Here's the summary of today's IRC meeting.



Place: #openvpn-meeting on irc.freenode.net
Date: Monday 14th November 2016
Time: 20:00 CET (19:00 UTC)

Planned meeting topics for this meeting were here:


The next meeting has not been scheduled yet.

Your local meeting time is easy to check from services such as



cron, dazo, mattock and syzzer participated in this meeting.


Discussed the OpenVPN 2.4_beta1 release:


The original deadline (Wed 16th) is still doable and we will aim for it.

Agreed that deprecating "key-method 1" makes sense for OpenVPN 2.4. Actually removing the method will take place in 2.5.

Several 2.4 patches were discussed, reviewed and ACKed during the meeting.


Mattock ran his Powershell testsuite against Selva's openvpnserv2, which is able to gracefully shutdown OpenVPN instances:


The tests succeeded now, so patched openvpnserv2 will likely make it to OpenVPN 2.4_beta1.


Discussed the OpenVPN 2.3.14 release. Agreed that making the release the upcoming week with a few more patches makes sense.


Full chatlog has been attached to this email.

Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock

(21:01:28) cron2: so.  dazo is late, syzzer is late, mattock was too early and 
fell asleep
(21:01:48) mattock: hi
(21:02:08) mattock: https://community.openvpn.net/openvpn/wiki/Topics-2016-11-14
(21:02:10) vpnHelper: Title: Topics-2016-11-14 – OpenVPN Community (at 
(21:04:37) mattock: so the others are indeed a bit late
(21:05:15) cron2: what I can say so far is that we're either not making the 
beta1 deadline, or tls-crypt won't go in...
(21:06:31) cron2: (beta1 deadline is now, 2/5 is waiting for confirmation from 
plaisthos, 4/5 v2 from dazo)
(21:06:57) mattock: ok, so reasonably far anyways
(21:07:17) cron2: 5/5 is somewhat straightforward if 2/5+4/5 are in - "if it 
passes the cmocka test, it's good"
(21:07:31) cron2: (as it does not touch actual openpvn code)
(21:12:09) ***dazo is here ... let's see how long the calm lasts at home :)
(21:12:20) cron2: cool
(21:12:37) cron2: I'm about to merge argv 1-3 - ok with you?
(21:12:47) cron2: (the patch page says so :-))
(21:13:07) dazo: :) ... Let me have a quick look, I don't recall all patches 
I've looked at lately
(21:13:32) cron2: 1-3 is pure shuffling around + cmocka tests, no actual changes
(21:16:19) cron2: well, 1 is shuffling around, 2 is argv_new(), 3 is system_str
(21:16:24) dazo: agreed, I'd probably also pull in patch 4, tbh .... it's a bit 
more invasive, but it cleans up odd things.  I've tested 1-4 without the 
others, and that did work ... and makes the gap smaller if we get more 
confidence in patch 5-7 to get into final 2.4
(21:16:49) cron2: ok, I'll start with 1-3 now...
(21:17:15) cron2: (I've already done a cursory review of those, 4 next)
(21:17:24) dazo: yeah, probably a good idea to get that to the buildbots, and 
the we can see what happens with 4 ... if it breaks things, I'm fine with a 
(21:18:00) cron2: what's the "git diff" command that shows moves?
(21:18:23) dazo: git blame -w -M -C
(21:18:28) dazo: git blame -w -M -C $file
(21:18:42) dazo: that shows where things came from 
(21:18:48) ***cron2 looks
(21:18:57) cron2: cool
(21:19:34) cron2: well
(21:19:42) dazo: but you can also play with git diff 
--diff-algorithm={patience|minimal|histogram|myers} .... I used that a lot on 
these patches, as it doesn't make the patch as minimal as possible (meyers)
(21:20:32) cron2: it's a bit over-eager... finding bits and pieces in argv.c 
coming from buffer.c... might have been, initially
(21:20:59) cron2: a different "diff" won't help, as it's, well, a diff :)
(21:21:08) syzzer: evening :)
(21:21:38) mattock: evening!
(21:21:46) syzzer: catching up...
(21:21:57) cron2: dazo: could you have a look at 
(21:21:58) cron2: Subject: [Openvpn-devel] [PATCH 4/5 v2] Move private file 
access checks to      
(21:22:02) cron2: (v2)
(21:22:14) ***dazo looks
(21:23:55) syzzer: applying 4/5 before 2/5 will require changes in 2/5 (and 
some conflict resolution), but that's fine, I have to do a 2/5v2 anyway
(21:24:29) cron2: I don't actually want that, but having an ACK on 4/5 would 
avoid further delay if plaisthos resurfaces
(21:25:37) dazo: I can give 4/5v2 an ACK, that looks good now ... but yeah, we 
can't add it before 2/5
(21:25:49) dazo: (well, by removing two lines from the patch we can)
(21:26:05) cron2: if it's that easy...
(21:26:16) syzzer: yes, that :)
(21:26:23) cron2: wait until argv is in, otherwise it gets messy
(21:26:42) dazo: line 2900-2901 in the patched file, if I'm not mistaken
(21:28:57) mattock: I will run Selva's openvpnserv2 + exit-event patch through 
my Powershell scripts 
(21:29:27) cron2: mmmh, why did I not see these?
(21:32:19) L'account è disconnesso e non sei più in questa chat. Sarai 
reinserito in questa chat alla riconnessione dell'account.
(21:32:24) L'argomento di #openvpn-meeting è: Meeting 2016-08-22 1900 UTC: 
Agenda at https://community.openvpn.net/openvpn/wiki/Topics-2016-08-22
(21:32:24) L'argomento per #openvpn-meeting è stato impostato da 
valdikss!~valdikss@2a02:7aa0:1619::2c32:9c23 a 21:38:35 su 22/08/2016
(21:33:34) cron2: All 3 tests passed
(21:33:46) cron2: argv[1]...argv[3], t_client on linux
(21:34:04) ***dazo need to head back to a childrens bedroom :/ .... brb
(21:34:18) cron2: dazo: patience be with you :)
(21:35:18) syzzer: cron2: I see that 1/7 from heiko got applied, should I send 
my fixups as an official patch now?
(21:36:29) cron2: syzzer: gah.  I read those, but forgot.  Please do
(21:36:45) cron2: 1-3 being buildbotted now...
(21:37:18) cron2: syzzer: shall I just use the patch in your mail?
(21:37:29) syzzer: Yeah, that's fine
(21:37:40) syzzer: I would otherwise just resend it with slightly more text and 
a signed-off-by
(21:37:47) cron2: how you prefer
(21:37:53) cron2: yeah
(21:37:57) cron2: sounds better
(21:38:33) syzzer: ah, damn, more work for me :p  No, it's better so I'll 
resend it
(21:40:02) ***dazo is back
(21:40:57) cron2: mattock: ubuntu1204 is still unhappy with the directory name
(21:41:45) mattock: cron2: ok
(21:41:48) mattock: let's see
(21:42:17) mattock: I just launched the powershell test suite for selva-patched 
openvpnserv2, looks good so far
(21:42:32) cron2: cool
(21:43:16) cron2: the argv change set needs a test run with openvpn.exe without 
service (so it can exec netsh.exe / route.exe)
(21:44:08) cron2: fnord... the windows buildslave cannot download 
pkcs11-helper-1.11.tar.bz2, so fails building
(21:46:28) mattock: that is probably just a network glitch
(21:46:33) mattock: I will trigger a build manually
(21:47:59) cron2: wait :)
(21:48:23) mattock: too late
(21:48:29) mattock: I can cancel though
(21:48:36) cron2: nah
(21:48:54) cron2: it's ok so we have two snapshots, one with argv 1-3, one with 
argv 4 + fixup
(21:49:43) cron2: freebsd 7.4 buildbot failure is because I messed with the 
machine while it was running t_client - not the patch's fault
(21:50:06) syzzer: so, can I claim you for the topic I tried to get into last 
meeting too: deprecating --key-method 1
(21:50:27) ***cron2 has no idea about this crypto stuff :)
(21:50:39) cron2: seriously: what is this used for?
(21:50:55) syzzer: msg-id <54fc26bb.2000...@karger.me>
(21:51:25) syzzer: http://thread.gmane.org/gmane.network.openvpn.user/35632
(21:51:26) vpnHelper: Title: Gmane Loom (at thread.gmane.org)
(21:51:28) cron2: am I right, nobody responded?
(21:51:38) mattock: indeed, the pkcs11-helper thing is not just a glitch
(21:51:39) cron2: oh
(21:51:40) mattock: another failure
(21:52:28) cron2: syzzer: from the discussion (that I had already forgotten) it 
looks like "nobody seriously objected"
(21:52:52) mattock: hmm, or maybe it what just a persistent glitch... running 
the wget command manually works
(21:52:55) syzzer: good, I'll send a deprecation patch for 2.4, and removal as 
soon as 2.4 branched out
(21:53:10) syzzer: (for the then-master branch)
(21:53:19) cron2: makes sense
(21:53:44) syzzer: since its a bit short before release to remove more features 
I think
(21:54:28) cron2: dazo, mattock?
(21:54:31) dazo: syzzer: I'd be willing to accept that, but it's nice to make 
it clear in the log files "this will go away"
(21:55:44) dazo: in a 2.4 release, before taking it out in 2.5
(21:55:44) mattock: reaading the email thread on key-method
(21:57:13) mattock: so if there is no warning about key-method going away, I 
would say we first print a warning in logs, then in 2.5 remove it
(21:57:17) dazo: on a related note ... we have --compat-names and --tls-remote 
on the list of options to remove too .... they've been listed as deprecated in 
the log files since 2.3 ... man page promises 2.4 or 2.5
(21:57:51) dazo: mattock: you're way too nice ... removing reasons for flame 
fests on the -users ML! ;-)
(21:59:08) syzzer: ah, damn, this needs a Changes.rst entry :/
(21:59:15) syzzer: wait for it...
(21:59:18) dazo: lol :)
(21:59:19) cron2: haha :)
(21:59:32) cron2: dazo: feel free to apply 4/5 v2 "with two lines removed" in 
the meantime :)
(21:59:39) ***cron2 is done for the moment with applying and pushing
(22:01:05) mattock: dazo: I am just following the policies we set in like 2010 
(22:02:38) dazo: mattock: oh, I've been ignoring those as James completely 
skipped them with a few other features after we agreed on that :-P
(22:03:04) mattock: well james has james style
(22:03:05) mattock: :P
(22:03:27) dazo: ;-)
(22:05:19) mattock: windows buildslave finally managed to download 
pkcs11-helper, and the build succeeded
(22:05:29) cron2: good
(22:06:08) cron2: syzzer: can you open a trac with milestone 2.5 "remove 
key-method 1 for good"? 
(22:06:19) syzzer: cron2: will do
(22:06:23) mattock: selva seems to have solved the exit event: 
(22:06:24) cron2: (so it won't be forgotten, and then we remember on the day 
2.5_beta1 is due...)
(22:06:25) vpnHelper: Title: GitHub - selvanair/openvpnserv2 at exit-event (at 
(22:06:33) mattock: just passed all the tests
(22:07:13) cron2: syzzer: uh, are you sending a v2 of that patch, with 
(22:07:18) mattock: it still requires some code-review, but I think we can get 
properly operating openvpnserv2.exe to 2.4_beta1
(22:07:32) syzzer: cron2: already on the list
(22:07:46) cron2: sleep(5)
(22:08:04) dazo: signal(SIGALRM,...)
(22:08:12) cron2: Subject: [Openvpn-devel] [PATCH v2] Deprecate key-method 1    
(22:08:15) cron2: \o/
(22:08:29) mattock: that said, we need to fix IPv6 netsh calls, so that even if 
openvpn is killed forcibly netsh does not fail due to existing route
(22:08:30) cron2: dazo: shall I wait for you, or just quickly push this out?
(22:09:05) dazo: cron2: I can take both ... I'm just verifying I don't break 
anything with "picking out those two lines"
(22:09:40) cron2: in that case, it's yours to take :) - the mail-archive URL is
(22:09:41) cron2: 
(22:09:43) vpnHelper: Title: [Openvpn-devel] [PATCH v2] Deprecate key-method 1 
(at www.mail-archive.com)
(22:09:43) dazo: syzzer: is it needed to add --key-method 2, or isn't that the 
default if not provided?
(22:10:06) syzzer: dazo: that's the default if not provided
(22:10:42) dazo: syzzer: maybe rather recommend people _not_ to use the 
--key-method option at all?
(22:10:53) dazo: now it sounds like it is needed, in Changes.rst
(22:11:07) syzzer: dazo: good point, can you fix that on the fly?
(22:11:13) dazo: syzzer: sure can do!
(22:11:18) syzzer: great!
(22:12:49) dazo: I'll send a patch removing --compat-names and --tls-remote as 
well today
(22:13:06) cron2: with Changes.rst :)
(22:13:12) syzzer: haha
(22:13:22) dazo: haha ... yeah, I'll try to remember that!
(22:24:07) mattock: how far are we in our ACK/patchfest?
(22:24:33) cron2: dazo has two more to go, then we wait for syzzer 2/5 v2 and 
plaisthos to ACK that
(22:25:48) cron2: (which implies postponing beta1 by a few days)
(22:28:24) syzzer: beta1 was aimed for Wednesday, right?
(22:28:27) syzzer: still possible...
(22:28:29) cron2: today :)
(22:28:37) cron2: ah, no
(22:28:44) cron2: Nov 16 is what the page says
(22:28:53) cron2: wednesday it is!
(22:29:32) mattock: yes, wednesday
(22:29:51) syzzer: so, this other patch of mine (or actually, my colleagues), 
the CRL refactoring.  what do we need to get that in?
(22:30:08) mattock: if you guys get the patches done by Wed noon (CET) I should 
be able to make the release on Wed
(22:30:20) cron2: I'll see that I can have a look at the CRL patch tomorrow, 
and maybe fiddle a bit with the DHCP option stuff (but that could be "minor 
change between beta1 and beta2")
(22:30:37) cron2: syzzer: dazo wants an extra review as he does not trust 
perfect code
(22:30:46) cron2: so, next time, please add some typo to a comment or such
(22:31:05) syzzer: yeah, I know, but nobody has volunteered.  hence the poking 
(22:31:22) syzzer: but great :)
(22:31:30) cron2: whee, ACK!
(22:31:40) cron2: (can't process that yet, waiting for dazo to merge+push)
(22:32:14) syzzer: I hope to have a better look at dazo's AUTH_FAILED patches 
(22:33:12) syzzer: need to fiddle a bit to see if I can come up with something 
nicer than shoving around a struct context
(22:33:32) cron2: wrt to 2.3.14 - everything I had on my list as "must go in!" 
is in, but I'm not in a hurry to push that out.  So we can just drop this of 
today's agenda (or consider it "covered!")
(22:33:51) syzzer: "covered!"
(22:35:14) mattock: let's release 2.3.14 next week?
(22:35:32) dazo: syzzer: cool, thx!
(22:35:59) mattock: the meeting summary will probably be the shortest ever
(22:36:01) ***dazo is looking careful at the "remove two lines" as it didn't 
apply so smoothly :/
(22:36:11) cron2: mattock: please remind me, is your track account "mattock" or 
(22:36:24) cron2: ah, samuli
(22:36:26) mattock: samuli
(22:36:52) cron2: mattock: I'll go and have a go at some of the open tickets 
for 2.3... so "next week" sounds good
(22:37:26) mattock: cron2: ok
(22:37:48) cron2: #745 needs looking-at with brains, and that should go into 
2.4 and 2.3.14 (bugfix)
(22:39:35) syzzer: mattock:  I'd like to check out cron2's 'poor-mans NCP 
patch' before 2.3.14, because that would be great to get out to users asap
(22:40:06) mattock: syzzer: so next week good for you too?
(22:40:16) cron2: syzzer: that is master/2.4 material, on the client side you 
just need the --setenv
(22:40:28) syzzer: cron2: oh, right.  nvm then :)
(22:40:52) cron2: (--cipher foo --setenv UV_WANT_CIPHER foo --push-peer-info  
-> server sets up "cipher foo" for that client instance)
(22:41:07) cron2: but it would be useful to have in 2.4 :)
(22:41:08) syzzer: patch is small enough to fit into the 'minor' category, so 
I'll focus on AUTH_FAILED first
(22:41:12) cron2: ok
(22:44:40) cron2: I'm calling it a day now... kids will wake me up early (and I 
think we all know what to do next :) )
(22:45:04) dazo: I'll have some updates to the git tree in a little while 
(22:45:10) cron2: cool
(22:45:35) mattock: yeah, let's call it a day
(22:45:39) mattock: wed is still doable
(22:47:02) syzzer: exciting times!
(22:47:29) dazo: cool! very thankful for wed :)
(22:53:45) mattock: ok, good night all!
Openvpn-devel mailing list

Reply via email to