017 17:06, Simon Matter wrote: &g

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 18:02 schrieb Gert Doering: > Hi, > > On Wed, Jun 21, 2017 at 05:58:18PM +0200, David Sommerseth wrote: >> Hmmm ... not a bad idea. But do we really need tar.gz at all these >> days? Why not just make autotools generate tar.xz by default and be >> done with it? > "distcheck"

Re: [Openvpn-devel] OpenVPN 2.4.3 released (with security fixes)

Am 21.06.2017 um 16:33 schrieb Samuli Seppänen: > On 21/06/2017 17:06, Simon Matter wrote: >>> On Wed, Jun 21, 2017 at 6:47 AM, Samuli Seppänen >>> wrote: The OpenVPN community project team is proud to release OpenVPN 2.4.3. It can be downloaded from here:

Re: [Openvpn-devel] Please check the 2.3.15 downloads

Am 19.05.2017 um 10:47 schrieb Gert Doering: > > Apologies for the 2.3.15 mishap (and thanks to Mathias Andree for raising > this issue yesterday already). I just spread the word, originator of the information was Renato Botelho aka. garga@ in the FreeBSD project.

Re: [Openvpn-devel] security/openvpn23 tarball size mismatch

Am 16.05.2017 um 14:00 schrieb Renato Botelho: > On 16/05/17 08:54, Renato Botelho wrote: >> Hello Mathias, >> >> I was trying to get openvpn23 installed from quarterly branch and got >> the following error: >> >> root@buildbot1:/usr/local/poudriere/ports/pfSense_v2_3/security/openvpn23 >> # make

Re: [Openvpn-devel] [PATCH] Require minimum OpenSSL 1.0.1

Am 11.04.2017 um 23:56 schrieb David Sommerseth: > On 11/04/17 23:20, Steffan Karger wrote: >> For release/2.4: I wonder whether we need to keep 0.9.8 support, as >> SLES11 still ships with 0.9.8h, and has general support until 31 Mar 2019. > While it is James who insisted on RHEL being the oldest

Re: [Openvpn-devel] Reviewer(s) for French translation fixes in OpenVPN GUI?

Am 13.03.2017 um 18:26 schrieb Samuli Seppänen: > Hi, > > Is anyone interested in reviewing some French-language fixes to OpenVPN GUI? > > > > If we don't get any review, we'll have to merge the PR with a lazy-ACK. > > Any help would be

Re: [Openvpn-devel] build against openssl 1.1.0

Am 17.02.2017 um 17:35 schrieb Emmanuel Deloget: > I understand that I'm the new guy in town, but can you allow me to > make the formal request to ditch OpenSSL 0.9.8, 1.0.0 and 1.0.1 and > require at least version 1.0.2? 1.0.1 has also gone out of support, and I propose to let the distros sort

Re: [Openvpn-devel] build against openssl 1.1.0

Am 13.02.2017 um 20:50 schrieb Christian Hesse: > And a lot more has to be done... There's a long list of packages to be > fixed. Sadly openssl developers do not care about ABI and API stability > or compatibility. :( Much frustration can be muttered and uttered about OpenSSL and more so of its

Re: [Openvpn-devel] OpenVPN 2.4.0 released

On 27.12.2016 15:16, Samuli Seppänen wrote: > The OpenVPN community project team is proud to release OpenVPN 2.4.0. It > can be downloaded from here: > > > > Compared to OpenVPN 2.3 this is a major update with a large number of > new

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

Am 22.12.2016 um 11:24 schrieb Gert Doering: > Hi, > > On Thu, Dec 22, 2016 at 09:58:07AM +0100, Matthias Andree wrote: >> I have an updated version with TUNNELBLICK patch re-enabled up for >> testing at >> <https://people.freebsd.org/~mandree/openvpn-2.4-rc

Re: [Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD, now with TUNNELBLICK

Am 16.12.2016 um 21:21 schrieb Matthias Andree: > Greetings, > > I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. > > Get it from <https://people.freebsd.org/~mandree/openvpn-2.4_rc2-v1.tar.xz>. > > This time, it also contains the openvpn23 a

Re: [Openvpn-devel] Google Summer of Code

Am 19.12.2016 um 11:01 schrieb Илья Шипицин: > > it seems, it depends on network-manager version. > on fedora 23 I cannot import files, but on ubuntu I can. Fedora 23 goes out of support these days (it's now more than 4 weeks after Fedora 25 release), so it's time to upgrade...

[Openvpn-devel] CFT: OpenVPN 2.4 port update (upstream rc2) for FreeBSD

Greetings, I've put up a new OpenVPN 2.4-rc2 port for FreeBSD for testing. Get it from . This time, it also contains the openvpn23 and openvpn23-polarssl ports (as modified copies of what we have now) that I plan to keep for the

[Openvpn-devel] man page --proto needs info on udp6/tcp6 in OpenVPN 2.4

see Subject. There's a related Trac-ker item against 2.3: -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

[Openvpn-devel] CFT: OpenVPN 2.4 port update for FreeBSD

Greetings, I've put up an OpenVPN 2.4-rc1 port for FreeBSD up for testing. Get it from https://people.freebsd.org/~mandree/openvpn-2.4.r1-v1.tar.xz Or review the diff at https://reviews.freebsd.org/D8813 Cheers, Matthias signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] FreeBSD port versions

Am 06.12.2016 um 22:02 schrieb Gert Doering: > Hi, > > On Sat, Nov 12, 2016 at 05:43:56AM +0100, Matthias Andree wrote: >> Am 11.11.2016 um 23:10 schrieb Gert Doering: >>> I might be tempted to do a quick 2.3.14 release in between - there's two >>> important

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

Am 11.11.2016 um 23:10 schrieb Gert Doering: > I might be tempted to do a quick 2.3.14 release in between - there's two > important platform fixes in that branch now (FreeBSD and OpenBSD topology > subnet :-) ) and Lev's recursive routing patch. Add to that the windows > block-outside-dns patch

Re: [Openvpn-devel] [PATCH applied] Re: Repair topology subnet on FreeBSD 11

Am 09.11.2016 um 21:14 schrieb Gert Doering: > Thanks for testing & review :-) > > Patch has been applied to the master and release/2.3 branch. > > commit a433b3813d8c38b491d2baa7b433973f2d6cd7c6 (master) > commit 446ef5bda4cdc75d4cb955e274846faff0181fd3 (release/2.3) > Author: Gert Doering >

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 15.10.2016 um 12:11 schrieb David Sommerseth: > b) Have the package exclude each other to block both being installed >at the same time. That's the path normally chosen and that I'd recommend for DEB/APT-based packages because solvers can usually figure that part out. I think the RPM world

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 14.10.2016 um 21:51 schrieb Steffan Karger: > > On 14 Oct 2016 9:14 p.m., "Matthias Andree" <matthias.and...@gmx.de > <mailto:matthias.and...@gmx.de>> wrote: > > > > Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > > > > Would 2.

Re: [Openvpn-devel] Separate apt repositories for 2.4-alpha/beta/rc releases?

Am 14.10.2016 um 17:28 schrieb Samuli Seppänen: > Hi, > > Should we have a separate apt repository for "unstable" apt packages? > Right now our apt repositories hold 2.3.x packages, meaning that > upgrades have historically been fairly minor. > > That said, users who use _our_ apt repositories

Re: [Openvpn-devel] [PATCH] Enable -D_SVR4_2 for compilation on Solaris

Am 10.10.2016 um 09:39 schrieb Gert Doering: > + CPPFLAGS="$CPPFLAGS -D_XPG4_2" NAK. Description mismatches content. Please revert and reapply with proper description. -- Check out the vibrant tech community

Re: [Openvpn-devel] OpenVPN 2.3.12 released

Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] OpenVPN 2.3.12 released

Please - instead of my patch, use Steffan Karger's, subject "[PATCH] Fix unittests for out-of-source builds" of 2016-08-15. Thanks. -- ___ Openvpn-devel mailing list

Re: [Openvpn-devel] Valgring findings

Am 07.06.2016 um 15:47 schrieb Илья Шипицин: > Hello, > > I played with valgrind a bit > > https://travis-ci.org/chipitsine/openvpn/jobs/135869065 > > Looks like there are leaks in openssl code, should we suppress it? Not that I've found the "leaks" you're reporting; however: I seem to recall

Re: [Openvpn-devel] OpenVPN 2.3.11 released

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] [PATCH applied] Re: Fix polarssl / mbedtls builds

Am 13.05.2016 um 09:32 schrieb Gert Doering: > ACK. Tested on FreeBSD 9.3, all 3 tests in "make check", works. > > It is in line with the much better tested code in master, and with the > man page: > > "The default for --tls-cipher is to use PolarSSL's default cipher > list when using

Re: [Openvpn-devel] [PATCH v2 (2.3)] Restrict default TLS cipher list

Am 17.04.2016 um 20:23 schrieb Steffan Karger: > In the past years, the internet has been moving forward wrt deprecating > older and less secure ciphers. Let's follow this example in OpenVPN and > also restrict the default list of negotiable TLS ciphers in 2.3.x. > > This disables the following:

Re: [Openvpn-devel] SIGSEGV (NULL ptr deref) in PolarSSL-based build if noTLS ciphers specified (was: OpenVPN 2.3.11 released)

Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: > The OpenVPN community project team is proud to release OpenVPN 2.3.11. > It can be downloaded from here: > > > > This release fixes two vulnerabilities: a port-share bug with DoS >

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

Am 29.04.2015 um 14:07 schrieb David Woodhouse: > On Tue, 2015-03-31 at 09:19 +0200, Matthias Andree wrote: >> I am concerned this will cause misformattings and inability to search >> for options with leading dashes on some systems - I don't recall >> versions, but I do know t

Re: [Openvpn-devel] [PATCH] m4: enable silent build

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 27.04.2015 um 16:48 schrieb David Sommerseth: > Having this said, if you do builds on systems with a more modern > automake, I do want to encourage people to run 'make V=0' or use > ./configure --enable-silent-rules. This will ensure we can

Re: [Openvpn-devel] [PATCH] m4: enable silent build

Am 14.04.2015 um 20:34 schrieb Yegor Yefremov: > Signed-off-by: Yegor Yefremov > --- > configure.ac | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/configure.ac b/configure.ac > index 9132468..ca0d9c3 100644 > --- a/configure.ac > +++ b/configure.ac > @@

Re: [Openvpn-devel] [PATCH] Remove useless dash escapes from the man-page

Am 31.03.2015 um 08:44 schrieb sam...@openvpn.net: > From: Samuli Seppänen > > This patch is against the release/2.3 branch > > Trac: 512 > Signed-off-by: Samuli Seppänen > --- > doc/openvpn.8 | 1800 >

Re: [Openvpn-devel] [PATCH] Re-enable TLS version negotiation by default

Am 10.03.2015 um 20:26 schrieb Steffan Karger: > Re-enable TLS version negotiation by default, so that users > benefit from the stronger and better crypto of TLSv1.1 and > TLSv1.2, without having to add 'tls-version-min' to their > config files. > > We tried this before in 2.3.3, but got various

[Openvpn-devel] [PATCH] Manual page update for Re-enabled TLS version negotiation.

Signed-off-by: Matthias Andree <matthias.and...@gmx.de> --- doc/openvpn.8 | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index a95d353..1420bdd 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -4286,16 +4286,19 @@ includ

Re: [Openvpn-devel] Topics for next week's (Monday, 30th Mar 2015) community meeting

Am 23.03.2015 um 20:21 schrieb Samuli Seppänen: > Hi, > > We're going to have an IRC meeting _next_ Monday, 30th March, starting > at 20:00 CET (19:00 UTC) on #openvpn-de...@irc.freenode.net. Current > topic list along with basic information is here: > >

Re: [Openvpn-devel] AES-NI trouble, and patch - please review/comment

Am 18.11.2014 um 23:46 schrieb Matthias Andree: > Greetings, > > I received a bug report against the FreeBSD OpenVPN port, but before > applying a patch (by Ermal Luçi) I do not currently oversee, I would > like your input. > > https://redmine.pf

Re: [Openvpn-devel] [PATCH] configure.ac: fix default behavior

Am 22.11.2014 um 10:43 schrieb Steffan Karger: > Hi Yegor, > > On 21-11-14 20:43, Yegor Yefremov wrote: >> This patch is a result of our IRC discussion with Arne. Alternative >> approach were to always build with password-save functionality without >> configure option at all. > > Thanks for the

[Openvpn-devel] AES-NI trouble, and patch - please review/comment

Greetings, I received a bug report against the FreeBSD OpenVPN port, but before applying a patch (by Ermal Luçi) I do not currently oversee, I would like your input. https://redmine.pfsense.org/issues/3966 original https://community.openvpn.net/openvpn/ticket/480 copy

Re: [Openvpn-devel] Openvpn 2.3.2: "Could not create temporary file" ....Too many open files

Am 23.07.2014 08:19, schrieb arno.oderm...@ch.schindler.com: > Dear both, > > thank you for your reply. > Yes, we are using the "--client-connect" and according to 2.3 OpenVPN > manual (see section below) it does create files by writing to "file > named by $1." > > Gert, we are sure, there was

Re: [Openvpn-devel] [PATCH] Support non-ASCII characters in Windows tmp path

I also found http://moser-isi.ethz.ch/docs/english_verb_inf_ing.pdf after my earlier post.

Re: [Openvpn-devel] [PATCH] t_client.sh: Check for fping/fping6 availability

Am 15.11.2013 18:12, schrieb David Sommerseth: > From: David Sommerseth > > Check if fping and fping6 is available before running the real tests, > to avoid misleading test failures. > > Signed-off-by: David Sommerseth > --- > tests/t_client.sh.in | 12

Re: [Openvpn-devel] RFD - block-ipv6

Am 17.08.2013 12:30, schrieb Gert Doering: > So, what I'm hoping to hear from you... > > - should we include this in 2.3.3? > - if yes, are changes needed? Well, it would take huge warning banners because it might disrupt existing setups (which would be insecure through the "connect around

Re: [Openvpn-devel] Topics for next weeks meeting

Am 10.04.2013 13:47, schrieb Samuli Seppänen: > Hi all, > > After a fairly long pause, the community meetings are starting again. > Next one is on Thursday 18th Apr 2013. The preliminary agenda is here: > > > > Best regards, >

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Am 21.01.2013 14:23, schrieb Gert Doering: > Hi, > > just for the sake of those not following the discussion on IRC... > > On Mon, Jan 21, 2013 at 11:23:17AM +0100, Gert Doering wrote: >> I'm more concernced about maintainability of the OpenVPN code base, and >> having more #ifdef in there is

Re: [Openvpn-devel] [PATCH 3/3] PolarSSL-1.2 support

Is there any important system where requiring PolarSSL >= 1.2.3 is not an option, besides "admin is too lazy or can't convince his manager that he needs to upgrade"? This #ifdef stuff makes the whole story a bit inconcise. It might be suitable for 2.3.X, but not to base 2.4 or newer releases on.

Re: [Openvpn-devel] compiling with visual studio

Am 16.01.2013 11:11, schrieb Gert Doering: > Hi, > > On Tue, Jan 15, 2013 at 09:03:07PM +0200, Athanasios Douitsis wrote: >> Trying to compile 2.3 with visual studio 2010. I am getting the following >> error: >> >> init.c(186): error C2143: syntax error : missing ';' before 'type' >>

[Openvpn-devel] easy-rsa status?

Greetings, I have just added the easy-rsa package to the FreeBSD ports collection, security/easy-rsa, and security/openvpn is now optionally (default: yes) depending on security/easy-rsa so people get this, as they did with 2.2.2. However, I found it hard to collect together the few scattered

  1   2   3   >