[Openvpn-devel] [PATCH 1/1] replace deprecated LZ4 function

From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead So replace the function. Signed-off-by: Christian Hesse ---

Re: [Openvpn-devel] [PATCH 1/1] replace deprecated LZ4 function

On Thu, 2016-12-15 at 14:26 +0100, Christian Hesse wrote: > -    zlen = LZ4_compress_limitedOutput((const char *)BPTR(buf), (char > *)BPTR(work), BLEN(buf), zlen_max ); > +    zlen = LZ4_compress_default((const char *)BPTR(buf), (char > *)BPTR(work), BLEN(buf), zlen_max ); You might

Re: [Openvpn-devel] ngx_stream_ssl_preread_module does not seem to extract the server_name when connecting with openconnect

Hello Roman, > You can try logging $ssl_preread_server_name in access_log. thank you. It seems that nginx is not able to extract the server_name from openconnect correctly: 2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] "" When I connect with a browser:

Re: [Openvpn-devel] Coding style clean-up ... phase 1

On Thu, Dec 15, 2016 at 8:00 AM, David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > > The only issue I noticed is that some functions, for loops and switch > > statements have their opening braces on the same line > > ssl.c line 272, tun.c line 697 and many such in the several files.

[Openvpn-devel] [PATCH] Don't reopen tun if cipher changes

When the pulled options change, OpenVPN will attempt to reopen the tun device. That might fail if the process has already dropper privileges, and is not needed unless the tun MTU is changed. This patch therefore ignores the cipher value for the digest if a fixed tun-mtu is used. Additionally,

[Openvpn-devel] [PATCH 1/2] lz4: Rebase compat-lz4 against upstream v1.7.4.2

Rebase process is based on description in commit 46e4b6639a950c56. The lz4 v1.7.4.2 is based on commit 018ddf799917ee5c68b5 in git://github.com/lz4/lz4 Signed-off-by: David Sommerseth --- src/compat/compat-lz4.c | 820 ++--

[Openvpn-devel] [PATCH 0/2] LZ4 updates

This patch set is rebasing the LZ4 compat library to the latest upstream LZ4 release (v1.7.4.2). This library is only used if ./configure cannot find a system LZ4 library. In addition, I've included Christian Hesse's patch he already sent to the mailing list as we should review those two

[Openvpn-devel] [PATCH 2/2] replace deprecated LZ4 function

From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead The new function LZ4_compress_default() appeared in r129 (1.7.0), so replace the

Re: [Openvpn-devel] [PATCH] Don't reopen tun if cipher changes

On 15/12/16 19:52, Steffan Karger wrote: > When the pulled options change, OpenVPN will attempt to reopen the tun > device. That might fail if the process has already dropper privileges, > and is not needed unless the tun MTU is changed. This patch therefore > ignores the cipher value for the

Re: [Openvpn-devel] [PATCH v2] auth-gen-token: Hardening memory cleanup on auth-token failuers

[lets try unencrypted this time.] On 15/12/16 22:52, Steffan Karger wrote: > Hi, > > On 15 December 2016 at 13:22, David Sommerseth wrote: >> Further improve the memory management when a clients --auth-token >> fails the server side token authentication enabled via

[Openvpn-devel] [PATCH v3] auth-gen-token: Hardening memory cleanup on auth-token failuers

Further improve the memory management when a clients --auth-token fails the server side token authentication enabled via --auth-gen-token. v2 - Add ASSERT() if base64 encoding of token fails v3 - Use proper boolean logic in ASSERT() Signed-off-by: David Sommerseth ---

[Openvpn-devel] man page --proto needs info on udp6/tcp6 in OpenVPN 2.4

see Subject. There's a related Trac-ker item against 2.3: -- Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org!

[Openvpn-devel] CFT: OpenVPN 2.4 port update for FreeBSD

Greetings, I've put up an OpenVPN 2.4-rc1 port for FreeBSD up for testing. Get it from https://people.freebsd.org/~mandree/openvpn-2.4.r1-v1.tar.xz Or review the diff at https://reviews.freebsd.org/D8813 Cheers, Matthias signature.asc Description: OpenPGP digital signature

Re: [Openvpn-devel] [PATCH] Don't reopen tun if cipher changes

Hi, On 15 December 2016 at 20:49, David Sommerseth wrote: > On 15/12/16 19:52, Steffan Karger wrote: >> -if (strstr(line, "peer-id ") != line) >> +if (strcmp(line, "peer-id ") == 0) > > Are you sure about this strcmp()? I'd expect line to

Re: [Openvpn-devel] [PATCH 0/2] LZ4 updates

On Thu, 2016-12-15 at 21:20 +0100, David Sommerseth wrote: > > There is also another potential issue with the current approach, if we link > against r129 or older ... the code will be using > LZ4_compress_limitedOutput().  If the system library is upgraded to a newer > upstream version which

[Openvpn-devel] [PATCH v2] Don't reopen tun if cipher changes

When the pulled options change, OpenVPN will attempt to reopen the tun device. That might fail if the process has already dropper privileges, and is not needed unless the tun MTU is changed. This patch therefore ignores the cipher value for the digest if a fixed tun-mtu is used. Additionally,

Re: [Openvpn-devel] [PATCH v2] auth-gen-token: Hardening memory cleanup on auth-token failuers

Hi, On 15 December 2016 at 13:22, David Sommerseth wrote: > Further improve the memory management when a clients --auth-token > fails the server side token authentication enabled via --auth-gen-token. > > v2 - Add ASSERT() if base64 encoding of token fails This will need

[Openvpn-devel] [PATCH 1/1] replace deprecated LZ4 function

From: Christian Hesse The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler gives warning: warning: ‘LZ4_compress_limitedOutput’ is deprecated: use LZ4_compress_default() instead The new function LZ4_compress_default() appeared in r129 (1.7.0), so replace the

Re: [Openvpn-devel] [PATCH] auth-gen-token: Hardening memory cleanup on auth-token failuers

On 15/12/16 11:05, Gert Doering wrote: > Hi, > > On Wed, Dec 14, 2016 at 10:08:25PM +0100, Steffan Karger wrote: >> Looks good, but I think there's one more occurance you should >> incorporate in the patch: >> >> if (openvpn_base64_encode(tok, AUTH_TOKEN_SIZE, >>

Re: [Openvpn-devel] [PATCH] auth-gen-token: Hardening memory cleanup on auth-token failuers

Hi, On Wed, Dec 14, 2016 at 10:08:25PM +0100, Steffan Karger wrote: > Looks good, but I think there's one more occurance you should > incorporate in the patch: > > if (openvpn_base64_encode(tok, AUTH_TOKEN_SIZE, > >auth_token) < AUTH_TOKEN_SIZE) Under which

[Openvpn-devel] [PATCH v2] auth-gen-token: Hardening memory cleanup on auth-token failuers

Further improve the memory management when a clients --auth-token fails the server side token authentication enabled via --auth-gen-token. v2 - Add ASSERT() if base64 encoding of token fails Signed-off-by: David Sommerseth --- src/openvpn/ssl_verify.c | 45

Re: [Openvpn-devel] [MERGE complete] The Great Reformatting - first phase

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reformatting merge complete. commit 1f004b2f06e987d73e48f7fd7b96b0b248274f58 Merge: 2417d55 81d882d Author: David Sommerseth Date: Thu Dec 15 13:45:06 2016 +0100 Merge 'reformatting' branch into master This concludes the first

Re: [Openvpn-devel] Coding style clean-up ... phase 1

On 15/12/16 06:09, Selva Nair wrote: > > On Wed, Dec 14, 2016 at 4:18 PM, David Sommerseth > > wrote: > > On 13/12/16 22:42, David Sommerseth wrote: > > > > Hi all, > > > > So the first phase of

Re: [Openvpn-devel] [PATCH 1/1] replace deprecated LZ4 function

On 15/12/16 15:06, Christian Hesse wrote: > From: Christian Hesse > > The LZ4 function LZ4_compress_limitedOutput() is deprecated, compiler > gives warning: > > warning: ‘LZ4_compress_limitedOutput’ is deprecated: use > LZ4_compress_default() instead > > The new function